The Secret Gradient Master Plan
It’s been over a year since I last provided an update on Gradient, and we’ve got a few things to share.
Almost two years ago, I presented a vision for redefining identity and authentication on the internet, where everything from cloud software (my bank’s online services) to simple edge devices (my home thermostat) can interact securely and privately by construction: a world where every interaction between devices, software, and users — for anything from cloud-scale compute workloads to the simplest data from a connected sensor — comes with cryptographic proof that users, devices, and software are authenticated, trustworthy, and authorized to act. We outlined taking a truly full stack approach - “silicon to cloud” - in which a cryptographic glue would link heterogeneous devices and software together into a seamless, intelligent Trust Fabric. Ultimately this Trust Fabric for Everything ConnectedTM will redefine how we compute, share, and consume data.
Ambitious? Maybe. A blank slate restart would have been the easiest technically, but Gradient isn’t composed of impractical idealists. We realized quickly that operating systems, hypervisors, containers, and particularly the silicon that powers it all form a collective ocean that can’t be boiled in one go.
That isn’t to say we didn’t think about it.
Today I’m sharing our master plan for realizing Gradient’s vision (h/t to you, Elon), and unveiling our first product along the route: Gradient’s enclaved Identity and Authentication as-a-Service (IDaaS), available as a cloud-hosted solution and, shortly, as a cloud / on-premises hybrid offering for those desiring it. We are excited to be demonstrating, at this week’s HPE Discover 2020, how Gradient's IDaaS framework projects hardware roots of trust to workloads, and federates identity and authentication across networks, as part of HPE's Cloud-Native Enterprise initiative.
Taking a step back - we believe the following: until the identity and trustworthiness of connected systems can be determined with certainty, devices and software will remain highly vulnerable to attack and require a costly patchwork of evolving defenses.
The basic connectivity fabric of the internet today relies upon 90s era technology -- digital certificates -- for identity and authentication. You are using a certificate every time you find an “https” in front of a url, whenever you connect to a bank, or read your email. But digital certificates, designed over 30 years ago, assumed a far simpler world than we have today. It was assumed that our devices could safely store these sensitive credentials for long periods of time, and the integrity of low-level firmware/software could be largely trusted blindly.
Today, one of the most common methods to breach an organization is to steal its certificates or just buy them on the black market. Now this is everyone’s problem: the chain of trust in the certificate itself is broken, leaving devices and software unable to establish identity and trustworthiness with certainty.
As a result, our networks, software, and devices are losing the creeping threat of vulnerabilities and breaches, despite >1000 cybersecurity vendors supplying solutions, and increasingly complex defenses.
To the point: 80% of U.S. businesses expected a critical breach or successful cyber-attack in 20191. Companies typically take 206 days to first identify a breach, require 73 more to contain it, and, ignoring reputational impact, an average company expends $4.45M for a malicious breach.
This problem extends beyond the trusted worlds of finance, governments, and healthcare, all the way to the seemingly innocuous, pervasive IoT devices we install without a second thought (think: smart light bulbs, thermostats, that baby monitor you just installed - and your state of the art, self-driving car). Whether via firmware vulnerabilities, device compromises, or poor security practices, the typical IoT device is attacked within five minutes of connecting to the internet – and targeted for specific exploits within 24 hours.2
The leading approach to address this amorphous concept of “trust” in users, devices, and software, is to initially assume we don’t have it. A so-called “Zero Trust” approach has emerged based on the realization that we can no longer assume humans, networks, devices, or software are trustworthy by default - whether problems arise via malice or incompetence. Instead, a Zero Trust model advocates for verification of the identity, for authentication, and for authorization of users, devices, and software. (We would add: it’s critical also for the verification of the integrity of devices and software.)
