The internet, as we know it today, is built on flawed architecture, it is bidirectional. Every online action – whether it be browsing, shopping, or socialising – comes at the risk of cyberattacks in the form of phishing, malware and vulnerability exploitation. This duality is a consequence of its bidirectional nature, you can get to the resources you want, but the unintended consequence is external resources and attackers can get to (and compromise) you. Being directly reachable is the very heart of the problem. This creates the need for a radical shift in how we connect, share and manage data within a cloud-first, AI-driven world.
Enter Network 2.0 and with it a unidirectional approach to connectivity based on Zero Trust principles, which can revolutionise security and data management. In such a model, users are treated as “objects” without an external presence and resources are pulled rather than pushed, granting full control over who they connect with or reject. This simple yet powerful shift can restore the internet’s original purpose as a platform for education and genuine information sharing, free from the interruptions of intrusive marketing or malicious actors. It is also a technology model we have seen before – some of us may still remember the telephone switchboard of days gone by and some of the first proxy based technology architectures.
A colleague of mine used to boast he had a zero trust mobile phone (the modern equivalent of a telephony switchboard). What he meant was that he had added context as part of the call screening processes. Only known contacts could call him. This meant that even if someone had access to his phone number the call would not connect. A modern equivalent on social media would be snapchat as an example. The relationship between a person and their snapchap account is a disconnected one, and is transitively shielded by an arbitrary user chosen username. Another snapchat user would have to know both the username and be a member of your allowed contacts in order to converse with you. A subtle shift. So why not do this for everything?
But what does this mean in practice?
A new era of connectivity and data sovereignty
At its core, Network 2.0 is designed to empower individuals with control over their digital interactions. This is known as connectivity sovereignty. By adopting principles similar to Zero Trust, users choose when and how to engage with others online. Any communication request requires explicit permission, effectively neutralising traditional threats like phishing. Wouldn’t it be nice to be able to trust our email again knowing it can only be pulled from a genuine source rather than pushed en-mass as part of a malicious campaign.
In order to be effective Network 2.0 must consider far more than a simple connectivity shift, it must also consider where data is stored. Currently data about us is not held by us. It is actually gathered, curated and largely distributed by and between large organisations. In a very practical way individuals have very little control over information about them. This has not gone unnoticed by governments across the world. In today’s geopolitically charged environment, governments are increasingly focused on data sovereignty. This recognises the need to regulate citizens’ data within national borders and protect it from external interference at scale.
Personal data is routinely surrendered to large corporations and stored in vast databases who we hope will adequately secure it. On the other hand, Network 2.0 treats personal data as exactly that, we keep it ourselves and only permit access to those who we need to see it, the fundamental difference however is that it never leaves our possession and is viewed when we allow it to be. Consider for a moment that when we visit a medical practitioner, we rely on them to store and recall information about us when we visit for an appointment – but why store it with them, they do not need the data in between appointments. History shows us that major stores of sensitive information are regularly targeted and compromised. They represent very attractive high value targets in consolidated quantities – but what if the data was no longer held at a macro level, but rather at the micro level.
This fundamentally changes our relationship with data, as companies need explicit consent to access personal information.
This shift can be visualised by breaking it down into a hierarchical model of data management:
- Data droplets: These are individual users who own and control their personal data through encrypted storage solutions.
- Data puddles: These droplets then aggregate into localised datasets that comply with regional regulations, minimising risk exposure.
- Data lakes: Larger datasets, used for analytical purposes, that combine puddles under strict controls, including anonymisation techniques.
This three-step segmentation not only adheres to regulations like the European Union’s General Data Protection Regulation (GDPR) and the AI Act but also mitigates the risks associated with centralised data storage.
Challenges and considerations
The transition to Network 2.0 undoubtedly has its challenges. For a start it will challenge the ability for companies to use direct marketing to our inbox or leverage datasets to analyse data about us as individuals. Arguably this would fundamentally change the financial relationship between companies and its consumers.
We have however seen seismic shifts in data accountability before, credit card handling is an example of one of them. PCI legislation forced organisations to surrender credit card information. At the time organisations could not imagine operating online without storing credit card information, but today those same organisations operate perfectly well and probably sigh a relief of no longer having the responsibility of keeping those information assets at all.
So why not do this for all PII information? Many organisations are still entrenched in legacy systems and decades old business processes, and it would be daunting convincing stakeholders of the need for change. True transformation requires continuous adaptation and every now and again the rule books have to be re-written. Legislation do play no small part in forcing some of these changes through.
In my view the adoption of a connectivity shift at the individual level is far more achievable in the short term than expecting organisations to surrender the data they hold about us. For now at least we must continue to rely on organisations doing a better job at protecting our data on our behalf. But the green shoots are appearing with organisations recognising security needs to play a greater role.
This requires cultural change within organisations – a process that is already happening. Network teams are increasingly reporting directly to security teams, rather than infrastructure teams. This signals that security is no longer an afterthought, but an integral part of the network strategy. Of course, implementing new technologies and architectures requires technical skills as well as a willingness to embrace change. Significant effort is required to train and upskill IT teams.
Steps for implementation
To make a successful transition to Network 2.0, organisations can take a number of practical steps:
1. Embrace Zero Trust: This foundational security framework, which mandates verification before granting access, forms the core of Network 2.0. Every user and device must be authenticated, regardless of location or network.
2. Champion data sovereignty: Implement solutions that allow individuals and organisations to control their data while ensuring compliance with evolving data sovereignty regulations. Technologies that enable data segmentation, secure sharing, and robust access controls are key.
3. Prioritise data classification: Not all data is equally sensitive. By categorising data based on its importance, organisations can apply tailored security measures to protect the most critical information.
4. Adopt a data blast radius approach: Strategically distributing data across multiple locations limits the impact of potential breaches. This approach, inspired by disaster recovery planning, minimises the risk associated with centralising data in a single location.
Reimagining a secure, user-centric digital ecosystem
The reason Network 2.0 is so exciting is that it’s so much more than a technological upgrade; it’s a fundamental redesign of the digital ecosystem. It can put us all in control of our digital lives and promote a safer internet by design, one that prioritises privacy, security and personal agency.
To get closer to this future, collaboration between business leaders, technologists and policymakers is essential. The journey to Network 2.0 may be complex, but the potential it offers – a safer, more resilient and user-centric digital world – is not only worth the effort, but will shape just how much control we have over our increasingly embedded technological environment.
