Blockchain made headlines recently as the transaction infrastructure for bitcoin and other cryptocurrencies, but this shared ledger solution is now being reimagined as a way to bridge the enterprise security gap. In fact, 60 percent of companies have already implemented (or plan to implement) blockchain technology — with 28 percent actively testing solutions and 20 percent in the discovery and evaluation phase.

But many challenges remain, including scalability and privacy. There’s still more work to do before blockchain can effectively bridge the gap from potential benefit to security baseline.

A Perceptual Shift in Blockchain Technology

The use of blockchain technology as a cryptocurrency record-keeper makes sense. Adding “blocks” of data to a public ledger in sequence helps ensure that transactions are both visible and difficult to alter (since any modification of the original ledger results in widespread mismatches). It’s an ideal combination of user privacy and security oversight: While the identity of digital wallet holders is obfuscated, transaction records are a matter of public record.

As cryptocurrency markets have cooled and (somewhat) stabilized, however, interest in blockchain as a security technology has swelled.

“While still nascent, there is promising innovation in blockchain towards helping enterprises tackle immutable cyber-risk challenges, such as digital identities and maintaining data integrity,” Ed Powers, cyber risk lead at Deloitte U.S., noted in a 2017 report.

Blockchain was also a high-profile topic at the 2018 RSA Conference in April: While some attendees argued for blockchain technology as the solution to General Data Protection Regulation (GDPR) compliance, others worried about issues like viability at scale, data integrity and provenance.

No matter the outlook, it’s clear that blockchain is undergoing a shift as enterprises look for ways to shore up cybersecurity in a market dominated by distributed cloud networks, limited visibility and huge potential consequences.

A Dearth of Blockchain Expertise

So, what’s the potential for blockchain? Demand for blockchain talent recently skyrocketed as companies look for engineers with the skills to develop new applications and services that leverage this technology, according to TechCrunch. There’s already more than $3.7 billion in initial coin offering (ICO) funding waiting for talented developers — and 14 openings for every experienced candidate.

Of course, experience is part of the problem: Blockchain simply hasn’t been around long enough for IT professionals to amass significant working knowledge. Despite supply constraints, however, demand isn’t slowing down. In fact, TechCrunch also reported on a 700 percent increase in companies looking for blockchain engineering talent since January 2017.

Some companies are leveraging blockchain itself to create new cybersecurity marketplaces where motivated white- and black-hat hackers can design antimalware tools for profit. Think of it as a way to bridge the growing cybersecurity skills gap: These hubs enable security professionals to develop antimalware tools or connect with businesses in need of security expertise. Instead of the traditional hiring and vetting process, everything is conducted via blockchain-based secure contracts. Upon completion of successful projects, security experts are paid in cryptocurrency.

More traditional use cases for blockchain leverage its inherent audit capabilities. Since all transactions added to public and private blockchains are signed and time-stamped, enterprises can quickly track down specific events or users of interest. Also, new transactions fundamentally alter the state of the blockchain ledger: Previous iterations are stored, providing companies with a complete history log that both limits the chance of data tampering and ensures all IT actions are auditable as required by emerging compliance regulations.

Build a Better Blockchain, One Link at a Time

Despite enterprise advancement in the area of blockchain, however, there’s still room for improvement. For example, there are limited enterprise use cases for this technology, since very few apps use (or benefit from) the addition of blockchain. While this will change as the market evolves, current use cases are few and far between.

In addition, while traceability is an inherent property of blockchain, data quality is not. The Deloitte report noted that “blockchain technology does not guarantee or improve data quality.” Enterprises remain responsible for ensuring the accuracy and reliability of their data before it becomes part of a shared chain ledger.

Finally, The Wall Street Journal reported that while blockchain excels at data security and trust, it may struggle with privacy. Consider the GDPR: Key components of this legislation are the right to be forgotten and the power of citizens of the European Union (EU) to request access to stored personal data from organizations at any time. The nature of blockchain, however, prohibits this kind of data grab and removal, meaning multiple blockchains might be required to comply with GDPR legislation.

The problem is that the unbroken nature of blockchain is its biggest strength — fragmenting chains reduces total security efficacy.

Enterprises are understandably interested in blockchain’s inherent benefits, such as shared ledgers and natural auditability. Alone, however, blockchain is not the missing link to cloud security. This technology must be paired with apps and services that ensure accurate data entry and reliable sourcing and can address emerging privacy issues. When it comes to enterprise security applications, blockchain holds significant promise but remains developmentally adolescent.

More from Cloud Security

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Why Are Cloud Misconfigurations Still a Major Issue?

Cloud misconfigurations are by far the biggest threat to cloud security, according to the National Security Agency (NSA). The 2022 IBM Security X-Force Cloud Threat Landscape Report found that cloud vulnerabilities have grown a whopping 28% since last year, with a 200% increase in cloud accounts offered on the dark web in the same timeframe. With vulnerabilities on the rise, the catastrophic impact of cloud breaches has made it clear that proper cloud security is of the utmost importance. And…

Charles Henderson’s Cybersecurity Awareness Month Content Roundup

In some parts of the world during October, we have Halloween, which conjures the specter of imagined monsters lurking in the dark. Simultaneously, October is Cybersecurity Awareness Month, which evokes the specter of threats lurking behind our screens. Bombarded with horror stories about data breaches, ransomware, and malware, everyone’s suddenly in the latest cybersecurity trends and data, and the intricacies of their organization’s incident response plan. What does all this fear and uncertainty stem from? It’s the unknowns. Who might…

How an Attacker Can Achieve Persistence in Google Cloud Platform (GCP) with Cloud Shell

IBM Security X-Force Red took a deeper look at the Google Cloud Platform (GCP) and found a potential method an attacker could use to persist in GCP via the Google Cloud Shell. Google Cloud Shell is a service that provides a web-based shell where GCP administrative activities can be performed. A web-based shell is a nice feature because it allows developers and administrators to manage GCP resources without having to install or keep any software locally on their system. From…