How to Use Attestation to Build Trust, Show Proof, and Protect Your Business

As part of Solutions Review’s Contributed Content Series—a collection of articles written by industry thought leaders in maturing software categories—Jon Geater, the co-founder and chief product officer at RKVST, explains how companies can use attestation to build resilience, make better business decisions, and move their business forward.

Would you eat a sandwich that you saw lying in the street? Would you fuel your car with gas that you found on the side of the road? Would you invest your hard-earned money in art if you lack a background? If you’re like most people in society today, your answers are probably no.  So, why would you trust your business to be digital or physical assets for which you lacked provenance? The answer, once again, is that you really shouldn’t.  

Here’s why and what you can do to improve the security and trustworthiness of your assets to make better decisions, build your organization’s resilience and move your business forward in today’s highly connected, data-driven world. 

Turn Raw Data Into Evidence 

Businesses today run on data, and there’s plenty of data to be had. Accenture says the world produces 5 exabytes daily, and we’re on course to create 463 exabytes of data per day by 2025. But raw data is not knowledge, and becoming a successful data-driven business entails more than just collecting and exchanging large volumes of data with your supply chain partners. 

You must verify the authenticity of that data and record how you did to ensure that you can trust and rely on the data long term. It’s important to know that the data will still be there, as verifiable as it is today, many months into the future so that you and your auditors can be convinced it’s the right digital fuel for your business. Driving critical business decisions from data requires actual evidence, including proof of an event and a verifiable chain of custody for data. 

Such evidence—or attestations—allows you to shift from a trust-but-verify to a verify-then-trust stance. This will better position you to discern whether the data or software received from a supply chain partner is reliable, has been tampered with, or is faulty due to an honest mistake. You’ll be less likely to be fooled by bad actors who do the data equivalent of triggering your fire alarm in an attempt to enter through the emergency doors. And you’ll be able to show auditors and insurers that you acted in good faith. 

Embrace Today’s Dynamism and Move Forward 

This leads us to the next logical question: How can I shift to the verify-then-trust approach?

First, stop relying on traditional perimeter security, which hinges on one-time identity verification at the perimeter of your business and typically doesn’t authenticate actual data at all. Remember that in today’s connected world, situations and security postures can change in the blink of an eye. Address this reality by verifying data and systems every time you use them, even if you are inside your perimeter and used those assets mere moments ago.

Now take a big step forward to build integrity, transparency, and trust in the supply chain by adopting attestation to prove the origin, provenance, and event history of digital and physical assets. Finally, add a robust security layer such as an append-only ledger or blockchain, and your attestations and evidence become practically tamper-proof and, therefore, highly reliable. 

Simplify and Open the Book on Your Ironclad Story 

You may have heard that implementing attestation solutions involves long, frustrating integration and onboarding. That’s true sometimes, but it doesn’t have to work that way. Avoid using complex, expensive, and manually-intensive solutions to verify that assets are what you think they are. Free yourself from these hassles by pursuing an as-a-service approach. 

Now make that evidence about your assets more widely available to more people. Understand that you don’t need to create special locked-down access policies to make that happen. Often, it’s better and easier to publish your provenance and data authenticity information for all to see. This doesn’t expose your actual data or secrets—the tech takes care of your privacy there—but it does allow anyone relying on the data to verify its authenticity in a single click or one line of code.  

Compared to earlier approaches to digital supply chain security, you can simplify the setup and configuration, and the technology will adapt as your partner networks and processes evolve. 

Pick Your Battles, But Suit Up Today 

There’s no way to make your business 100 percent bulletproof. But it’s essential to have control of your risk. And you shouldn’t necessarily attempt to attest all of your data and other assets at all times: all security involves trade-offs. But, in light of the growing software supply chain attacks, you will probably want to use attestation to verify the more critical data entering your business (such as software or safety-liable documentation) so you can better assess and address risk.  

You may want to consider using attestation to claim ownership of or prove the provenance of digital documents such as compliance forms, quality certificates, or shipping information. And you may find attestation valuable in helping teams understand the journeys of physical assets. Attestation can help you discover and prove who did what and when—and evidence is power.