Enterprise Cloud Security: Is Blockchain Technology the Missing Link?
Blockchain made headlines recently as the transaction infrastructure for bitcoin and other cryptocurrencies, but this shared ledger solution is now being reimagined as a way to bridge the enterprise security gap. In fact, 60 percent of companies have already implemented (or plan to implement) blockchain technology — with 28 percent actively testing solutions and 20 percent in the discovery and evaluation phase.
But many challenges remain, including scalability and privacy. There’s still more work to do before blockchain can effectively bridge the gap from potential benefit to security baseline.
A Perceptual Shift in Blockchain Technology
The use of blockchain technology as a cryptocurrency record-keeper makes sense. Adding “blocks” of data to a public ledger in sequence helps ensure that transactions are both visible and difficult to alter (since any modification of the original ledger results in widespread mismatches). It’s an ideal combination of user privacy and security oversight: While the identity of digital wallet holders is obfuscated, transaction records are a matter of public record.
As cryptocurrency markets have cooled and (somewhat) stabilized, however, interest in blockchain as a security technology has swelled.
“While still nascent, there is promising innovation in blockchain towards helping enterprises tackle immutable cyber-risk challenges, such as digital identities and maintaining data integrity,” Ed Powers, cyber risk lead at Deloitte U.S., noted in a 2017 report.
Blockchain was also a high-profile topic at the 2018 RSA Conference in April: While some attendees argued for blockchain technology as the solution to General Data Protection Regulation (GDPR) compliance, others worried about issues like viability at scale, data integrity and provenance.
No matter the outlook, it’s clear that blockchain is undergoing a shift as enterprises look for ways to shore up cybersecurity in a market dominated by distributed cloud networks, limited visibility and huge potential consequences.
A Dearth of Blockchain Expertise
So, what’s the potential for blockchain? Demand for blockchain talent recently skyrocketed as companies look for engineers with the skills to develop new applications and services that leverage this technology, according to TechCrunch. There’s already more than $3.7 billion in initial coin offering (ICO) funding waiting for talented developers — and 14 openings for every experienced candidate.
Of course, experience is part of the problem: Blockchain simply hasn’t been around long enough for IT professionals to amass significant working knowledge. Despite supply constraints, however, demand isn’t slowing down. In fact, TechCrunch also reported on a 700 percent increase in companies looking for blockchain engineering talent since January 2017.
Some companies are leveraging blockchain itself to create new cybersecurity marketplaces where motivated white- and black-hat hackers can design antimalware tools for profit. Think of it as a way to bridge the growing cybersecurity skills gap: These hubs enable security professionals to develop antimalware tools or connect with businesses in need of security expertise. Instead of the traditional hiring and vetting process, everything is conducted via blockchain-based secure contracts. Upon completion of successful projects, security experts are paid in cryptocurrency.
More traditional use cases for blockchain leverage its inherent audit capabilities. Since all transactions added to public and private blockchains are signed and time-stamped, enterprises can quickly track down specific events or users of interest. Also, new transactions fundamentally alter the state of the blockchain ledger: Previous iterations are stored, providing companies with a complete history log that both limits the chance of data tampering and ensures all IT actions are auditable as required by emerging compliance regulations.
Build a Better Blockchain, One Link at a Time
Despite enterprise advancement in the area of blockchain, however, there’s still room for improvement. For example, there are limited enterprise use cases for this technology, since very few apps use (or benefit from) the addition of blockchain. While this will change as the market evolves, current use cases are few and far between.
In addition, while traceability is an inherent property of blockchain, data quality is not. The Deloitte report noted that “blockchain technology does not guarantee or improve data quality.” Enterprises remain responsible for ensuring the accuracy and reliability of their data before it becomes part of a shared chain ledger.
Finally, The Wall Street Journal reported that while blockchain excels at data security and trust, it may struggle with privacy. Consider the GDPR: Key components of this legislation are the right to be forgotten and the power of citizens of the European Union (EU) to request access to stored personal data from organizations at any time. The nature of blockchain, however, prohibits this kind of data grab and removal, meaning multiple blockchains might be required to comply with GDPR legislation.
The problem is that the unbroken nature of blockchain is its biggest strength — fragmenting chains reduces total security efficacy.
Enterprises are understandably interested in blockchain’s inherent benefits, such as shared ledgers and natural auditability. Alone, however, blockchain is not the missing link to cloud security. This technology must be paired with apps and services that ensure accurate data entry and reliable sourcing and can address emerging privacy issues. When it comes to enterprise security applications, blockchain holds significant promise but remains developmentally adolescent.