The blockchain not only has a place in cryptocurrency exchanges but could also be used to improve security solutions, experts claim.
According to Travis Biehn, technical strategist at enterprise software and solutions firm Synopsys, the blockchain is “no silver bullet” for security, but the technology holds promise as a way not only to record financial transactions but also as a means to control network communication, as well as Internet of Things (IoT) devices and supply chains.
Originally designed to facilitate the exchange of virtual currency such as Bitcoin, the blockchain is an electronic ledger system which is decentralized by nature.
There is no central holding system that stores data relating to transactions, trades, sources, and activity, but rather information is distributed throughout the world by computers, also known as nodes, which carry the record of the chain with them.
“The decentralized systems that can be built with blockchain are exciting and applicable across cybersecurity topics — with promising areas like addressing hardware sourcing supply-chain problems, and software supply-chain problems,” Biehn told ZDNet. “The increased transparency afforded by blockchain technology definitely lends itself to solving a lot of tricky cybersecurity problems.”
It is not always software vulnerabilities which can lead to a security problem such as a data breach or a network compromise — the supply chain can also be at fault.
When human error comes into play or an insider manipulates information or systems in the supply chain, the blockchain could resolve issues by automatically sharing any suspicious activity down the line.
When everyone participating knows who is doing what, and when, lax security, errors, and insider threats can be tracked and hopefully dealt with before serious damage is caused.
“If you look at other ways of doing this, if a single database were shared for example, or a traditional leader-election protocol were used, any one of the members can change the data-store at any time,” the executive explained. “In applications like identity or supply-chain tracking, you obviously don’t want a consumer of the data to be able, or someone who has compromised a participant, to change all the information in that ledger.”
Smart Contracts can also come into play. These small pieces of code are stored on each node throughout the blockchain network and enforce what actions can be executed.
These actions must achieve the same result when executed by computers connected to the blockchain. As participants can be sure of events, who enacted them, and the logic connected to them, this inspires greater trust in the ‘contract’ and systems, as well as that an outcome is correct.
“For supply chain issues of both hardware and software components, and identity solutions, blockchain platforms look promising,” Biehn said.
The blockchain itself provides little in terms of threat detection or defense in the manner of traditional cybersecurity solutions, but it does offer an infrastructure of transparency, event tracking, cryptography and the chance to improve security sensor and data sharing — which some security solutions and implementations on enterprise networks lack.
It is important not to jump head-first into implementing technology still at a stage of infancy — we learned such with the constant security issues that the wholesale adoption of IoT devices without acceptable security has shown.
However, in an age when trust in systems is critical, we may yet see the blockchain integrated into systems which handle sensitive data and financial transactions, or control IoT and mobile devices. The technology may also provide a trustworthy infrastructure for vendors to better retain control of enterprise networks, who does what on them, and as a means to tackle weak spots in security protocols.