Blockchain and cyber security: seeing past the hype – Information Age

Terry Greer-King, vice-president EMEA at SonicWall, discusses looking past the hype when it comes to blockchain and cyber security

A boundless model can lead the way towards blockchain-powered cyber security.

Within the cyber security industry, there is perhaps no technology that polarises opinion quite as strongly as blockchain. For some, its decentralised model is the future, protecting every node across a network. For others, the hype is outweighed by a limited functionality and, up until now, a limited uptake. But, when we look at the distributed IT model that businesses are now forced to operate in, it becomes clear that blockchain has an important role to play moving forwards.

With businesses scattered into remote workforces during the Covid-19 pandemic, vendor collaboration in the cyber security industry is essential. Read here

Traditionally, enterprises have been shielded by a security perimeter around the corporate network, which kept out malicious actors. But this model has drastically changed, and has instead been replaced by a boundless model: enterprises now need to operate in a always on IT landscape, where everyone is remote, mobile, and therefore less secure. The previous perimeter-based system is essentially no more, changing into a multitude of endpoints spread across geographies. Meanwhile, malicious actors have continued to diversify their attacks, becoming increasingly invasive and targeted.

Blockchain is far from perfect, and it is certainly not as embedded in enterprise security portfolios as other technologies but, looking forward, there is a strong chance that it will take centre stage, as security continues to emphasise PKI cryptography over flawed human-centric decision-making.

With the blockchain, every transaction is instantly identifiable and time-stamped. From a cyber security angle, this provides organisations with additional reassurance that the data is authentic and has not been tampered with, ensuring its integrity throughout the transaction, and the confidentiality of the blockchain makes sure that data is off limits for external parties.

A central theme of blockchain-based cyber security, particularly around the traceability issue, is: how does it fit in with todays complex regulatory landscape? The GDPR principle around the right to be forgotten is a particular challenge, because the blockchains immutability means that data is not deleted or altered. A solution to this would be to encrypt data stored in the blockchain before it is subsequently hashed into the system. This ensures that, if the encryption keys are destroyed, the data is rendered unprocessable and void.

Blockchain is by no means a perfected technology, and there is still obvious room for improvement. Crucially, changes must be made to design a blockchain that not only effectively secures data but also upholds regulatory compliance.

Blockchain technology, in its core design, is structured so that data is not stored within a central entity. Data is never stored in a single physical location, which could be vulnerable to malware intrusions. Because every single node across a single blockchain is democratically controlled, a single compromised node would render the entire system unexecutable.

Jrgen Resch, energy industry manager at COPA-DATA, discusses how blockchain optimises profits within the energy sector. Read here

For example, if your motorbike has a punctured tyre, you would stop, and ensure that it is fixed. If your vehicle does not alert you, and you carry on as normal, you remain at risk. The same goes for business security. If you do not know that your system is compromised, how do you know where to start making it right? How do you know that you need to improve security? Looking back to Marriotts first data breach, for instance: the system was first infiltrated during 2014, only for the breach to be revealed to the public four years later. In that time, up to 500 million customer records were leaked. If the perimeter had been protected by a decentralised system of nodes connected in a blockchain, this would not have happened, as the second a hacker attempted to tamper with the data, the system would have analysed each and every block, identifying the outliers and excluding them from the chain.

When external interfaces of the blockchain, especially for the inserting or reading of data, are secured, data is protected across the whole transactional route. Looking forward, companies like Marriott would be able to implement secure systems and avoid the 99 million fine handed out in 2019 by the Information Commissioners Office.

Blockchain as a technology is still in a period of development, and we are only just breaking the surface of what can be achieved with it. In a sense, it is designed for the very era that we are now entering: the era of boundless computing, where distributed IT has become the norm. A multitude of devices can be secured by blockchain PKI, distributed enterprise networks can be secured at the edge, organisations can tackle the challenge of remote working, and decentralisation ensures tampered systems are discovered and intruders stopped.