Blockchain and the Future of IT Security: A Quick Primer
Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Nelson Cicchitto of Avatier offers up a quick primer on blockchain, and how it will be used as a cybersecurity tool in the near future.
Anyone involved in IT has almost certainly been asked, over the last few years, about blockchain security. It’s a buzzworthy term, and you can understand why: cybersecurity attacks are rising at an unprecedented rate, and people want to make sure they’re doing everything possible to protect their valuable assets.
Blockchain security, as a concept, is still in its infancy. We have a way to go before corporations can rely solely on the blockchain to safeguard their information. That said, the fundamentals of the blockchain – cryptography, distributed networks, etc. – warrant a close look. It’s important to understand some basic principles of the blockchain and how these principles might be used to create what hopefully be tamper-proof and immutable records. But how secure is it?
What is the Blockchain?
Fundamentally, blockchain technology represents a new way to use cryptography to enable transactions. At its heart is the idea of decentralization; instead of a centralized administrator located in a single place, blockchain is a distributed ledger technology (DLT) in which data is structured into blocks. Inside each of these blocks is one or more transactions; each block connects to the block that came before it, rendering the whole system effectively tamper-proof (in theory).
While initially mostly a financial tool, the blockchain – for obvious reasons – has demonstrated the potential for a wide variety of uses, one of which includes security. Right now, people all over the world are working to see how blockchain might be used in public and private security endeavors.
Blockchain in Action: How the Process Works
There are two basic components to most blockchain technologists: encryption and mining.
Let’s start with encryption. Central to the process of blockchain encryption is something called hashing. With hashing, you have an input string (which can be any length) that gets run through a hashing algorithm. At the other end, you get an output with a fixed 256-bit length. Hashing is deterministic (i.e., it always provides the same result for a given input) and quick, two factors that help significantly when it comes to security. Your hash can be thought of roughly as a kind of advanced password. As long as that password is kept secure, the data it is protecting will (again, in theory) be ultra-safe.
Next, we have mining; this is the verification process. Decentralized computer networks located all over the world work to process new transaction blocks and to confirm that each one of them is valid. In a cryptocurrency context, these servers are rewarded with new coins—this is the incentive for participating in the verification process.
Why Blockchain Could Matter for Security: Immutability
One of the perennial concerns of IT professionals is that important data and records will be altered without authorization. But because of the integrity of the encryption and mining processes outlined above, these concerns would theoretically not apply with blockchain technology because it would be impossible to delete or tamper with a transaction once it’s confirmed in the blockchain system. Unfortunately, this will have to remain theoretical (at least for now): the technology has not yet developed to the point that you can use blockchain for critical company IT security systems.
That said, using blockchain as a jumping-off point, we might think more deeply about how to ensure the integrity of company records. Overhauling one’s identification process can pay massive dividends here. For instance, you can implement a rule that only certain users can change records while another, larger number are granted routine access.
Beyond that, you might think harder about how to train your staff in the fundamentals of records management and data integrity – holding training sessions, for instance, at which every member of your IT staff can learn the basics firsthand and ask questions if needed.
Thinking Past the Blockchain: IT Security Alternatives that Companies Can Actually Use Right Now
So we’ve established that, while highly intriguing from a security standpoint, blockchain security still has a long way to go before companies can start to rely on it. As for what companies can do right now to heighten security: there are a number of options.
For one thing, they can do a better job of reducing inactive user risk. In any company, there is turnover, and when you don’t pay attention to who has access to what, you put yourself in serious peril. Paying attention to the old user accounts you have floating around can significantly reduce the risk of a security incident.
Next, you can step up your compliance and make sure all possible security gaps are noted, monitored and promptly fixed. Many IT teams lack the personnel to conduct adequate compliance monitoring on their own and should think seriously about contracting a third-party service to help them in this process. Incidentally, contracting third-party services to assist with security can also free up your team to evaluate emerging security technologies, including but not limited to blockchain and AI.
So the blockchain, as a security tool, may not be quite there yet. But that doesn’t mean it will never be. Our advice? Pay close attention to developments in the field, and in the meantime, let it inspire you to get more serious about identification, verification, and overall security.
Leave a Reply