We need to start with a foundation that is actually secure, and then build tools the rest of use can actually use

We wrote in our last blog – The System is Blinking Red – about all the clear and obvious signs pointing to a new era of massive cyber attacks, and that what we are doing currently to defend ourselves is not working. It was precisely this understanding that brought our Co-Founder, Dave Rand, out of retirement to create and build Faction Networks. Instead of continuing to just keep layering active measures on top of a foundation that is fundamentally flawed and vulnerable, we need a totally new approach.

These are our 3 mantras – or principles – in building that new approach.

1. Get off the Internet: It is NOT Safe

No system, server, device, machine – NOTHING – that is connected and accessible via Internet Protocol can be defended. Period. It turns out that connecting everything to everything was NOT a good idea. Why? Because:

1. The Internet was designed and meant to be decentralized, but business imperatives drove it to become massively centralized. So, there is always some centralized server, authority, human or now AI, that can and will be compromised.
2. With Internet Protocol, everything is visible for study and attack. If you think of your organizations digital presence as a house, the attacker can study it, your habits, know when you are not watching and find the back doors and windows that are unlocked or easy to pry open. But these attackers are fully automated and relentless. They will ALWAYS find the weakness if sufficiently motivated.
3. All of the smart, dumb and legacy devices we are connecting to the Internet cannot be protected by current approaches. VPNs and firewalls offer only marginal protection! If you don’t believe that, then read some of the articles linked in our last blog – just the latest in the constant drumbeat. SDNs (Software Defined Networks) which use ZTNA (Zero Trust Networking Architecture) are much more secure, but still have centralized vulnerabilities and have proven to be far too complex and costly for average users and SMBs.

Unlike VPNs and SDNs, Faction Personal Private Networks and Virtual Private Circuits actually get your servers, systems, devices, machines – everything that is critical to your business or life – OFF the Internet. How?

1. Faction Networks are totally decentralized. There are NO cloud vulnerabilities. Neither Faction Communications nor any one else can be hacked to get into your network.
2. Faction Networks are Invisible and Inaccessible to the Internet. With Faction Protocol: It is impossible to see, route to or connect to a Faction Network until invited and authenticated by the Faction owner.
3. Faction Networks are impervious to spoofing, phishing and all the other Cloud-based hacks. This is because we employ a zero trust, out-of-band, human-to-human authentication method.

Breaking news: when you take things off the Internet, securing them becomes far easier! But, you may ask, what about the things I NEED to connect to over the Internet? You can do all that with Faction Networks, but securely, and with your direct control. That brings us to principle #2.

2. Bring Your Own Keys (BYOK)

As Wikipedia puts it:

Bring your own encryption (BYOE), also known as bring your own key (BYOK), is a cloud computing security marketing model that aims to help cloud service customers use their own encryption software and manage their own encryption keys.[1] BYOE allows cloud service customers to use a virtual example of their own encryption software together with the business applications they are hosting in the cloud in order to encrypt their data.[2] The business applications hosted are then set up so that all their data will be processed by the encryption software, which then writes the ciphertext version of the data onto the cloud service provider’s physical data store, and readily decrypts ciphertext data upon retrieval requests.[3] This gives the enterprise the perceived control of its own keys and producing its own master key by relying on its own internal hardware security modules (HSM) that are then transmitted to the HSM within the cloud. Data owners may believe their data is secured because the master key lies in the enterprise’s HSM and not that of the cloud service provider.[4]

Wikipedia: Bring your own encryption

You will note that they say this gives customers “the perception” of controlling their own keys and “believe that their data is secured”. While we agree, we will leave that argument for another day!

The key point, however, is that BYOK is simply unavailable today for Consumers and SMBs. It is only available to very large customers – Enterprise, Government, and so on. If we expect to fix the problem of data and network security, this has to change. Today, its as if you are being told to keep the keys to your business, office, factory, medical devices (you fill in the blank ___________ ) in a cubby hole in the Town Hall, where anybody who knows where to look can get them. Seriously?! Yes, seriously. Nobody would do that if they knew that is what is actually going on.

Faction Networks are founded and built entirely upon the principle of BYOK. Only YOU, the network owner, create, control and store the keys that enable access to:

• your Faction Network;
• your data; and
• your devices – which are connected securely to your Faction Network and OFF the Internet with a Faction Pod.

And, as it should be, you can and should only give keys to people that you trust, and need to have them! No hidden cubby holes in the Cloud! You can easily “segment” access (the fancy term used with SDNs) things in the network with groups. Nobody can or should have access to everything – not even the network owner by default at least!

The Faction Key Factory leverages your Faction Network to power our Data Security suite of tools. Since you have a totally secure infrastructure for creating, managing and distributing private AES 256 keys, we can make data encryption – end-to-end, at all times on endpoints and in the cloud – automatic and effortless.

3. K.I.S.S. = Keep It Simple Security

With those two foundational building blocks, Faction can the deliver the third and most crucial one: making fundamentally sound and private cybersecurity for networking, devices and data accessible to everyone, and easy to use – so people can use it!

While you certainly can use an MSP or an IT person to help, Faction Networks are designed to be so simple that anyone with basic computer skills can use them. There are no firewalls, no configuration, no elaborate workflows – none of the steps and pain that come with VPNs and SDNs. You just install the app, create a network in seconds, and scan a QR code to invite and authenticate members. Then you have:

• Faction Network Owners. These are like your typical admin.
• Faction Groups and Group Managers. Where each private group has its own keys created and controlled by that Group Manager.
• Faction Members.
• Faction Pods. Which secure access to all those other devices in our lives that today are feebly protected by VPNs and firewalls, or not at all.

In Faction Networks, either you have the keys or you don’t. If you have been given the keys to a network and private groups, then you can access it and whatever members and devices are in it. If you have not been given the keys, you can neither see nor join it. That’s it: simple.

Is All This Really Possible?

Yep. What it takes more than anything is a change in mindset. We’ve been conditioned and sold to trust the Cloud, and the mantra that all we need is MORE cloud tools, more layers and more humans and AI to defend it.

Faction Networks got started because Dave (Rand, our Co-Founder) was one of those Cloud lords! He co-founded AboveNet, one of the last Tier 1 Internet Services providers, and merged with MetroMedia Fiber and took it public, and then proceeded to lay about 250,000 miles of the fiber that is the backbone of the Internet today. So, we are not “against” the Cloud. Cloud infrastructure is very useful – for always-on access, scalability, robustness, back-up & recovery and much more. But it simply cannot be trusted. Ever.

Faction Networks changes the paradigm and enables K.I.S.S. by going back to the foundation of actually securing networking, and then building up from there a simple but comprehensive tool set to protect our connections, devices and data.