There has been a lot of hype around blockchain technology, including predictions for how it can make communications and data sharing more secure.
There are exciting possibilities for blockchain as a valuable platform for security professionals to protect important data. Yet the key features that advocates point to, such as the ability for participants to remain anonymous while sharing data with one another, can actually increase security risks for certain applications if not properly addressed. Because there is no platform with a concrete solution for validating the identity of participating entities, some blockchain technologies will be vulnerable to bad actors.
Blockchain: One Tool In The Toolbox
That’s not to say blockchain has no role to play in helping your organization introduce new efficiencies while strengthening your security posture. But it’s only one tool in your toolbox, along with technologies such as public key infrastructure (PKI), artificial intelligence and machine learning. You need to choose the appropriate tools for your specific applications, just like selecting a flathead or Phillips head screwdriver.
Applications based on public blockchain platforms, most famously Bitcoin, have taken off because of dedicated user communities being drawn to the decentralized model and anonymity layer. Blockchain may also lend itself well to communities that want to take advantage of decentralization while maintaining a high integrity of the ecosystem through an emphasis on vetted identities rather than anonymous ones.
Consider the Linux Foundation’s Hyperledger, an organization established to promote and create diverse industry collaboration for blockchain technologies. Hosted by the Linux Foundation, Hyperledger has set out to advance the use of blockchain to build open source code, distributed ledgers and frameworks through an industry-diverse community of software developers.
Through the Linux Foundation’s Hyperledger project, which my company contributes to, participants can add open source code to advance the security of blockchain technologies. This includes adding strong identity verification of blockchain participants to protect against bad actors being able to conceal their identities and hide their malicious activities. Companies with developed expertise in vetting identities are participating to provide solutions.
Note that I reference “technologies” plural. One common misperception is that there is one blockchain. There are, in fact, three variants: public platforms (e.g., Bitcoin), in which anyone can participate; private platforms (e.g., Hyperledger Fabric) that include invited participants to build applications; and hybrid blockchain platforms (e.g., Ripple), where any user can view the blockchain, but only permissioned users can make changes.
No matter the variant, the core values always upheld by blockchain include transparency, auditability and traceability. However, even with the inherent safeguards of consensus protocols, none of the blockchain variants offer the hardened security necessary to bind the identity and authentication of the participating entities.
Without this critical capability, blockchain technologies are vulnerable to bad actors who will take advantage of the anonymity of a permissionless blockchain application and attempt to imitate legitimate users.
Validate Identities To Ensure Secure Interactions
Identities don’t need to be revealed in order to be trusted, but they should be validated before further interactions take place.
Think about taking your car into a service center to replace a broken part like a door handle. There is no simple way to validate the authenticity of a part that doesn’t have traceable electronic components since there could be many replicas of the original (aka, cheap knockoffs). Even if you purchase the part from an authorized dealer, you can’t be 100% certain you won’t receive a knockoff part due to supply chain manipulation.
But you can be 100% certain if you assign a specific, unique identity to that part and combine it with the tracing capability of blockchain. You can know where the part was manufactured, through which port it entered the country and what dealer is selling it. You are creating a better trust chain to identify and verify that specific part while preserving the functionality of the part. You also improve auditability by knowing the door handle for your German car was built by the manufacturer in Germany, not another country. A blockchain system with the proper identity vetting controls for participants has the ability to provide this type of trust.
How To Determine If Blockchain Can Help Or Hurt
When properly implemented, blockchain can serve as part of a unified future solution in the security toolbox. What’s important is to consider the use case and align the technology accordingly. Are you considering a blockchain architecture that deals with valid identities as an important task? Would a permissioned blockchain platform be the best solution?
Certainly, these are the questions that need to be asked in the planning phase, as a deployment without proper due diligence will not protect your enterprise users or your data from exposure. Do your homework today so that when blockchain becomes more widely used, you will be ready to apply the appropriate technology to the right use cases as part of a comprehensive security approach.