Light Dark
June 14, 2018 By Douglas Bonderud 3 min read
Cloud Security
Data Protection
Identity & Access

Blockchain made headlines recently as the transaction infrastructure for bitcoin and other cryptocurrencies, but this shared ledger solution is now being reimagined as a way to bridge the enterprise security gap. In fact, 60 percent of companies have already implemented (or plan to implement) blockchain technology — with 28 percent actively testing solutions and 20 percent in the discovery and evaluation phase.

But many challenges remain, including scalability and privacy. There’s still more work to do before blockchain can effectively bridge the gap from potential benefit to security baseline.

A Perceptual Shift in Blockchain Technology

The use of blockchain technology as a cryptocurrency record-keeper makes sense. Adding “blocks” of data to a public ledger in sequence helps ensure that transactions are both visible and difficult to alter (since any modification of the original ledger results in widespread mismatches). It’s an ideal combination of user privacy and security oversight: While the identity of digital wallet holders is obfuscated, transaction records are a matter of public record.

As cryptocurrency markets have cooled and (somewhat) stabilized, however, interest in blockchain as a security technology has swelled.

“While still nascent, there is promising innovation in blockchain towards helping enterprises tackle immutable cyber-risk challenges, such as digital identities and maintaining data integrity,” Ed Powers, cyber risk lead at Deloitte U.S., noted in a 2017 report.

Blockchain was also a high-profile topic at the 2018 RSA Conference in April: While some attendees argued for blockchain technology as the solution to General Data Protection Regulation (GDPR) compliance, others worried about issues like viability at scale, data integrity and provenance.

No matter the outlook, it’s clear that blockchain is undergoing a shift as enterprises look for ways to shore up cybersecurity in a market dominated by distributed cloud networks, limited visibility and huge potential consequences.

A Dearth of Blockchain Expertise

So, what’s the potential for blockchain? Demand for blockchain talent recently skyrocketed as companies look for engineers with the skills to develop new applications and services that leverage this technology, according to TechCrunch. There’s already more than $3.7 billion in initial coin offering (ICO) funding waiting for talented developers — and 14 openings for every experienced candidate.

Of course, experience is part of the problem: Blockchain simply hasn’t been around long enough for IT professionals to amass significant working knowledge. Despite supply constraints, however, demand isn’t slowing down. In fact, TechCrunch also reported on a 700 percent increase in companies looking for blockchain engineering talent since January 2017.

Some companies are leveraging blockchain itself to create new cybersecurity marketplaces where motivated white- and black-hat hackers can design antimalware tools for profit. Think of it as a way to bridge the growing cybersecurity skills gap: These hubs enable security professionals to develop antimalware tools or connect with businesses in need of security expertise. Instead of the traditional hiring and vetting process, everything is conducted via blockchain-based secure contracts. Upon completion of successful projects, security experts are paid in cryptocurrency.

More traditional use cases for blockchain leverage its inherent audit capabilities. Since all transactions added to public and private blockchains are signed and time-stamped, enterprises can quickly track down specific events or users of interest. Also, new transactions fundamentally alter the state of the blockchain ledger: Previous iterations are stored, providing companies with a complete history log that both limits the chance of data tampering and ensures all IT actions are auditable as required by emerging compliance regulations.

Build a Better Blockchain, One Link at a Time

Despite enterprise advancement in the area of blockchain, however, there’s still room for improvement. For example, there are limited enterprise use cases for this technology, since very few apps use (or benefit from) the addition of blockchain. While this will change as the market evolves, current use cases are few and far between.

In addition, while traceability is an inherent property of blockchain, data quality is not. The Deloitte report noted that “blockchain technology does not guarantee or improve data quality.” Enterprises remain responsible for ensuring the accuracy and reliability of their data before it becomes part of a shared chain ledger.

Finally, The Wall Street Journal reported that while blockchain excels at data security and trust, it may struggle with privacy. Consider the GDPR: Key components of this legislation are the right to be forgotten and the power of citizens of the European Union (EU) to request access to stored personal data from organizations at any time. The nature of blockchain, however, prohibits this kind of data grab and removal, meaning multiple blockchains might be required to comply with GDPR legislation.

The problem is that the unbroken nature of blockchain is its biggest strength — fragmenting chains reduces total security efficacy.

Enterprises are understandably interested in blockchain’s inherent benefits, such as shared ledgers and natural auditability. Alone, however, blockchain is not the missing link to cloud security. This technology must be paired with apps and services that ensure accurate data entry and reliable sourcing and can address emerging privacy issues. When it comes to enterprise security applications, blockchain holds significant promise but remains developmentally adolescent.

 |  |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from Cloud Security
June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

May 15, 2024

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature