Independence Now and Forever: How to Grow Blockchain Securely

This post was originally published on this site

Blockchain Security

Any technological innovation these days – whether it’s IoT, artificial intelligence or another trend that impacts users’ lives on a broad scale – comes with its own inherent security risks and considerations. Take, for example, blockchain, the digital ledger that provides a record of transactions, most notably those made in bitcoin or another cryptocurrency.

Once thought of as a fringe currency used by hackers and coders, cryptocurrencies like bitcoin have steadily gained prominence to the point where they are considered legitimate financial resources. Blockchain as a technology has also grown beyond cryptocurrency usage into transaction verification and identity management use cases. But with this new prominence comes a responsibility to consider the security implications as blockchain continues to grow.

One of the crucial benefits of blockchain is its distributed capabilities, which mean there isn’t one centralized target to hack. This aspect led many to once consider blockchain virtually “unhackable;” however, several incidents over the past few years have proven that that is far from the case. Numerous incidents, most famously the Mt. Gox catastrophe in 2014, have led to the loss of millions of dollars as a result of hackers stealing bitcoin in a variety of ways.

As blockchain continues to become more mainstream, significantly more attention must be paid to its security requirements and implications. Below are a few areas that need to be considered to ensure blockchain continues to grow in a secure way.

As in all security issues, you are only as safe as your weakest link

The inherent structure of blockchain means there are many locations where data is stored, each of which are permanently marked with that data’s presence. When, say, a bitcoin is transferred from one location to another, it follows a chain that leaves a public ledger of where it has been and where it is going; this ledger cannot be altered without leaving another mark on the ledger, which makes it exceedingly difficult for the bitcoin to be stolen.

If the bitcoin could live solely on this chain, it’s quite likely that it would be just as secure as many initially thought, but there are many other necessary components to financial transactions that could introduce added vulnerabilities. For instance, the mere act of storing bitcoin in a “hot wallet” – one that is connected to the internet – introduces added risk of hacking. It’s recommended for users to keep their bitcoin in a “cold wallet” to remove this risk – but that doesn’t allow them to buy, sell or even know how much their bitcoins are worth. Despite the inherent security of the blockchain itself, if the blockchain structure is not completely retained – such as with the usage of a hot wallet in order to make bitcoin more transaction-friendly — the attack surface increases accordingly.

Hardware vulnerability and dependency despite software strength

Truly secure systems require hardware and software working together to combat complex threats and prevent future attacks. But no matter how secure the software is, security starts with the architecture – and blockchain is no exception.

Blockchain works by first achieving consensus on its ledger, then vetting a list of transactions and finally communicating with nodes to write and approve new transactions. But what happens when nodes become unresponsive or go offline? The network must be designed to accommodate offline nodes and be able to quickly bring them up to speed once they go back online.  The nodes are by definition a peer-to-peer network and need to be accessible through the network. The redundancy and resiliency of nodes being physically available and uncompromised is an important design element for businesses implementing a private blockchain project.

Utilizing a public or consortium blockchain may be the cost of doing business, but it essentially assumes the nodes and network will fail. This approach utilizes a large enough network as its resiliency mechanism, which leads us to the crux of blockchain: trust and transparency. The issues with a public or consortium blockchain similar to bitcoin are essentially the size of the blocks and ledger, as well as the eventual consumption of resources on the nodes. The bigger the ledger, the more resources will be consumed.

Trust and transparency

The most appealing thing about blockchain is actually the trust and transparency within its design. The idea is quite provocative if you think about it; in order to be secure, blockchain must distribute all of its information and provide only the owner or originator the ability to change and/or reassemble it. The freedom of data to be stored anywhere in “plain sight” seems dangerous, yet the hoarding of data for storing, processing, accessing and protecting seems to be an impossible long-term strategy.

Imagine the possibilities for all businesses if they could operate in the freedom of a blockchain world. A world where data could be distributed everywhere and be recalled in real-time whenever needed while also being completely protected. This is the way we need to think about security and the ability to trust and leverage a socialistic networked digital entity.

In summary, despite its somewhat up and down history, blockchain is only increasing in popularity and prominence among both the technology and financial industries. As it continues to gain prominence, the security implications of adopting blockchain on a widespread scale need to be top of mind for businesses to ensure that users, transactions and data are all continually protected. With this approach, blockchain can help evolve businesses into the digital economy of today and the future.

view counter

Jennifer Blatnik is VP of cloud, security and enterprise marketing at Juniper Networks with focus on enterprise deployments of security, routing, switching and SDN products, as well as cloud solutions. She has more than 20 years of experience helping enterprises solve network security challenges. Before joining Juniper, she served multiple roles at Cisco, including directing product management for security technologies aimed at small to medium enterprises, as well as supporting managed services, cloud service architectures and go-to-market strategies. She holds a B.A. in Computer Science from University of California, Berkeley.

Previous Columns by Jennifer Blatnik:

Tags: