The Three Mountains

The Three Pillars of Secure Critical Processes

First mountains are mountains, rivers are rivers. Then rivers are not rivers, mountains are not mountains. Then rivers are rivers and mountains and mountains again. But the third mountain is not the same as the first mountain. -- Zen saying

Firewalls and access control systems secure a system against external attacks by ensuring that only authorized persons can access them. These methods are an example of security from the outside. However, they do not guarantee the honesty of the persons who are authorized to access the system. Honesty is security from the inside.

Guaranteeing honesty is the central requirement of being a source of trust. In order to accomplish this, the technology behind a source of trust should ensure the integrity of all the processes in which the source of trust is involved. Proof of Process is the name of that technology.

If sources of trust are able to establish the integrity of all of their processes in a demonstrable fashion for its stakeholders, then it represents a major leap from trust in institutions to trust in technology. Finally we can have systems which are secure from the outside as well as from the inside.

First there was security from the outside, then there was security from the inside, and now there is security throughout.