In the corporate quest to secure transaction systems and data from cyber attacks, many enterprises have turned toward distributed ledger technology (DLT). Blockchain is one form of a distributed ledger. However, there are others, such as directed acyclic graph (DAG), hashgraph, holochain, tempo and others. Blockchain in particular, however, has graduated from red-to-white-hot over the last decade, mushrooming in popularity due to the fact it’s the technology behind cryptocurrencies like Bitcoin.
The ever-intensifying deluge of interest in these technologies makes sense. To qualify as a distributed ledger, a database must be synchronized and decentralized across more than one site or location. Hackers have a harder time penetrating this consensual sharing environment, with many witnesses, so to speak, present for transactions. Thus, no centralized watchdog is needed to guard against foul play. Plus, every time someone makes a revision to the database (ledger), each participant is copied, keeping the whole group on the same page.
Because of these various benefits, many industries have jumped onto the blockchain bandwagon, from finance to real estate, entertainment and more. CFO notes that corporate treasury departments did an about-face on blockchain and distributed ledger technology between 2017 and 2018, with the percentage of finance execs who were planning to use these technologies rising from 1% to 77% of respondents in under a year.
The transformation is evolving quickly, as a growing number of leading companies get bullish about blockchain, with giants like JPMorgan Chase, IBM and Microsoft putting large investments into blockchain platforms. Consequently, blockchain is now evangelized across diverse industries as “the most disruptive technology since the internet” and is widely considered to be on the brink of changing how we do everything, from buying houses to paying taxes.
What’s In It For Me?
You may still wonder whether blockchain can really make a difference in the way you work — and if it can help you in your daily dealings. The fact is, even if you aren’t a CTO in a Fortune 500 company that’s investing in blockchain, chances are good that your daily life is increasingly affected by this technology.
The combination of blockchain’s ability to make data immutable, accessible and decentralized — while negating the need for third-party approval — differentiates this technology from others. Smart contracts, digital voting, universal records repository creation for health care data and digital identity are just a few of the ways that blockchain and distributed ledger technology are already penetrating everyone’s daily reality.
It’s, therefore, no surprise to learn that Computerworld pegged blockchain development as the “hottest job skill” – experiencing over 6,000% growth in 2018. It’s not an easy skill set to acquire, and Amazon seized on the opportunity by launching a new service to help clients build blockchain networks while sparing them the costs and headaches of designing their own platforms.
Here’s the funny thing, though. The value of blockchain is predicated on data protection — yet the technology has some clear vulnerabilities. As Mike Orcutt writes in MIT Technology Review, “[T]he security of even the best-designed blockchain systems can fail in places where the fancy math and software rules come into contact with humans, who are skilled cheaters, in the real world, where things can get messy.”
Orcutt also references the expertise of Neha Narula, director of MIT’s Digital Currency Initiative, who noted that “even when developers use tried-and-true cryptographic tools, it is easy to accidentally put them together in ways that are not secure.”
Other “creative ways to cheat” include:
• Subverting a blockchain by tricking other nodes on the chain into time-wasting diversions on cryptographic puzzles that were solved previously.
• Creating an “eclipse attack,” whereby an attacker hijacks the controls of a node to disrupt data comparison among blockchain participants.
• Third-party penetration, whereby hacks occur through software clients or other vendors, such as breaking into “hot wallets.”
Network Security For Distributed Ledgers
Fortunately, you aren’t at the mercy of these security weaknesses — if you proactively employ a solution that works to protect data on a distributed ledger. There are two potential solutions to address the types of security problems noted above: a virtual private network (VPN) or a software-defined perimeter (SDP).
Historically, VPNs have been the go-to for secure network access, remote access, control capabilities and cost benefits. They have been in existence for some time, and many IT professionals have grown comfortable with them. But today, some IT professionals are finding that VPNs have become complicated to manage and are no longer able to meet all of the security requirements of modern applications. Also, the high-security risks that VPNs can generate have been behind many of the most egregious data breaches in recent headlines (i.e., the recent Citrix data breach attributed to the Iranian hacker group IRIDIUM). Without support for application-specific micro-tunnels and no segmentation at the application level, networks are left exposed and unprotected. Regardless, VPNs are still favored among professionals because they can provide an essential layer of data security, as well as help deter perpetrators from accessing your internet traffic in transit.
Another approach that is garnering increasing favor as it addresses the security realities inherent in today’s hybrid and multi-cloud deployments is SDP. This networking software grants connectivity to distributed clients and apps across multiple clouds and sites, as well as domains. This not only decreases lateral attacks, but it promotes a “secure by default “ environment for blockchain. As this is still a relatively young innovation, an initial stumbling block involved with this solution may be overcoming the VPN preferential bias that many technology leaders still hold, as well as its potential requirement to conduct a more in-depth proof of concept. However, once achieved, by moving beyond access only at the network level to grant users application-level access, organizations can reduce data vulnerability for distributed ledgers.
It’s important to evaluate where using a VPN can serve the greatest value in your enterprise. At the same time, consider where an SDP enhancement layer can ensure further security. The bottom line here is that both tools provide useful ways to fortify your business — especially over blockchain and other distributed ledgers.