Decoupling authority, so a breach leaves nothing for hackers to find.
The real culprit: authority
In Part 1, we explored how trust isn’t the core issue in cybersecurity — it’s authority and the way we’re resigned to trusting someone or something with it.
Authority, in the digital world, is the power to grant access, approve actions, or enforce rules within a system. It’s what lets someone — or something — open the door to sensitive data, change configurations, or allow an operation to run. Whether it’s an admin with elevated privileges, an IAM system managing permissions, or a cryptographic key that decrypts sensitive data, authority is the ultimate gatekeeper.
Even in systems with comprehensive Zero Trust architectures, we still rely on centralized points of authority, making them prime targets for hackers. If you’re a developer, you’ve likely heard the saying, “A breach isn’t a matter of if, but when.” It could be from something as minor as a misconfigured setting in your cloud infrastructure, a compromised component in your software stack, a phishing attack on an administrator, or a sophisticated zero day vulnerability exploited by state actors — Just to name a few.
The losing game of whack-a-mole that is cybersecurity, means that as long as authority exists somewhere in the system, when it’s exposed, it can bring down even the most secure platform.
“Respect my authoritah!”
As platform developers, you probably don’t wake up worrying about authority. But authority is at the heart of many of the security challenges we face today, and we’re doing a terrible job of managing it.
To understand it, consider this famous myth of the Middle Ages: Chastity belts! Knights heading off to the Crusades didn’t trust their wives to stay faithful, so, these contraptions gave them the guarantee that by holding its key, they’re wielding the ultimate authority. No trust needed!
Fast forward to today: you pull up to a Michelin-star restaurant in your brand-new Ferrari. You apprehensively hand your keys to the valet, thinking what you’d do with that car if the situation was reversed. But thanks to valet protection mode, you’ve throttled the speed and range, stripping away their authority to do anything more than park your car — no joyrides today!
In both cases, authority defines the level of trust required. The knight didn’t need to trust anyone because he held the key. You don’t need to trust the valet once their ability to misuse your car is removed. By stripping away authority, you also remove the risk.
Now let’s jump to a more common scenario: picking up prescription meds. You get a prescription from your doctor (an authorization), and the pharmacist checks it and your ID before handing over the medication (authentication). But who really holds the power here? It’s not the doctor — it’s the pharmacist. They have the key to the medicine cabinet, and if someone else — say, their delinquent 16-year-old kid — gets that key, they become the king of the cabinet (and probably the most popular kid in school). It doesn’t matter what the doctor says; that kid now has the real, explicit authority.
Implied vs. Explicit authority
This distinction between implied authority (the doctor’s prescription) and explicit authority (the person holding the keys) is crucial to understanding why cybersecurity often fails. In modern systems, we assume that those in charge of issuing credentials, managing permissions, or maintaining admin privileges are the ultimate authority, but those are merely agents of implied authority. Something down the line with the explicit authority will need to render judgement after checking those permissions to either honor it or not. Let’s say you’ve got an Identity and Access Management (IAM) system like Microsoft Entra or Okta. Great! You’ve implemented role-based access control (RBAC), multi-factor authentication (MFA), and anomaly detection. But at the end of the day, the IAM still holds god-like power over the system. A misstep by an admin, a compromised credential, or a malicious insider will render all your security measures useless.
In reality, explicit authority — the power to open a file or present sensitive content — is often scattered across the system, hidden in plain sight, waiting helplessly for a hacker (or insider) to exploit the implicit authority providing the directives.
In today’s systems, authority always sits somewhere, on something, with someone controlling it. This is where the real threat lies.
I specifically used an example with a 16-year-old kid in my pharmacist analogy earlier to take you to my next point. In 2021, some of the biggest, most secure and well-resourced technology companies in the world were rocked by devastating cyber breaches. Losing some of their most valuable IP to a ransomware gang led by just such a 16-year-old living with his mom. He didn’t use fancy technology or advanced hacking skills. Instead, he went straight for the sources of authority. He simply bought access credentials from employees that willingly handed it over. All that was needed to steal the crown jewels was the access rights of a sufficiently privileged employee — and it was game over for cybersecurity.
