Blockchain and the Future of IT Security: A Quick Primer
Solutions Review’s Expert Insights Series is a collection of articles written by industry experts in enterprise software categories. Nelson Cicchitto of Avatier offers a quick primer on blockchain and how it will be used as a cybersecurity tool in the near future.
Anyone involved in IT has almost certainly been asked about blockchain security in recent years. It’s a buzzworthy term, and you can understand why: cybersecurity attacks are increasing at an unprecedented rate, and people want to make sure they’re doing everything they can to protect their valuable assets.
Blockchain security, as a concept, is still in its infancy. We have a ways to go before companies can rely solely on the blockchain to protect their information. That said, the basics of blockchain – cryptography, distributed networks, etc. – require a closer look. It is important to understand some basic principles of the blockchain and how these principles can be used to create hopefully tamper-proof and immutable records. But how safe is it?
What is Blockchain?
At its core, blockchain technology represents a new way of using cryptography to enable transactions. At its core is the idea of decentralization; instead of a centralized administrator located in a single location, blockchain is a distributed ledger technology (DLT) where data is structured in blocks. Inside each of these blocks are one or more transactions; each block connects to the block that came before it, making the entire system effectively tamper-proof (in theory).
While initially primarily a financial tool, the blockchain has – for obvious reasons – demonstrated the potential for a wide range of uses, one of which includes security. Right now, people all over the world are working to see how blockchain can be used in public and private security efforts.
Blockchain in Action: How the Process Works
There are two basic components to most blockchain technologists: encryption and mining.
Let’s start with encryption. Central to the process of blockchain encryption is something called hashing. With hashing, you have an input string (which can be any length) that is run through a hashing algorithm. At the other end, you get an output with a fixed 256-bit length. Hashing is deterministic (ie it always produces the same result for a given input) and fast, two factors that help significantly when it comes to security. Your hash can roughly be considered a kind of advanced password. As long as the password is kept secure, the data it protects will (again, in theory) be ultra-secure.
Next we have mining; this is the verification process. Decentralized computer networks located all over the world work to process new transaction blocks and verify that each one is valid. In a cryptocurrency context, these servers are rewarded with new coins – this is the incentive to participate in the verification process.
Why blockchain can matter for security: immutability
One of the long-standing concerns of IT professionals is that important data and records will be changed without authorization. However, due to the integrity of the encryption and mining processes outlined above, these concerns would theoretically not apply with blockchain technology because it would be impossible to delete or tamper with a transaction once it is confirmed in the blockchain system. Unfortunately, this must remain theoretical (at least for now): the technology has not yet advanced to the point where you can use blockchain for critical enterprise IT security systems.
That said, using blockchain as a starting point, we can think more deeply about how to ensure the integrity of the company’s records. Overhauling one’s identification process can pay huge dividends here. For example, you can implement a rule that only certain users can change records while another, larger number get routine access.
Beyond that, think harder about how to train your staff in the basics of records management and data integrity—for example, hold training sessions where every member of your IT staff can learn the basics firsthand and ask questions as needed.
Thinking Past the Blockchain: IT Security Options Companies Can Actually Use Right Now
So we’ve established that, while very exciting from a security standpoint, blockchain security still has a long way to go before companies can start relying on it. As for what companies can do right now to increase security: there are a number of options.
First, they can do a better job of reducing the risk of inactive users. In any business, there is turnover, and when you don’t take into account who has access to what, you put yourself at serious risk. Taking into account the old user accounts you have floating around can significantly reduce the risk of a security incident.
Then you can increase compliance and ensure that all possible security holes are noted, monitored and quickly fixed. Many IT teams lack the personnel to perform adequate compliance monitoring on their own and should seriously consider contracting with a third-party service to assist them in this process. By the way, engaging third-party services to help with security can also free up your team to evaluate new security technologies, including but not limited to blockchain and AI.
So blockchain, as a security tool, may not be quite there yet. But that doesn’t mean it never will be. Our advice? Keep a close eye on developments in the field, and in the meantime let it inspire you to get more serious about identification, verification and general security.
Nelson Cicchitto serves as Chairman, CEO and President of Avatier Corporation. Mr. Cicchitto oversees its overall corporate and product strategies. A career leader in information technology, he joined Avatier in 1995. With over 20 years of experience defining and implementing information technology visions for Fortune 100 companies, he commercialized the world’s first delegated administration solution for the Microsoft Windows NT platform. Prior to joining Avatier, he served as an independent consultant for Pacific Bell, where he was responsible for rolling out the Standard Desktop initiative to 20,000 employees. Prior to that, he worked at Chevron Information Technology Company, where he designed Chevron’s first common operating environment and X.500 directory. He has been a member of the Strategic Advisory Board of HDI Inc. since 11 April 2013.
