Bitcoin blockchain was launched in 2009 amidst the hype and excitement of changing the world of transactions and a whole new ecosystem has emerged around it. Eight years later, Bitcoin hasn’t really set the world on fire and its contribution to the massive financial services market has been miniscule. However, the underlying technology, blockchain, and the fundamental idea of a tamper-proof distributed ledger created by computers is pretty powerful in itself. Businesses are now getting interested in unwrapping the underlying technology and using the core blockchain network protocol concept without any cryptocurrency attached to it. This is giving rise to a world of private, permissioned blockchains that replace the trust-less aspect of bitcoin (public) blockchain with a closed, trusted set of participants. So, rather than a completely ‘distributed database’, it becomes a ‘shared database’. Financial institutions are investing heavily in the private blockchain projects as it promises great cost benefits where institutions can save billions in areas like clearing & settlement, trade finance and automated contracts (smart contracts). Most of the currently undergoing blockchain projects including R3 are based on private blockchain.
Blockchain as a technology is here to stay and is showing commercial potential to go beyond the financial markets. Cryptography, privacy, autonomy, and fault tolerance are all central characteristics of blockchain that can provide alternate tools to the traditional cybersecurity solutions. We can easily imagine how the irreversible nature of data in blockchain could be useful for data integrity and security against any malicious attempt to alter the data.
Identity and access management (IAM)
Digital identity management is core to the blockchain technology and various applications are available currently that manage and process decentralised digital identities, like ShoCard. However, blockchain can be equally applicable to identity and access management (IAM) in the enterprise market context. The DDoS attack in Oct 2016 that brought down a large number of websites was launched with the help of hacked IoT devices and brought the whole issue around IoT security to the frontline. Blockchain technology can help in facilitating digital trust by building tamper-proof digital vaults to protect connected users/ devices, define their access permissions clearly and bring redundancy in the system. Authentications are device to device, without any reliance on a central authority or passwords. US Department of Homeland Security (DHS) is working with Factom to see if blockchain can be used to limit would-be hackers' abilities to corrupt the past records for a device, making it more difficult to spoof. Gartner now includes Blockchain as one of the technology components on their famous ‘hype cycle’ for IAM solutions.
Data security & integrity
Current security solutions tend to focus on confidentiality and availability aspects of the classic security CIA triad, however, ‘integrity’ of data doesn’t get highlighted as much while any data manipulation or subversion attempts can actually have lethal impact on business operations. For example, for any healthcare organisation that handles patient data or banks that retain customers’ financial information, the prospect that this data can be compromised in some way can destroy public confidence significantly and have adverse effect on the business. Data integrity concern is even more pertinent for government and military establishments where data manipulation can cripple decision-making at critical times.
Blockchain’s permanent, irreversible, cryptographic data blocks can prove to be a big advantage to ensure ‘data integrity’. Any attempt to change the data will be immediately flagged and will require consensus amongst all participants/ nodes, making it very difficult for a hacker to achieve its aim. Traditional security solutions like data loss prevention (DLP), mobile security, cloud security (and CASB) should explore the use of blockchain technology into their architecture, advancing their current authentication, data and access policies.
In summary, blockchain has started to percolate into the cybersecurity world and some of the potential applications are already evident. Now is the time for the cybersecurity vendors to explore the use of blockchain technology and determine if it could be a useful tool in providing a holistic approach for distributed security that works at all levels – user/device/network, transaction, communication and business.