November 28, 2016 By Luke Sully 3 min read

When I became Global Blockchain Lead for Security Services at IBM in January 2016, I had no idea what kind of year awaited me. Just a few highlights:

  • In February, IBM introduced developer services on the Bluemix cloud to enable rapid creation and monitoring of blockchain applications.
  • In April, IBM launched a new set of highly secure blockchain services on the IBM Cloud for financial services, government and health care.
  • In June, IBM and Crédit Mutuel Arkéa completed the first blockchain project to apply the secure ledger technology to customer identity verification.
  • In October, a group that includes 70 of the world’s largest financial institutions open-sourced its blockchain platform.
  • Also in October, a startup called Chain, which is working with some of the world’s biggest financial companies, announced that it would open-source its blockchain platform.
  • In the wake of last month’s massively distributed denial-of-service (DDoS) attack, blockchain has been touted as the best bet for improving Internet of Things (IoT) security.
  • As Ars Technica recently put it, blockchain has “shaved off the startup hipster beard, put on a tie and gone mainstream.”

This is the time of year when people make predictions, so allow me to offer three of my own for 2017.

Blockchain Gets Real

We’re wrapping up a year of enormous innovation in the world of blockchain, in which the technology has been applied to everything from stock photo services to voting. During this tire-kicking period, a lot of bad ideas are tried out, and during 2017, many of them will be discarded. I’m not suggesting that blockchain will enter a “trough of disillusionment,” but businesses will turn their attention to practical applications — and that’s good.

I also expect the dominant conversation will move from “How do we use it?” to “How do we secure it?” That’s right, secure it. Although blockchains rely on layers of advanced encryption, allowing for greater privacy and security for participants and data (all derived from its four underlying characteristics of consensus, immutability, provenance and finality), there’s a myth that blockchain provides the ultimate in security. There’s considerable work still to be done here in a variety of areas, from identity and access control to security analytics and incident response.

For one thing, blockchain networks operate on a variety of “consensus models” — the verification process whereby participants in the chain sign off on the validity of information. Different consensus models change the resiliency of blockchain networks, so adaptability is key to ensuring security, especially in multijurisdictional environments.

We are working on a full methodology for penetration testing in a chain. Bear in mind that we don’t yet have standards in place to guide the industry on best practices, yet every relevant regulator will want to see a company’s blockchain security assessment. Until these issues are solved — and they will be — enterprises need to be smart about how they approach this issue.

Blockchain Gets Smaller

One of the intriguing features of blockchain is its scalability. In theory, blockchain networks can include members from all over the globe. The reality, however, is that testing applications on a global scale is scary under the best of circumstances.

There’s an additional wrinkle in regional encryption standards. For example, Korea, Russia and China use national standards of encryption that are different from those in the U.S. and Europe, and which are incompatible with each other. It’s not that users in those countries are trying to be difficult; the government mandates those national encryption standards. Until all countries can find work-arounds that satisfy individual standards yet don’t compromise interoperability, global rollouts will be more deliberate, especially in highly regulated industries.

I expect we’ll see more blockchain tests move to regional and industry settings in which the players know each other, or at least use the same protocols. Controlled testing will yield success scenarios that are then adopted more broadly. That’s the way enterprise-grade technology has always matured. This will drive “regional” blockchains, so expect to see interesting divergence in interpretations of the blockchain principle next year.

Blockchain Goes Broader

Many people associate blockchain exclusively with Bitcoin, the cryptocurrency that enables trusted financial transactions between parties that don’t know each other. But currency is only one application of the technology, albeit a powerful one. Blockchain can be used in any context in which trusted relationships between peers can make transactions simpler and faster.

Expect to see some notable use cases in different industries, such as partners in supply chains using blockchain to manage goods and payments, or blockchain enabling communications between devices in an IoT network. This is where things get exciting. The recent open-sourcing of powerful blockchain technology, combined with tools like those available in the Bluemix garage, will unleash a wave of innovation in this area. For a fun list of potential blockchain applications, check out this post from the Ledra Capital blog.

Summing Up

It’s always fun to speculate about game-changing technology, but the real test is putting those concepts into practice. This past year has been full of fascinating discussion about blue-sky possibilities. In 2017, blockchain gets serious. That’s when the game-changing potential will be realized.

More from Banking & Finance

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

DORA and your quantum-safe cryptography migration

5 min read - Quantum computing is a new paradigm with the potential to tackle problems that classical computers cannot solve today. Unfortunately, this also introduces threats to the digital economy and particularly the financial sector.The Digital Operational Resilience Act (DORA) is a regulatory framework that introduces uniform requirements across the European Union (EU) to achieve a "high level of operational resilience" in the financial services sector. Entities covered by DORA — such as credit institutions, payment institutions, insurance undertakings, information and communication technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today