This threat of authority abuse is a fundamental flaw that undermines every digital platform, no matter how secure it appears.
The fatal flaw of authority in Zero Trust today
Zero Trust aims to mitigate risk with the mantra, “Never trust, always verify.” But let’s be honest, our best implementation of this approach is more like “Never trust anyone or anything (except if it’s us or our things).” The problem? We still blindly trust the systems responsible for upholding Zero Trust principles, the IAM system that manages access, or the root certificates that authorize users — these elements hold immense power. Once compromised, all bets are off.
It’s like handing your car to a valet with valet protection mode on, feeling secure — until the valet’s buddy at Mercedes tech support disables it remotely and goes full Ferris Bueller on your car. If that trust is misplaced, it doesn’t matter how strong your security measures are — all unravels once authority is compromised.
We’ve essentially concentrated trust into the very systems that are supposed to be trustless. If breaches are ‘a matter of when, not if,’ why doesn’t that apply to the core systems we now trust to protect us? The answer is probably because there were just no other alternatives. Until now.
Ensuring security isn’t your problem
Let’s visualize the worry-free future you need. You’re a developer, not a security analyst. You should develop tech, build platforms, and deliver features. You shouldn’t have to worry about rogue admins or compromised IAMs. You shouldn’t lose sleep over the possibility that a dodgy line of code or a phishing email could see you featured in TechCrunch for all the wrong reasons.
Even if your platform gets breached, no one should be able to access critical data because no one — not your IAM system, not your vendors, not even you — should hold the ultimate authority to unlock it. Attackers might break through every layer of the Zero Trust stack, but it won’t matter because there’s no single point of failure.
This is the utopia we’re after: a world where developers focus on building without the burden of overhanded DevSecOps and technical debt, and without constantly worrying about how secure every single system is. A world where compliance with regulations like GDPR shifts from a box-ticking exercise into a built-in feature of the architecture. And it starts with decoupling authority from the systems and people who currently wield it.
Evolution needs a leap: beyond physical security
Right now, we treat digital security like it’s just an extension of physical security — a blueprint naturally evolving over the past 300,000 years. We build walls (firewalls), install surveillance (monitoring systems), and place guards (IAMs). But here’s the thing — digital systems aren’t bound by the same constraints as physical ones. In the physical world, someone has to hold the keys. In the digital world, they don’t.
The solution to our authority problem isn’t to shift trust around or to build better IAM systems. It’s to rethink how we handle authority entirely. We need a system where no single person or entity has the power to abuse authority because no one ever fully holds it.
Decoupling authority: a glimpse into the future
So, where do we put this authority once we’ve decoupled it from systems and admins? How do we remove the need to blindly trust anyone or anything?
This is where things get exciting. In Part 3, we’ll dive into a concept inspired by nature itself: Swarm Intelligence. Think of ants. Individually they’re basic creatures performing menial jobs. Squash any one and it poses no threat to the colony. But as a colony, they achieve incredible feats. Applying this same concept by decentralizing authority can provide a new model for cybersecurity.
Next, we’ll explore how a network of organizations can protect each other, much like a colony of ants or a swarm of bees. Get ready for the future of security — where authority is out of everyone’s reach.
Original op-ed published here.
Authors:
This 5-part series outlining the worry-free future of cybersecurity for platform developers is an adaptation of Tide Foundation Co-Founders Michael Loewy and Yuval Hertzog’s keynote at ACM SIGCOMM 2024
Michael Loewy is a Co-Founder of Tide Foundation and serves on the advisory board of the Children’s Medical Research Institute.
Yuval Hertzog is a Co-Founder of Tide Foundation and one of the inventors of VoIP.
Series shortcuts:
- Part 1: It’s time to rethink cybersecurity for platform developers
- Part 2: It’s cybersecurity’s kryptonite: Why are you still holding it?
- Part 3: How nature holds the key to cybersecurity’s future — [COMING SOON]
Top comments (0)