The trouble with trust: why Copper embraces a Trustless architecture

’Zero Trust must be the de facto standard in today’s remote-working world’

Copper

When it comes to the relationship between a service provider and a client, trust should be sacrosanct. Yet, it is often disregarded and in some cases, abused outright.

In the event of a security breach, the cost of a mishap extends far beyond a painful financial loss (2020 average was £2.9m), leaving an indelible mark on brand reputation, and severing the cord of trust that ties the service provider and customer to each other.  

Each passing year seems to bring more challenges for CISOs. And the current shift to a hybrid world of work only compounds the risk that security beaches will amplify and become more invasive. 

With companies scrambling to update and re-evaluate their protection plans, the spotlight has recently landed on Zero-Trust architecture. 

What is Zero-Trust?

The Zero-Trust model helps mitigate and ultimately prevent data breaches by eliminating trust from an organisation’s network architecture.  

Rooted in the principle of ‘never trust, always verify,’ the concept was coined by John Kindervag, an analyst at Forrester Research back in 2010. Now, just over a decade later, the strategy is gaining ground among cybersecurity folk as a way of addressing the need for better controls. 

 In essence, a comprehensive Zero-Trust strategy is built on the following three pillars: 

  1. Ensuring that company resources are able to be accessed securely, irrespective of location. 
  2. Using and administering a ‘least privilege strategy’ that only grants a user access to the resources that are necessary for their role. 
  3. Monitoring all data traffic, being mindful that even those within the perimeter may abuse data. 

To achieve this, Zero-Trust draws on various technologies such as IAM, orchestration, analytics, encryption, scoring and file system permissions. Pairing with Multi-Factor Authentication (MFA) is also critical in elevating the security model without all the fuss of setting it up on several systems at once.  

Jake Rogers, Chief Information Security Officer at Copper, is a strong advocate of the Zero-Trust mindset – the assumption that any device or person is corrupted – to prevent confidential data or funds from being handed to malicious actors on a silver platter.  

“The goal for any CISCO or IT administrator is to keep global communication and business ticking along smoothly and securely. However, the plethora of technologies and tools that organisations have rushed to adopt this past year to help employees work remotely have only widened the potential attack surface.” 

“The sophisticated attacks we’ve been seeing in the crypto space, as well as outside of our industry (many involving compromised credentials), are a reminder that Zero-Trust must be the de facto standard in today’s remote-working world.”  

Rogers also highlights that Zero-Trust is not just a simple solution or add-on which can be integrated overnight: “At Copper, we have invested aggressively in administering a thorough Zero-Trust model in all aspects of our products and services.” 

One such product that takes a true Zero-Trust approach to granting access is Copper’s state-of-the-art Walled Garden solution, which creates a wall that surrounds the custodian and the exchanges on which the client trades. Inside the Walled Garden, crypto transfers can be made frequently, rapidly and safely. Moving crypto funds outside the Walled Garden, if ever needed, requires signatures of multiple independent parties for maximum safety.  

To afford wallet holders robust protection from potential security breaches, Copper also leverages MPC key-shard cryptography. MPC is a new technological solution with Zero-Trust architecture baked in. It is now widely recognised as the most practical means of securing confidential information and financial assets. 

Rogers commented: “We’re proud to have made a name for ourselves as industry leaders in securing user trust through Zero-Trust policies and 2FA. As the lines between corporate and personal continue to become increasingly blurred, only by embedding Zero-Trust into corporate infrastructure and ensuring adequate security training to employees is provided will organisations have a chance of ensuring they’re prepared for the challenges that lie ahead.”

Independent custody
connected to multiple exchanges
Our settlements and clearing service is backed by our award winning custody technology
We would like to use analytics cookies
to improve site experience.View policy