Security has always been about finding the right balance between safety and accessibility. On one extreme, there is the locked vault full of gold, the key hidden away and never used. On the other side, there are fully liquid assets flowing through markets on a daily basis. For crypto, there’s an even more sensitive balance to have the best of both worlds. Further, for an industry worth many billions, the infrastructure and security aspects are relatively brand new.
With so much on the line, and with the intense pressure to keep assets equally secure and accessible, it’s not surprising that the biggest innovations are being developed by top security firms. A publicly-traded company, Prosegur, which manages over $400 billion in assets, is at the forefront of this conversation. Below, Prosegur Crypto CEO, Raimundo Castilla, shares insights into institutional security and holistic safety climate.
1. Security has always been on the mind of crypto people around the world. What was the main factor that ultimately led to the creation of the CryptoBunker?
Security is and will continue to be a critical issue in the Crypto environment, so therefore we must be constantly vigilant to avoid known threats and anticipate those that may arise. The rewards for hackers can be very high in this environment. They do not hesitate to invest huge amounts of resources to find new ways to access crypto assets fraudulently.
For the institutional environment, it is necessary to have a top-level crypto asset protection model, which allows them to forget about security—and to focus on the core of their business. The Crypto bunker has been created to respond to this need, and we’ve clearly shown that trying to improperly access the funds in our custody is a waste of time. For our clients, it means the peace of mind knowing that their funds are in the best hands while they benefit from a comprehensive service that fits their needs.
2. What is the most important aspect about using the technology involved in this Vault, in comparison to what has been done until now?
Our solution is based on the 360º inaccessibility concept. This means that there are more than 100 protection measures that take into account all the risks around the custody chain, from start to finish. In addition, it means that the environment is 100% cold and therefore inaccessible both in terms of cybersecurity and physical protection to avoid fraud or internal theft. This comprehensive security model with a complete solution in the hands of a single supplier is novel and differential both in terms of protection and service. In this sense, we can provide maximum transactional agility—despite operating in a cold environment — and our clients can benefit from the profitability of Defi services for their assets under custody.
3. Do you think Financial Institutions and Exchanges around the world have an urgent need to increase the security in the crypto services they offer to their clients?
The security model is a key piece in the Crypto environment. Therefore, it should not be something that institutions, exchanges, or any other corporate operator should leave for later. There is a certain tendency to prioritize aspects such as the customer proposal or the regulatory fit. However, the security model must be one of the first decisions as it is at the center of any service model. They should also aspire to initially integrate a top-level security solution that does not jeopardize their proposals but instead adds value to their customers.
4. How will the crypto industry change in years to come regarding security? What has to change in your opinion?
There are several lines in which safety can and should develop in the future. Most of the solutions on the market today focus on cybersecurity solutions based on cloud technology, which provides advantages in terms of usability but disadvantages in terms of security.
For example, things that are not cold storage with clear attack vectors are often called “cold storage.” The truly cold environment is still the safest formula by default, although it has the downside of agility given the access and automation restrictions. Working in the agility of cold environments, as we are doing at Prosegur Crypto, is part of the future of security in the industry. However, this work in the sector must also go through optimizing the protection of the protocols of the cloud environment.
Physical security is today the weakest part of the chain of custody, given the infrastructure and access it requires. Nevertheless, in our opinion it will continue to develop even though it is out of the customer’s sight.
5. Why do you think it’s important for companies to delegate security matters to an external company?
Outsourcing security to a specialist provider brings many advantages, especially in the investment and trust aspects. On the one hand, it not only allows access to top-level security without making a huge investment in technology and infrastructure, but it would be really tough for people to develop the physical, technical, and knowledge capacities that the implementation and maintenance of an effective solution requires.
Some operators that have attempted to implement their custody management have realized the complexity of maintaining the entire process without risk, and have come to terms with their lack of real facilities or capabilities.
On the other hand, it provides the confidence of knowing that the funds are in the hands of a specialist whose constant effort is focused on ensuring maximum asset protection, allowing crypto operators to focus on their core business—usually based on services or investments—without having to deal with such a complex and critical aspect.
This trend will continue to evolve as the crypto market matures, just as it evolved in traditional banking a few decades ago when most decided to dispense with their own safes and to delegate the management and custody of cash to specialist companies such as Prosegur.
6. What do you think is the next step for Financial Institutions in countries around the world that will push clients to seek security as a priority?
We believe it is not necessary for any significant loss of funds to occur for financial institutions to decide if their security model provides adequate protection. Security is by far the most critical part of the Crypto business, both due to the reputational risk that any security crisis can carry, as well as to the loss of customer trust.
It is very important to understand the criticality of safety and prioritize the decision on which model is best suited to the needs of each operator. Assessing the different security options is essential to establish the appropriate model, which is not always easy given especially the subtle but critical differences.