The hydra is a mythical Greek serpent that controls the entrance to the underworld. In the consequential world of access to data lakes, sensitive control points and site security, the hydra is a powerful metaphor. Data security in transmission and data management for multi-user, multi-device environments requires a fluid perspective.
When you scale an IoT deployment every device is spitting out time-series data, telemetry, logs, and control signals, often (but, not always) to a single backend. The challenge isn’t just securing a firehose of data, but ensuring each user gets what they should. At the transmission layer, the primary issue is man-in-the-middle (MITM) attacks and data integrity. It is a tricky balancing act in software, but in real world complex environments with significant consequences, it becomes a dangerous dance.
In this post we will stay away from technical jargon and focus on practicalities. Sending all data to the cloud isn’t practical at scale. Edge computing helps by processing (and encrypting) data locally. Zero trust is something you have seen, but not given too much attention to. It is why your Gmail asks you to verify across devices, why many companies ask for two, and and are pitching three, factor identification. The core principle assumes every device, user, and connection is potentially compromised, until verified in real-time. There is a cost/benefit analysis in the friction this causes which pits usability directly against security (entropy).
The same philosophy extends across machine to machine communication into behavior based access controls (BBAC). BBAC contrasts to role based access controls (RBAC) or activity based (ABAC) which are static access pass based on “role” or “activity” type. You have probably already seen this on social channels, when certain topics or behaviors are flagged automatically and access is removed in real-time. It would not be possible for human moderators to scan an entire network in this way.
Google’s own internal systems use Zero Trust principles—no employee or device is automatically trusted, even if they’re inside Google’s network. Every request is verified dynamically. In a twist of fate, lessons learned from human interaction are guiding communication between machines too. CAPTCHA for machines.
Within large international organizations that deal with massive qualities of data, the core principles are very similar to a large scale IoT deployments, which deal with massive amounts of data in real-time, segmented to multiple use cases. Strategic thinking and a focus on multiple points of attack meant that Hercules (strength), a great hero, needed the assistance of his charioteer (mobility) to defeat a mighty hydra.
