Blockchain technology was perhaps the most controversial topic at last week’s RSA Conference in San Francisco. It’s fitting, because distributed ledger technologies are also hotly debated in conversations about enterprise technology. For most organizations, the idea of blockchain is suspended somewhere between hype and disappointment, realism and naked hope. The perspective all depends on who you’re talking to.

Twitter is a fairly good barometer to gauge how these competing viewpoints played out at RSAC 2018. Some participants in the discussion asserted that blockchain is the key to achieving General Data Protection Regulation (GDPR) compliance, while others questioned the technology’s scalability. Some RSAC attendees were unfamiliar with blockchain altogether.

If we’ve learned anything from the cybersecurity threat climate, it’s that speed should never be sacrificed for security. Hype around any emerging technology puts pressure on developers to innovate. If a technology is inherently flawed or a poor fit for the use case, speed is not a good thing.

Over the past several days, some of the brightest minds in the industry put their heads together to determine where blockchain technology truly fits into the enterprise, how technological weaknesses can be exploited and whether the risks outweigh the benefits.

When Hype Obscures the Status Quo: Who Won the Production Race?

While there’s significant discussion about blockchain’s potential and the challenges related to its adoption, there’s a lot less data about who actually won the race to production. It’s never easy to get a pulse on a fast-changing market, but recent research has revealed that the majority of enterprises are not in production. As of July 2017, 6 in 10 enterprises had deployed the technology or planned to do, with most implementations slated for late 2018.

Another survey found that 3 percent of enterprises have blockchain apps in production. It also noted that:

  • 28 percent of organizations are actively testing blockchain.
  • 20 percent are in the discovery or evaluation phase.
  • 4 percent are testing or piloting the technology.
  • 2 percent are in testing or development.

Meanwhile, 67 percent of enterprises investing in blockchain had already spent over $100,000 by the end of 2016 and 91 percent planned to spend at least that much in 2017. This trend suggests that organizations see value in blockchain technology and are willing to continue to invest in research to unlock its potential benefits.

Creating a Secure Enterprise Baseline for Blockchain

So, should enterprises proceed with innovation, given the fact blockchain is still shrouded in hype, uncertainties and risk? The conversations that took place at RSAC 2018 suggest that blockchain could be part of the solution, but it really depends on what type of blockchain you’re talking about and how you approach it

In the Tuesday session titled “Trust as a Service — Beyond the Blockchain Hype,” representatives from Verizon talked about how the telecommunications giant spent a decade creating a billion-event solution to big blockchain problems such as integrity, attribution and provenance. On Thursday, two Samsung engineers shared specific techniques for writing smarter and better code in the session titled “An Overview of Blockchain-Based Smart Contract Security Vulnerabilities.”

David Huseby and Marta Piekarska of the Linux Foundation emphasized the importance of establishing baseline questions for conceptualizing security innovation in their Tuesday session, “Blockchain — The New Black. What About Enterprise Security?” They also explained the difference between private and permissioned blockchains.

Once organizations understand the benefits of using a private approach to bitcoin, they can address important topics, such as flexibility, security and industry-specific regulations, before they begin the proof-of-concept phase.

Considerations for Enterprise Blockchain

Blockchain is still a gamble, but enterprises can build upon the foundations of others. Standards, industry-specific best practices and an increasingly rich ecosystem of insights enable organizations to understand how industry leaders are addressing the foundational nuances of distributed ledger technology and using it to their advantage.

Cathie Yun, a software engineer at Chain, spoke about considerations — not necessarily weaknesses — for enterprise blockchain use during the session titled “Foundations of Bitcoin, Blockchain and Smart Contracts,” a replay of which is available via RSAC onDemand. She noted that organizations should address the following areas when gathering requirements:

  • Trust model;
  • Administration;
  • Identity; and
  • Confidentiality.

Blockchain Is Not Pixie Dust

“Blockchains are often viewed as security pixie dust,” asserted Ron Rivest, MIT professor and cryptographer. “If you add them to your application, they magically make it better.”

During “The Cryptographers’ Panel,” which opened the conference, Rivest talked over key topics with fellow cryptography experts Adi Shamir of The Weizmann Institute in Israel, researcher Paul Kocher, Moxie Marlinspike of Signal and Whitfield Diffie of Cryptomathic.

“Blockchain is an interesting tool, but it’s not a business,” agreed Kocher. “It’s just an interesting thing you can use to build a system like a log management tool.”

Blockchain, according to Rivest, offers “interesting properties, [including] decentralized, public access.” As Marlinspike highlighted, the problem with capitalizing on the value of blockchain technology is that there are relatively few apps that value it.

While their analysis of blockchain and its potential was critical overall, Marlinspike said he interprets the hype as a sign of hope. Distributed ledger technology may not be pixie dust, but it could indicate that what Marlinspike called the “multitrillion-dollar problem” of security is being taken seriously since it’s a foundation-level approach to solving issues of data, access and identity in drastically new ways.

The consensus among the speakers at RSAC was that blockchain is no magic bullet. Rather, as Piekarska put it, blockchain is more like a “very advanced screwdriver.”

Understanding the Blockchain Backlash

There’s a root cause behind this backlash against blockchain technology, and it has very little to do with the fact there are no enterprise use cases for the technology. There are many success stories about blockchain in production, and many organizations are making their way toward full production by end of 2018, from the proof-of-concept stage to testing.

For the 45,000 cybersecurity professionals on the ground at RSAC 2018, this past year was the most challenging in the history of cybersecurity. A recent Ponemon study found that 45 percent of chief information officers (CIOs) fear that they’ll lose their jobs as a result of a data breach in the year ahead, and 67 percent believe that such an incident is likely to occur.

The backlash against blockchain is thus largely a revolt against the hype — and that’s not an entirely bad thing. Security professionals aren’t buying the suggestion that there’s a magic bullet or an out-of-the-box blockchain solution that can solve all their security woes. CIOs generally take a cautious approach to emerging technologies, especially something as shrouded in hype as blockchain.

As enterprise solutions and use cases of distributed ledgers emerge across industries, this technology is still in the early stages of evolution. If this year’s conference is any indication, it’s safe to say that blockchain will be a trending topic once again at RSAC 2019.

More from Data Protection

Data Privacy: How the Growing Field of Regulations Impacts Businesses

The proposed rules over artificial intelligence (AI) in the European Union (EU) are a harbinger of things to come. Data privacy laws are becoming more complex and growing in number and relevance. So, businesses that seek to become — and stay — compliant must find a solution that can do more than just respond to current challenges. Take a look at upcoming trends when it comes to data privacy regulations and how to follow them. Today's AI Solutions On April…

Defensive Driving: The Need for EV Cybersecurity Roadmaps

As the U.S. looks to bolster electric vehicle (EV) adoption, a new challenge is on the horizon: cybersecurity. Given the interconnected nature of these vehicles and their reliance on local power grids, they’re not just an alternative option for getting from Point A to Point B. They also offer a new path for network compromise that could put drivers, companies and infrastructure at risk. To help address this issue, the Office of the National Cyber Director (ONCD) recently hosted a…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

How the CCPA is Shaping Other State’s Data Privacy

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding data privacy's legal requirements. Depending on the location and jurisdiction, data privacy laws can vary significantly in terms of scope and enforcement. But while the laws…