Time Series Compliance and Auditability

Compliance and Auditability

More often than not, the time series data collected on some systems start by simply being displayed on some dashboards looked at by some operational staff. But as more data are collected and the digital transformation of entities mature, new use cases emerge for those data coming from sensors. Among these use cases, using those data to prove to third parties, whether business partners or regulatory bodies, that some systems were in a certain state or were behaving in a certain manner is a very common one.

But as soon as you start using data to prove a point to external entities and that you are the one generating those data, you need to build trust. Building that trust relies on some basic principles means to ensure compliance and auditability. Those principles should be made possible by the time series solution you are using.

Access control

Controlling who can access your time series database is paramount. Most notably you need to ensure that only authorized applications and/or personnel are able to store data.

Warp 10 addresses this issue through the use of cryptographic tokens which control precisely what Geo Time Series™ can be updated with data. Issues token have a mandatory time to live after which they are no longer accepted by the time series database. They also contain attributes which control what they can be used for, a token which can write data might be refused for data deletion or metadata modifications for example. Write tokens also contain forced values for some labels attached to the Geo Time Series they can update, therefore no GTS with other values for those labels can be modified.

Integrity protection

In order to protect the integrity of the data, credentials to push new data to the database should not be valid for modifying data, or modifications should be banned altogether.

Modifications can be two fold, it can be an actual tampering of past data, either erroneously or intentionally, or it can be data deletion. Both cases are problematic as they alter the reality of the state or chronology of the system under supervision. Storing data too far in the future is a less common source of integrity violation but should be considered a possible risk.

In order to prevent such events, Warp 10 has introduced mechanisms to limit how far in the past and in the future a given write token is able to write data. This makes it possible to limit the datapoints which can be pushed to the time series database to those whose timestamps fall within a defined window around the current time. This ensures that no modifications can be performed to data after a given delay. By also disabling deletions one can ensure that data will not be tampered with after this delay.

Accidental data modifications can still occur, due to hardware failures or cosmic rays for example. Protection against such events should be taken care of with planned archival and backups of your data jointly with use of the authenticity guarantee mechanisms described below.

Authenticity assurance

Protecting against data modifications is one step towards the building of trust, but being able to prove that the integrity of your data was not breached in any way is the ultimate goal. This guarantee can be brought by the use of complex cryptographic approaches, but such complexity adds failure and fraud opportunities which should not be overlooked.

SenX™, the company building Warp 10™, has developed an extension which allows the creation of proofs of data existence. This extension creates opportunities for public scrutiny of data fingerprints by anchoring those fingerprints to the distributed public bitcoin blockchain. Such fingerprints can be computed on a gold standard version of time series data thus attaching the state of such version forever to the public blockchain. Should integrity of the stored data be proved, the fingerprint of the time chunk which was sealed into the blockchain can be recomputed and compared with the one anchored.

This commercial extension is unique in the world of time series databases, making Warp 10 the first and only time series database with data integrity mechanisms backed by the bitcoin blockchain.

Use cases

There are many time series use cases which require a high level of trust. Here are a few select ones from different industries.

In case of outages, IT platform SLAs are often disputed by parties. Defining clear SLAs based on specific metrics which are collected on the systems under SLA makes the process more objective as the SLA is determined by analysis of those metrics. But in order to add trust to this objectivity the integrity of the said metrics should be guaranteed using a mechanism such as the one described above.

It has been proved that a good hand hygiene by medical staff can greatly reduce the risk of infection in hospitals. While this is known by all medical staff, sometimes fatigue or stress can lead to reduced hand washing time thus increasing risks of contamination. In order to ensure that hand hygiene is performed correctly, monitoring systems are being deployed which track the use of hygiene products and water and sometimes track the id of the medical staff currently washing hands. Such data can serve to prove that hand hygiene was correctly carried out, but the veracity of that data should be guaranteed by creating digital proofs of their values.

Lastly, noise is more and more becoming an issue which has led to regulations being put in place to attempt to reduce the exposition of people to extreme noise. This process relies on sensors measuring the noise levels around construction zones or industrial sites. Such measurements should be authenticated by the use of the anchoring mechanism provided by the SenX extension to the Warp 10 platform.

Takeaways

Choosing a time series database and platform for your IoT projects should not be done solely on the visual appeal of the accompanying UIs. What matters most is the ability of the solution to perform, scale and provide legal protection on top of operational features.

To date Warp 10 is the world only time series database with protection against data tampering and modification and with included support for verifiable proofs of authenticity backed by the bitcoin blockchain.

If you are doing business in an environment where compliance is not a nice to have but a must have or you simply want to reduce your overall risk of legal battles, Warp 10 is the solution of choice. For further infos please contact sales@senx.io.

Share