Over the last few years, inside some of the world’s most sophisticated tech companies, this Zero Trust model has been quietly gaining momentum. E.g. in 2017 Google announced their Titan project - deploying their own custom chip including a “silicon root of trust”, with the goal of ensuring that the servers behind Google Cloud Platform are always correctly constructed with legitimate firmware, etc. This device sits between the processor - running cloud-hosted workloads, virtual machines, and the like - and the physical world, and ensures that only authentic, permissioned firmware, OS, hypervisor, etc, are loaded onto the machine. Further, a silicon root of trust may ensure that the long-lived cryptographic keys - those bits of math that encrypt our lives - have neither leaked nor been tampered with.
Microsoft also announced their Azure Sphere project in 2018, which included the Pluton security subsystem to provide a silicon root of trust and enable similar user and developer protections. While less is known about Amazon’s Nitro product, we believe it philosophically aligns with us as well. Apple’s Secure Enclave Processor (SEP) is in over a billion devices (every iPhone 6 and later); their T2 security chip in every Macbook Pro since 2018.
This all sounds great, but what if you aren’t Google, Microsoft, Amazon or Apple? Or, what if you wanted to run workloads wherever you wanted, wherever it was cheapest, whether in one of these public clouds or on-premises servers? What if you wanted this level of protection from “edge to cloud”? Enter Gradient.
Gradient’s first mission is to democratize trust in devices and software. Today we are introducing our first product to realize this goal, which we call “Identity & Authentication as-a-Service” or Gradient IDaaS.
IDaaS enables developers and organizations to seamlessly anchor trusted identity and authentication credentials for software services down to the physical chipsets already in many devices today, and without changing how software services are built. Our solution natively integrates with containerized workloads (e.g. Kubernetes), virtual machines and bare metal, and even embedded deployments, providing a unified identity and authentication solution for the real world.
IDaaS achieves these capabilities by deploying to each endpoint a small client runtime that performs privacy preserving platform attestation, leveraging trusted hardware to securely store credentials (e.g. Trusted Platform Module), secure boot, etc., and communicates identity and authentication attributes between endpoints via standards-compatible digital certificates (X.509 certificates), which are inspectable to prove full certificate chain, while maintaining privacy.
This Trust Fabric is maintained by Gradient’s network of cloud-hosted, formally verified secure enclave processors.
By making trust portable and independently verifiable, any bit of software or device on the internet can establish confidence that the thing they are communicating with is trustworthy (authentic, correctly constructed). By maintaining compatibility with the most common digital credentials (X.509 certificates) and encryption standards (TLS protocol) in the world, Gradient credentials can be rolled out gradually in your organization. Gradient credentials are designed to be time-limited, automatically rotated, and revocable at scale, to enable an agile definition of trust without fear of causing service outages due to expired credentials.
We will be extending this world view from clouds, servers, and workstations today, to the thinnest edge of IoT devices, cars, etc. in short order. We will then go further, to extend Gradient’s identity and authentication framework to protect and democratize the use of our core enclaved device-level certificate authority technology to convey user identities. From banking and mission critical systems like cars, planes, and the power grid, to securing computation itself, if it communicates with the outside world, Gradient aims to help.
So, to summarize, Gradient’s plan is to:
Step 1: Deploy Gradient IDaaS to replace long-lived digital certificates for device and software identity and authentication with automatically managed credentials, rooted in the trusted hardware components that exist today, ensuring they cannot be compromised.
Step 2: Extend to the edge (IoT devices, cars, etc).
Step 3: Extend Gradient’s enclaved device-level Certificate Authority model to user identities.
Step 4: Use this planet-scale, zero-trust, composable infrastructure to make computing portable and data actionable.
IDaaS will be commercially available by the end of 2020 to end customers as well, and we’re engaging a small number of these today to collaborate on defining the future of device, software, and user identity (if you’d like to speak with our team about access, please click here or the "learn more" button below).
1 Trend Micro 2019 Cyber Risk Index survey, conducted by Ponemon
2 Netscout Threat Intelligence Report