What blockchain means to cybersecurity
By Thomas Loxley for Winter Circle. This article was originally published on 16 November 2017
The implications of blockchain technology are being felt across many industries. In fact, the disruptive effect it is having on financial services is changing the fundamental ways we bank and trade. Its presence is also impacting the defense, business services, logistics and retail industries, among others.
One area where tangible progress is being made and where blockchain technology can add real value is in the domain of cybersecurity, and in particular, data security.
Personal information and data are valuable and therefore worth stealing and worth protecting. In the late 90’s, data collection began to ramp up with the popularity of the internet and now the hoarding of our personal and professional data has reached fever pitch. We live in the age of information, and information is power. It directly translates to value in the digital world.
However, some organisations in both the public sector and private sector have dealt with information in such a way they don’t even know what they hold, how much they have or where it is stored.
Information is added to spreadsheets then downloaded, shared with multiple parties, saved, copied, pasted, formatted into different documents, uploaded into cloud storage systems then duplicated in CRM (customer relationship management) systems.
The lack of security around data is often unintentional but occurs simply through a lack of awareness and a gap in procedures around data governance. Without efficient processes and visibility over the volume of data an organisation may hold, it’s almost impossible for the business leaders to be able to keep this data secure.
The Cost of Risk
For some organisations, it’s easier and cheaper to invest in more space in the cloud than it is to maintain a robust, secure network infrastructure.
Big budgets aren’t the key to securing data either
Equifax is still hurting from an immense cyber security breach earlier this year, during which the personal data of over 140 million Equifax consumers was stolen. The sheer scale of numbers here makes this hard to comprehend but when coupled with the attacks and threats on other big organisations and individuals, it makes it clear that cybersecurity is a growing area of concern for companies and private users alike.
The Beauty of Blockchain
A blockchain is a shared database populated with entries that must be confirmed and encrypted. Imagine a spreadsheet that is duplicated thousands of times across a network of computers. Then imagine that this network is designed to regularly update this spreadsheet – that’s the basic idea of a blockchain.
In addition to being extremely secure, blockchains provide immense benefits. Blockchains store their data on an immutable record. That means that once the data is stored, it’s there permanently. Each block (or piece of information) is cryptographically chained to the next block in a chronological order. Multiple copies of the blockchain are distributed across a number of computers (or nodes). If an attempted change is made anywhere on the blockchain, all of the nodes become aware of it.
Breaking the Chain
For a new block of data to be added, there must be a consensus amongst the other nodes (on a private blockchain, the number of nodes is up to you). This means that once information is stored on the blockchain, in order to change or steal it you would have to reverse-engineer the near unbreakable cryptography (perhaps hundreds of times depending on how many other blocks of information were stored after it). Then you would have to do that on every other computer that holds a copy of the blockchain.
That means that when you store information on a blockchain, it is all monitored and recorded in a transparent way. Another benefit to using blockchains for cybersecurity is that because private blockchains are permissioned, therefore accountability and responsibly are enforced by definition.
One company that has taken the initiative in this space is Gospel Technology. Gospel have taken the security of data a step further than simply storing information on a blockchain by adding another clever layer of security that further enables the safe transfer of information to those who do not have access to the blockchain. This makes it perfect for dealing with third parties or those within organisations who don’t hold permission to access the blockchain but need certain files.
It seems that in the current environment, this kind of solution is a growing requirement for organisations across many industries, especially with the new regulatory implications of GDPR coming to the fore alongside financial penalties for not non-compliance.