Storage firm Guardtime relies on maths for transparent data security

Estonian storage company Guardtime claims its security technology makes data more transparent, but will it be embraced by Europe?

To truly have transparent and trustworthy data is a goal for many organisations, both public and private. Be it for initiatives to work out trends or for regulatory purposes, it can cost companies a lot to get the right hardware in place, as well as having to put trust into systems administrators who look after the data.

But Guardtime believes there is a new way that slashes the price tag and enables the paranoid to be more secure in the data they have.

The company’s key technology is called keyless signature infrastructure or KSI. The idea behind it is to enable data to have hash values as it would in other storage systems, but through using pure mathematics, disable them for being tampered with.

Each time a systems log takes a snapshot of data, those pieces of data are given a hash value. These hash values are then brought together in a tree structure, where each step of the way you can see the unique identifier, proving it has not been altered – else it would be given a new value.

All of these converged values are then moved up into a calendar where, again, by knowing your original hash value and which direction it has moved to merge with others, you can still pick out the unique number and see it has not been interfered with.

Once a month, Guardtime publishes a hash value of all these data pieces being brought together and even at this very high level, you are still able to work backwards and track your piece of data to check it has remained in the same pattern and has not been altered along the way.

The technology is all open source, meaning anyone can go and check the maths for themselves. So, although the system is relatively simple, the implications are huge. For example, if a government releases figures on its citizens to try and prove a political point, it cannot mess with the data, as anyone can check its accuracy through this system.

Mike Gault, CEO at Guardtime, said it could be the key to offering “an attributable internet” and bring “strong civil society benefits” through the additional transparency and ability to prevent fraud.

The Estonian government – which is already very digitally strong with its cyber security establishments – is using KSI. In two weeks, when the European Commission meets in Estonia to discuss technological issues, Guardtime hopes to present Neelie Kroes, commissioner for the digital agenda, with the system and encourage other governments to consider it.

Partners are of course key and Guardtime is already teaming up with Telefonica Digital in Europe – headquartered in London – to offer the system as a feature of the telecom company’s cloud offering.

But the Estonian company won’t be setting up shop independently in Europe anytime soon, preferring to work through the partner model and letting the system speak for itself, rather than going out directly to prove it to anyone.

Whether governments across Europe will be keen on this level of transparency remains to be seen, but going from a company with revenues of $20,000 in 2011 to now expecting results of closer to $5m this year, Guardtime looks like a business and a technology to watch.

Read more on Data protection regulations and compliance