November 28, 2016 By Luke Sully 3 min read

When I became Global Blockchain Lead for Security Services at IBM in January 2016, I had no idea what kind of year awaited me. Just a few highlights:

  • In February, IBM introduced developer services on the Bluemix cloud to enable rapid creation and monitoring of blockchain applications.
  • In April, IBM launched a new set of highly secure blockchain services on the IBM Cloud for financial services, government and health care.
  • In June, IBM and Crédit Mutuel Arkéa completed the first blockchain project to apply the secure ledger technology to customer identity verification.
  • In October, a group that includes 70 of the world’s largest financial institutions open-sourced its blockchain platform.
  • Also in October, a startup called Chain, which is working with some of the world’s biggest financial companies, announced that it would open-source its blockchain platform.
  • In the wake of last month’s massively distributed denial-of-service (DDoS) attack, blockchain has been touted as the best bet for improving Internet of Things (IoT) security.
  • As Ars Technica recently put it, blockchain has “shaved off the startup hipster beard, put on a tie and gone mainstream.”

This is the time of year when people make predictions, so allow me to offer three of my own for 2017.

Blockchain Gets Real

We’re wrapping up a year of enormous innovation in the world of blockchain, in which the technology has been applied to everything from stock photo services to voting. During this tire-kicking period, a lot of bad ideas are tried out, and during 2017, many of them will be discarded. I’m not suggesting that blockchain will enter a “trough of disillusionment,” but businesses will turn their attention to practical applications — and that’s good.

I also expect the dominant conversation will move from “How do we use it?” to “How do we secure it?” That’s right, secure it. Although blockchains rely on layers of advanced encryption, allowing for greater privacy and security for participants and data (all derived from its four underlying characteristics of consensus, immutability, provenance and finality), there’s a myth that blockchain provides the ultimate in security. There’s considerable work still to be done here in a variety of areas, from identity and access control to security analytics and incident response.

For one thing, blockchain networks operate on a variety of “consensus models” — the verification process whereby participants in the chain sign off on the validity of information. Different consensus models change the resiliency of blockchain networks, so adaptability is key to ensuring security, especially in multijurisdictional environments.

We are working on a full methodology for penetration testing in a chain. Bear in mind that we don’t yet have standards in place to guide the industry on best practices, yet every relevant regulator will want to see a company’s blockchain security assessment. Until these issues are solved — and they will be — enterprises need to be smart about how they approach this issue.

Blockchain Gets Smaller

One of the intriguing features of blockchain is its scalability. In theory, blockchain networks can include members from all over the globe. The reality, however, is that testing applications on a global scale is scary under the best of circumstances.

There’s an additional wrinkle in regional encryption standards. For example, Korea, Russia and China use national standards of encryption that are different from those in the U.S. and Europe, and which are incompatible with each other. It’s not that users in those countries are trying to be difficult; the government mandates those national encryption standards. Until all countries can find work-arounds that satisfy individual standards yet don’t compromise interoperability, global rollouts will be more deliberate, especially in highly regulated industries.

I expect we’ll see more blockchain tests move to regional and industry settings in which the players know each other, or at least use the same protocols. Controlled testing will yield success scenarios that are then adopted more broadly. That’s the way enterprise-grade technology has always matured. This will drive “regional” blockchains, so expect to see interesting divergence in interpretations of the blockchain principle next year.

Blockchain Goes Broader

Many people associate blockchain exclusively with Bitcoin, the cryptocurrency that enables trusted financial transactions between parties that don’t know each other. But currency is only one application of the technology, albeit a powerful one. Blockchain can be used in any context in which trusted relationships between peers can make transactions simpler and faster.

Expect to see some notable use cases in different industries, such as partners in supply chains using blockchain to manage goods and payments, or blockchain enabling communications between devices in an IoT network. This is where things get exciting. The recent open-sourcing of powerful blockchain technology, combined with tools like those available in the Bluemix garage, will unleash a wave of innovation in this area. For a fun list of potential blockchain applications, check out this post from the Ledra Capital blog.

Summing Up

It’s always fun to speculate about game-changing technology, but the real test is putting those concepts into practice. This past year has been full of fascinating discussion about blue-sky possibilities. In 2017, blockchain gets serious. That’s when the game-changing potential will be realized.

More from Banking & Finance

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today