What Makes Blockchain A New Security Standard?

Blockchain is an area of cybersecurity that has a lot of potential. As efforts to standardize the technology continue to make headway, we could see blockchain become a new security standard for various industries. 

Blockchain, although relatively new, already has an interesting history. The concept initiated with Satoshi Nakamoto back in 2009, when Bitcoin emerged.

Despite the fact that Bitcoin has made much noise in the world and every crypto-related website offers it now, nothing is known about its creator himself/herself. Nakamoto has managed to keep his/her identity under wraps. The code for Bitcoin and its blockchain was created for the purpose of privacy, transparency, and immutability.

How Does Blockchain Work?
Typically, when you want to make a transaction with someone, you go through a third party, like a bank. This is ideal because you do not have to trust every single person you have a transaction with, you only have to trust the third party. So, if Frank buys a necklace from Janice but Janice never delivers the necklace and claims Frank never paid for it, Frank can turn to the bank. The bank keeps detailed records and can show proof that Frank did, in fact, pay for the necklace. It makes sense that such a model has stood the test of time.

Going through a third party, while convenient in some respects, comes with a price. Banks can be as corrupt as individuals. Plus, having to go through a third party is neither cost-efficient nor timely. Blockchain technology allows you to bypass the third party and perform transactions one-to-one while reducing the risk of doing business with people you have no reason to trust.

Blockchain is essentially a large ledger, which takes the form of a chain of digitized blocks that keeps track of all transactions, but unlike with banks, this ledger is transparent. Anyone can see it. Because the blockchain is immutable, people can’t alter the ledger, which helps prevent fraud. In a public blockchain, transactions are sealed with cryptography and become a page in a ledger that is geographically spread out. While the transactions are sealed, they are still visible because they are not scrambled. Instead of being scrambled, they are hashed to create a digest, which represents transactions in a given block.

What makes this model so secure is that you cannot make changes to the block or its transactions without having to recalculate the whole digest. This is effectively impossible because of how dispersed the network is. The process requires more computing power than any single person would have access to. Criminals can’t change one block without changing the blocks that came before and after it, or they would be detected immediately. The larger the network is, the more secure it is because such networks will be more dispersed and require more computing power. This also means tinier networks are more vulnerable to cyber attacks.

All Blockchains Are Different
Another thing to keep in mind is that there are multiple different blockchains and not all of them are of the same quality. For one, there are private blockchains, as well as public blockchains. This is the most important distinction a blockchain can have. Public blockchains utilize computers that contact to the publicly-accessible Internet. The Internet is used to substantiate transactions and put them onto the ledger. Private blockchains rely on members-only networks. Not just anyone with a computer can access them. They need to be invited to join the network. While public blockchains offer more anonymity, private blockchain is preferable when confidential information is involved because there is more control over who does and does not have access to the information.

A significant difference lies in the process used to verify transactions. Most public blockchains verify transactions using a process called network consensus. Bitcoin, for example, achieves this consensus via mining. Many private blockchains, however, rely on a selective endorsement process in which trusted members confirm transactions. This requires a very secure infrastructure because you have to be able to trust the insiders who are verifying the transactions. In this day and age, you can’t really be sure who you can trust. In a private blockchain, you need it to be the case that people cannot access sensitive information. This is the best way to maintain security. So even administrators cannot have access to sensitive information. The other priority is to keep encryption keys secure.

The Setback
Blockchain struggles from the same thing most new technological concepts do. It changes too much. There are hundreds of organizations that use blockchain technology, but they don’t all use it in the same way, and they don’t even talk about it using the same vocabulary. To make matters worse, most of these organizations don’t communicate with each other on any level. The lack of interactions makes it harder to establish security standards that can be widely adopted.

Right now, IBM is pushing for Hyperledger to be the standard. Hyperledger is a blockchain project hosted by the Linux Foundation. Linux already acts like a reference platform for operating systems. Thus, IBM thinks it makes sense for the Linux Foundation to act as the reference platform for blockchain technology. But other organizations are also pushing their own preferred standards. It might take time before the blockchain community can come together and decide on a security standard.

Many efforts to standardize concentrate on interfaces, but governance is another thing to consider, namely because of the growing popularity of smart contracts.

Smart contracts allow parties to create self-executing legal agreements with each other, which comes with a lot of security concerns. For one, bugs within the smart contract code have already cost various organizations millions of dollars. There is still a lot of work to be done when it comes to risk mitigation.

Microsoft has developed a group to test smart contract design practices. This is a start. But there is still more that needs to happen to make sure the code supporting blockchain technology has the right amount of security. Ultimately, blockchain needs good infrastructure to be secure, and it will require standardized interfaces and governance to make sure the infrastructure is strong enough across the board to ensure the security of blockchains.

Mary-Ann Callahan is a Bitcoin expert at CEX.IO a leading multi-functional cryptocurrency exchange.

You Might Also Read: 

Faster Blockchain For Financial Institutions:

 

« Cybersecurity 2019: Predictions You Can’t Ignore
Russia And Ukraine’s Crisis Could Escalate Beyond Cyberwar »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

BSA - The Software Alliance

BSA - The Software Alliance

BSA is the leading advocate for the global software industry before governments and in the international marketplace.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

Sift

Sift

The Sift Digital Trust Platform protects your business and customers from all vectors of fraud and abuse through our Live Machine Learning, global trust network and automation technologies.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Neptune Cyber

Neptune Cyber

Neptune is a cyber security company that works exclusively in the marine sector. Our team combines experts in shipbuilding, maintenance and operations and cyber security testing and design.

Mitiga

Mitiga

Mitiga uniquily combines the top cybersecurity minds in Incident Readiness and Response with a cloud-based platform for cloud and hybrid environments.

Gunnison Consulting Group

Gunnison Consulting Group

Gunnison Consulting Group serves the Federal Government with high quality IT consulting services.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

BitLyft

BitLyft

BitLyft is a managed detection and response provider that is dedicated to delivering unparalleled protection from cyber attacks for organizations of all sizes.

Centric Consulting

Centric Consulting

Centric Consulting is an international management consulting firm with unmatched expertise in business transformation, AI strategy, cyber risk management, technology implementation and adoption. 

Tenchi Security

Tenchi Security

Tenchi Security are specialized in Third-Party Cyber Risk Management (TPCRM) and aim to reduce information asymmetry when it comes to third and Nth-Party security and compliance risk management.

Edera

Edera

Edera is changing the way containers are run and secured, making isolation a reality and fundamentally transforming computing in the process.