When I became Global Blockchain Lead for Security Services at IBM in January 2016, I had no idea what kind of year awaited me. Just a few highlights:

  • In February, IBM introduced developer services on the Bluemix cloud to enable rapid creation and monitoring of blockchain applications.
  • In April, IBM launched a new set of highly secure blockchain services on the IBM Cloud for financial services, government and health care.
  • In June, IBM and Crédit Mutuel Arkéa completed the first blockchain project to apply the secure ledger technology to customer identity verification.
  • In October, a group that includes 70 of the world’s largest financial institutions open-sourced its blockchain platform.
  • Also in October, a startup called Chain, which is working with some of the world’s biggest financial companies, announced that it would open-source its blockchain platform.
  • In the wake of last month’s massively distributed denial-of-service (DDoS) attack, blockchain has been touted as the best bet for improving Internet of Things (IoT) security.
  • As Ars Technica recently put it, blockchain has “shaved off the startup hipster beard, put on a tie and gone mainstream.”

This is the time of year when people make predictions, so allow me to offer three of my own for 2017.

Blockchain Gets Real

We’re wrapping up a year of enormous innovation in the world of blockchain, in which the technology has been applied to everything from stock photo services to voting. During this tire-kicking period, a lot of bad ideas are tried out, and during 2017, many of them will be discarded. I’m not suggesting that blockchain will enter a “trough of disillusionment,” but businesses will turn their attention to practical applications — and that’s good.

I also expect the dominant conversation will move from “How do we use it?” to “How do we secure it?” That’s right, secure it. Although blockchains rely on layers of advanced encryption, allowing for greater privacy and security for participants and data (all derived from its four underlying characteristics of consensus, immutability, provenance and finality), there’s a myth that blockchain provides the ultimate in security. There’s considerable work still to be done here in a variety of areas, from identity and access control to security analytics and incident response.

For one thing, blockchain networks operate on a variety of “consensus models” — the verification process whereby participants in the chain sign off on the validity of information. Different consensus models change the resiliency of blockchain networks, so adaptability is key to ensuring security, especially in multijurisdictional environments.

We are working on a full methodology for penetration testing in a chain. Bear in mind that we don’t yet have standards in place to guide the industry on best practices, yet every relevant regulator will want to see a company’s blockchain security assessment. Until these issues are solved — and they will be — enterprises need to be smart about how they approach this issue.

Blockchain Gets Smaller

One of the intriguing features of blockchain is its scalability. In theory, blockchain networks can include members from all over the globe. The reality, however, is that testing applications on a global scale is scary under the best of circumstances.

There’s an additional wrinkle in regional encryption standards. For example, Korea, Russia and China use national standards of encryption that are different from those in the U.S. and Europe, and which are incompatible with each other. It’s not that users in those countries are trying to be difficult; the government mandates those national encryption standards. Until all countries can find work-arounds that satisfy individual standards yet don’t compromise interoperability, global rollouts will be more deliberate, especially in highly regulated industries.

I expect we’ll see more blockchain tests move to regional and industry settings in which the players know each other, or at least use the same protocols. Controlled testing will yield success scenarios that are then adopted more broadly. That’s the way enterprise-grade technology has always matured. This will drive “regional” blockchains, so expect to see interesting divergence in interpretations of the blockchain principle next year.

Blockchain Goes Broader

Many people associate blockchain exclusively with Bitcoin, the cryptocurrency that enables trusted financial transactions between parties that don’t know each other. But currency is only one application of the technology, albeit a powerful one. Blockchain can be used in any context in which trusted relationships between peers can make transactions simpler and faster.

Expect to see some notable use cases in different industries, such as partners in supply chains using blockchain to manage goods and payments, or blockchain enabling communications between devices in an IoT network. This is where things get exciting. The recent open-sourcing of powerful blockchain technology, combined with tools like those available in the Bluemix garage, will unleash a wave of innovation in this area. For a fun list of potential blockchain applications, check out this post from the Ledra Capital blog.

Summing Up

It’s always fun to speculate about game-changing technology, but the real test is putting those concepts into practice. This past year has been full of fascinating discussion about blue-sky possibilities. In 2017, blockchain gets serious. That’s when the game-changing potential will be realized.

more from Banking & Finance

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 –…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of…