Dave leads product development, IT and cloud operations functions at eOriginal. With 30 years of experience, he has a successful track record of building scalable IT infrastructures.
We spoke with Dave about asset protection throughout the digital lending process.
eO: First, is there a difference between a digital financial asset and a digital document?
DC: Yes, and I think it is a very important distinction. A digital financial asset is a proxy for the rights to something of real value. It could be a home or an automobile. These assets can be used to represent that value in lending finance transactions where the value of the underlying tangible asset is the critical element. Holders of the digital financial assets can transfer their interest to another party or they can use that interest as collateral in another financial transaction. A digital document doesn’t have intrinsic value, though it usually establishes the rights and obligations of the parties. That does not change if there is more than one of these signed digital documents. Each should be enforceable, but there is no financial ownership interest conveyed to third parties simply by transferring the digital document.
eO: Are data and asset protection the same? Why or why not?
DC: Data protection and digital asset protection are not the same. Data protection is about confidentiality or privacy, making sure that data are only accessible to the people that need to have access. Digital asset protection is much more than confidentiality, though confidentiality is one aspect of digital asset protection. Two key additional aspects of digital asset protection are data integrity and an audit trail. Data integrity provides assurance that the asset is immutable – it hasn’t changed from the time it was created until the time it is transferred. An audit trail ensures that everything that has ever happened to that digital asset is known. Whether that be someone has viewed the asset, it has been printed out for presentation in some legal proceeding, or whether ownership has changed. Everything is known about that digital asset. The audit trail should also be maintained with the same level of data integrity so that it, too, is immutable and trusted. The ownership is unquestioned as a result of the audit trail.
eO: How would you describe Digital Asset Certainty and why should it matter to a CTO?
DC: Digital Asset Certainty is the attribute of the digital asset that gives the receiver of the asset in a financial transaction the assurance that the asset is what the sender says it is. The digital asset is created and stored in such a way that when it is assigned to another party, that party can be sure that the asset is good. It matters to me because providing Digital Asset Certainty means that our customers are protected in their financial transactions.
eO: How does Digital Asset Certainty align with traditional IT vendor assessments in the categories of confidentiality, integrity, and availability?
DC: The protections that are put in place to ensure Digital Asset Certainty are perfectly aligned with traditional vendor assessments for confidentiality, integrity, and availability. If we take each of the categories individually, the things we do to provide Digital Asset Certainty are the same things we do for overall security of IT systems:
- Confidentiality – protecting data from unauthorized access
- Use of access controls (passwords, granular permissions schemes)
- Encryption of data at rest and in transit
- Policies and training for handling of asset
- Integrity – protection against unauthorized alteration and detection if it occurs
- Access permissions
- Separation of duties
- Digital Signatures
- Availability – ensuring that authorized users are able to access information when they need to
- Redundant infrastructure
- Malware protection
- Robust monitoring
eO: Would a content management system (CMS) be sufficient to store digital loan documents?
DC: If all you want is an information repository, then a CMS might be appropriate. But as we’ve said earlier, a digital loan document is an asset that can be transferred or otherwise utilized by the owner of the asset. It is impossible to leverage those digital assets without a purpose-built system, and a CMS is not purpose built for digital asset management, it is simply a repository.
eO: What’s the relationship between asset protection and compliance?
DC: By providing irrefutable proof of a document’s authenticity and systematically tracking all access, copying, and other uses through the use of encryption, hashing, digital signatures, access controls, and detailed audit trails, there is a guarantee of a digital asset’s acceptance from issuer’s legal counsels, counterparties, and entities evaluating secondary market transactions, like rating agencies.
eO: Any closing comments for an organization currently assessing the security of their digital loan workflow?
DC: I’d say look at how your digital assets are created, stored, and assigned. Are you using a purpose-built system that protects digital assets not just digital data? Can your system provide the assurance that the digital asset is exactly what it says it is, that it has not changed since it was created and that the ownership of the asset is unimpeachable?
Our product experts can help map out your transition into digital adoption: ask for a demo today.