Is blockchain the next big thing for cybersecurity?
- Posted on September 3, 2019
- Estimated reading time 3 minutes
This article was originally written by Avanade alum Chris Miller.
From airlines to healthcare, blockchain is poised to disrupt business models, operations and customer experiences across numerous industries.
Originally created to power the cryptocurrency Bitcoin, blockchain is a decentralized ledger that records all the transactions that are ever conducted within a peer-to-peer network. Because it is practically immutable (very hard to change) and extremely transparent, many industries are exploring its potential to protect information, track supply chains and execute “smart contracts.”
And, if early adopters are any indicator, it just might be the next big thing in cybersecurity, too.
Just look at the U.S. Department of Defense – which would be the world’s largest corporation if it wasn’t a governmental agency. It is testing out blockchain to protect the digital identity of its agents. Meanwhile, South Korea’s biggest bank is exploring blockchain for private key management. The list goes on.
Early use cases for blockchain in cybersecurity
So, how exactly will blockchain benefit the information security field? Below we’ve listed a few early use cases that are gaining momentum.
- Enhancing identity protection: Identity is at the center of all modern security initiatives. As the two examples above show, blockchain’s ability to improve authentication, such as with private key management and identity registration, is promising. Traditional Identity and Access Management (IAM) solutions rely on some form of centralization to store and protect the secrets needed to authenticate identity, whether it be passwords, biometric data, or secret questions. This is a vulnerability and a natural target for hackers. Blockchain makes it far more complex to breach.
- Maintaining uptime and connectivity: Another early security use case for blockchain is with Domain Name Systems (DNS) and preventing distributed denial of service attacks (DDoS). The key weakness of legacy DNS and DDoS are, again, their centralized nature. If hackers gain access to the DNS, they can go on to crash one site after another unhindered. Decentralizing DNS, via blockchain, would make this exponentially more difficult and challenging.
- Making highly secure private messaging even more secure: From emails to Instant Messaging (IM) conversations, most of our business communications are already protected by end-to-end encryption. But even those solutions aren’t 100 percent secure. Some have speculated blockchain might be able to go a step further than traditional tools, protecting information exchanges and facilitating unified communications in the secure modern workplace.
- Solving the biggest blind spot of the Internet of Things (IoT): IoT is rapidly posing a growing threat to the stability and security of enterprises as we bring more computing to the edge. Outdated printers, routers, webcams and other gadgets on your network are a ticking time bomb – and were the cause of the Mirai Botnet, the largest ever DDoS attack. Blockchain solves a messy problem by giving our IoT devices a transparent, trusted and difficult to manipulate source of authentication.
The challenges of blockchain security
Still, there are a number of questions that need to be sorted out before blockchain becomes a real candidate for mainstream cybersecurity. Two big ones stand out to me:
- Not ideal for real-time governance: We’ve seen how blockchain might enhance identity protection. But there are several good reasons to think blockchain might not be a good fit when it comes to the other half of the IAM equation, namely: access management. Distributed ledgers are good at storing and archiving information in an immutable manner; but they are not so good at managing real-time access authorization and contextual enforcement. We need humans and less immutable tools, such as artificial intelligence, to accomplish that.
- Unknown privacy and compliance impact: Blockchain security also raises a host of new regulatory issues. With the rise of new privacy laws, such as Europe’s General Data Protection Regulation (GDPR), where you store a user’s personal data, and how it’s handled, is paramount. Storing private information on a decentralized, borderless blockchain network, while secure, might actually be uncompliant – and expose your business to legal risks and financial penalties.
The bottom line: Blockchain is a promising enterprise security innovation
As with every new technology promising radical change, we can never know for sure how it will be adopted into the future.
Our research suggests up to 90 percent of executives plan on integrating blockchain, and other emerging technologies, into their operations – with more than half doing so within the next three years. As a security professional, I am genuinely excited about these innovative use cases, and hopeful we will one day use distributed ledgers to better protect identity, data and the business.
While we’re waiting for blockchain to go mainstream, download our CISO Guide and discover five things you can do today to elevate your security game.