Digital transformation in enterprises serves as a catalyst for revenue growth and provides a competitive advantage against peers. According to the International Data Corporation, digitally transformed organizations are projected to contribute to more than half of global GDP by 2023, accounting for $53.3 trillion. Despite the demand for digital service offerings, no industry undergoing digitization is immune to the consequences of the Digital Business Trilemma: Only two of three characteristics can be met at the same time for all participating digital service consumers and providers:
Since decentralization is invariably increasing exponentially – approx. 15 billion connected Things in 2022 (doubling every 3 years) – the vulnerability of digital business activities will increase as well as their number, and, therefore, attack vectors will grow exponentially. This rapid growth in interconnected devices leads to an ever expanding decentralized network landscape as enterprises now rely on numerous devices outside of the traditional enterprise network perimeter to provide digital services. The use of distributed resources, made more complicated with inter-enterprise collaboration, present new security challenges for securing networks and protecting sensitive data, as attackers have more potential entry points to exploit, and is further discussed here. To address this, enterprises need to decentralize their own networks into subnets and reduce their attack surface by focusing on smaller trust boundaries. Smaller trust boundaries must be placed between devices and the resources they are accessing, so as to ensure no entity has access to any unauthorized peripheral resource through prior clearance to another. This approach optimizes performance and security in those subnets to keep their customers happy. However, we also see:
- Regulatory pressure on cyber security: Nation-states are starting to mandate more stringent cyber security frameworks as encapsulated by the US Government’s Executive Order to mandate a new cybersecurity framework called Zero Trust.
- Regulatory pressure on data privacy: Regulatory enforcement actions are increasing, particularly in Europe, lawsuits are crossing jurisdictional boundaries e.g. US-based companies being successfully sued in Europe, and new privacy laws are being enacted such as 5 US states creating new GDPR-like data privacy laws in 2022.
This puts enterprises in a significant quandary because every enterprise must be able to do several things together:
- Authenticate and authorize every other participant for every single digital business interaction at all times,
- Prove and verify the authenticity, integrity, and correctness of every digital service transaction, and its associated supply chain of prior digital transactions informing and triggering said digital service transaction,
- Minimize the exchange of sensitive data in a digital service transaction, ideally to zero – zero-knowledge
These three critical requirements can be summarized as Multiparty Zero Trust under Zero Knowledge (MZTZK). Put simply, a zero trust network architecture secures interactions at the expanding, decentralized perimeters of networks where trustworthiness is uncertain. This ensures no device can act without prior authentication and authorization within carefully defined access policies. Concurrently, zero knowledge cryptography undeniably proves the trustworthiness of each device during digital interactions, while minimizing the exchange of sensitive data between them with zk proofs, ensuring data privacy compliance. This means that frameworks and standards that enable the implementation of MZTZK solutions represent a significant opportunity for enterprises to reduce compliance costs while reducing risk and opening up new monetization opportunities, and being regulatory compliant in a verifiable manner based on global MZTZK standards.
The first global MZTZK standard is the Baseline Protocol.
Why is Telecommunications Special?
While the telecom industry is facing the same regulatory and Digital Trilemma issues as any other industry, it is historically in a better position than many other industries to act on the MZTZK requirements. Multi-party collaboration (MPC), composed of multiple service providers, is a hallmark of the telecom industry. A common telecom MPC example is connecting two offices of the same company with one another. Connecting the New York office to its Singapore counterpart cannot be done by a single service provider. For such a distance, typically three or more service providers are required to enable the connection as data passes through the network from the local provider in Singapore through one or two wholesale service providers, to a local provider in New York such as AT&T. If there are additional services integrated such as cybersecurity in the form of Secure Access Service Edge (SASE), even more companies are involved in the delivery of such a secure data service between a Singapore and a New York office. That means that all the service providers in this digital data and service supply chain need to collaborate and coordinate to deliver a secure data service across multiple networks.
Given this ingrained need for collaboration, it is not surprising that the telecom industry has already started to create industry standards around Multi-party Zero Trust – see the Metro Ethernet Forum (MEF) 118 standard – and Multi-party coordination under Zero-Knowledge – see the MEF 114 standard. In fact, if one squints a bit, one realizes that implementation option 1 in MEF 114 is in fact a Baseline Protocol implementation pattern. Hence, one can state that MEF has already embarked on an MZTZK journey.
In fact, MEF’s LSO Blockchain program in connection with the MEF Showcase at its quarterly membership meeting is focusing on many MZTZK use cases with the involvement of some of the largest telecom service providers in the world – from quoting and ordering between multiple service providers – in fact, organized through a Web3 DAO – to trusted location services. These use cases focus on the implementation of MEF 114 with MEF 118. ConsenSys Mesh’s Enterprise ZK team has been advising and assisting MEF with its LSO Blockchain use cases, and is working with use case participants to understand and implement these MZTZK use cases using the Baseline Protocol pattern and the requirements of its standard implemented on Web3 technologies such as privacy-preserving Layer 2 scaling solutions and the ITN rightsized for enterprises.
Furthermore, the collaboration of MEF with other standards organizations such as the Mobility Open Blockchain Initiative (MOBI) and the American Association of Insurance Services (AAIS) through the Integrated Trust Network (ITN) as a Zero Trust enabler shows the lead the telecom industry is taking, and not alone but rather in collaboration with other industries.
The telecom industry is taking this cross-industry collaboration one step further in its MEF Showcase with the Sound Eye project where telecom service providers deliver trusted zero-knowledge location services to non-telco ecosystems such as finance and insurance using the Baseline Protocol pattern and the requirement of its standard – MZTZK. Meshs’s Enterprise ZK team has developed the open-source zero-knowledge proof circuits in collaboration with MOBI used in this project and continues to advise the participants on implementation options that implement the Baseline Protocol Standard.
This is just the beginning of the collaborative journey of the telecom industry into MZTZK. Given the current efforts within the telecom industry, it is safe to say that while early, the adoption of the Baseline Protocol pattern as MZTZK is well on its way, and is poised to only accelerate from here on out.