Will blockchain power the next generation of data security?
Cryptomania is dominating conversations from Silicon Valley to Wall Street. But ‘cryptocurrency’ is only one implementation of the underlying technology innovation that has the ability to transform the way future technology products are designed and built. Of course, that technology is blockchain, the decentralized digital ledger that makes Bitcoin and other cryptocurrencies possible.
First, we need to establish a common framework for the underpinnings of the technology. Its foundational element, the block, is a chunk of data that is packaged securely and then saved with a cryptographically secure reference to a previous block. Every block becomes part of a chain, and there is no mechanism for editing or deleting blocks once they are added.
While the data chain has strong cryptographic protection if it was saved in one physical place it would still be vulnerable to hacking. To address this a decentralized storage approach is fundamental to the blockchain design. The entire blockchain is replicated across multiple nodes in a storage network.
Blockchain consensus works when each node conducts frequent checks with all other nodes to see if its image of the blockchain matches others’. This makes the blockchain invulnerable to hacks because a successful hacker would need to gain access to at least 51 percent of the nodes and simultaneously make the same change to all of them in order to convince the blockchain network the hacked version of the truth is correct. This is technologically infeasible due to the intrinsic security within each blockchain node.
It’s important to note that the pre-conditions for blockchain use cases to function at scale are just now coming into focus. They are rapidly increasing processing capacity, storage costs plummeting, and larger, faster data pipes available for consensus management and replication of data. As these 3 pre-conditions continue to accelerate we will see multiple new use cases for blockchain technology emerge.
Laying the groundwork for digital trust?
These built-in security measures are what make blockchain a powerful solution beyond cryptocurrency. Blockchain’s other crucial characteristic is its immutability. It has the ability to free systems from complicated digital-security tracking, presenting a new paradigm for establishing and recording what comprises trustworthy interaction. While it’s essential for people who use digital currencies to trust the ledger that determines who owns which Bitcoin, it has not taken long for technologists to realize that the core innovation that makes that ledger possible has profound implications in the future of human systems that require trust as a component of the transaction.
A massive part of our economy is based on establishing and maintaining trust between people and parties. Given the ability to create systems that establish the unassailable truth digitally using blockchain, we could supplant systems that use analog methods today. This realization has led to an explosion of technology startups who are focused on renovating human systems where trust must be established.
A focus on security
Not every implementation of blockchain requires the re-thinking of big human systems. It can be transformational in other ways, where an individual organization or enterprise can derive more immediate value that is just as dramatic. The foremost of these is in security. Because blockchain had to be built to be impenetrable, and it can conceptually store any type of data, its applications in data security are profound.
As a new design-pattern for securing data, blockchain arrives at a time when the state of cybersecurity is direr than ever. The popularity of cloud computing paired with the proliferation of connected devices, both in mobility and in the Internet of Things, is causing an explosion of boundary threat vectors for networks. This is exacerbated by new economic influences like ransomware and nation-state sponsorship which provide fresh ways for bad actors to profit and new temptations for those with access to abuse it.
Cybersecurity providers seem stuck in a responsive mode, focused on patching existing software and developing new software that is merely a band-aid to address each new threat. These solutions become available just as bad actors have already moved on to something new, and they merely plug a threat vector without actually decreasing the number of them. Importantly, they add incredible layers of complexity to systems that are already overtaxed. It has become impossible for business owners, the parties who are ultimately accountable for the protection of their company’s most sensitive data, to know who internally or externally has access to the data assets of the organization.
The next generation of cybersecurity solutions will address the problem differently, where fundamentally new design-patterns emerge that change the way basic systems work and massively decrease the number of threat vectors. Blockchain is one such design pattern. It simply needs to be adapted to the purpose.
A new type of blockchain
No data-security technology is as battle-tested as blockchain, since it protects one of largest public vaults of economic value in human history: Bitcoin. But Bitcoin’s blockchain is very specific to its purpose, and would need to be more flexible, more private, and faster in order to be used by organizations focused on securing data.
Bitcoin and other cryptocurrencies use blockchain for transaction records. But much of the worlds’ data that requires protection is in files: documents, images, videos. A security-focused blockchain must be able to store anything.
A bigger problem is that data in a cryptocurrency blockchain must be publicly consumable. This is antithetical to the goal of data security. Not only can the blockchain not be publicly readable but copying all sensitive data in its entirety to every storage node on the network magnifies the threat of breach by the number of nodes.
This can be solved relatively easily, however. The security-focused blockchain could actually de-centralize the data itself by breaking it into pieces and storing it across multiple blocks in the blockchain. This means that forced access to any single node would be meaningless because it would contain only fragments of data with references to other fragments in other nodes. It also means that because the data describes itself by linking all of its fragments together in the right order, there is no master map, encryption key, or decoder to steal.
The final major issue is that the Bitcoin blockchain would never work for an organization that needs to not only protect its data but also use it. Adding new transactions to the Bitcoin network today can take ten minutes. A security-focused blockchain could gain significant performance enhancements by becoming private and permissioned. This means that all of the nodes are centrally controlled and trusted.
Driving business transformation
I have spent the last four years working behind the scenes on research and development around blockchain technology as it applies to scalable data security, and my team and my mission is to engineer a new security architecture that would address some of the fatal flaws in our current systems.
I like to say it is that mission led us to blockchain and not the other way around. Blockchain offered the answer to a list of requirements necessary for a restructured foundation for data security. But, many modifications had to be made and continue to be made in order to make blockchain uniquely suited to providing data security and immutability at scale.
Today, we have come to see blockchain as the foundation for the kind of security that drives business transformation.
In the cybersecurity world, the toxic mixture of technological challenges, increasing economic incentives that reward criminal behavior, and differences in technical knowledge have sowed distrust among stakeholders in corporate leadership, IT, the user base, and outside partners.
Opportunities exist to use blockchain to record all types of data activity, creating an unhackable record of what and how everything is being used, and by whom. This has the potential to create visibility into data-access for all, and a powerful deterrent to those who would access data for nefarious purposes. This kind of record could also be used for compliance purposes to enhance relationships with regulators.
Similarly, all anomalies and incident responses could be logged to a blockchain, creating a very detailed and court-admissible record of any attempt to impact data or network resources.
An immediate opportunity
The blockchain design-pattern is not just about supporting digital currencies, and it’s not just about starting the slow process of rethinking every human system of trust. Its basic security-related characteristics, with some adaptation, have the potential to genuinely stem today’s overwhelming tide of data breaches.
Digital trust today has been damaged, both between the different groups of stakeholders tasked with security and between those people and the technology they depend on to run their businesses or accomplish their missions. With novel foundational technologies like blockchain it can be restored.