Blockchain for enhancing enterprise Cybersecurity

While Blockchain technology has perfect promise for modern enterprises, there is still a long way before it practically delivers

Blockchain for enhancing enterprise Cybersecurity - CIO&Leader

The rise of cryptocurrency has shown the usefulness of blockchain-based frameworks, promising a high degree of security and establishing trust among unknown parties. The FinTech industry has already shown that brilliant ideas like decentralized currency, ICOs, staking, flash loans, NFTs, and crypto investments are possible. This trend is also catching up in the supply chain, healthcare, and technology industry. It is now clear to the entire industry that blockchain has the potential to enhance Enterprise Cybersecurity.
The best way to unlock that blockchain potential would be to see enterprises' unsolved challenges, especially those around cybersecurity, where blockchain could have the biggest impact.
 
Enterprise Cybersecurity Challenges

  • Trust & Source of Truth: Enterprises have always moved towards maximum complexity of partnerships. Most known forms of trust (with access to information) have been significantly old and are plagued with known problems, mostly due to some form of centralization or one-sidedness of the trust system.  In a world with most information residing on the internet or some other network, it is unavoidable to have multiple and even conflicting sources for the same information subject. All parties involved have their version of the truth without having any reliable system to validate the original and authenticity from the frauds and duplicates.
  • Tampering: Most popular communication protocols on the network (HTTP, TCP) or storage are still prone to tampering. Attacks like man in the middle, brute force decryption, and stealing or guessing keys often work, creating a big problem for destination parties in identifying the authenticity of the information.
  • Data privacy & identity ownership: Our traditional data management tools (databases, disks) are tuned up for transactions, not privacy and ownership. There are issues of fragmented identities restricting us from knowing the real footprint of an entity. At the same time, the digital dust generated by an entity cannot fully benefit them as there is no trustable ownership or a system that could define that.
  • Data Leaks, Hacking & ransomware attacks: A quite common occurrence is stealing or unauthorized access of data and even ransomware attacks. It is only possible when the data is not secured with enough strength, or there are loose/open hidden doors and windows to the information. And when access to information that is not coupled to ownership, leaks can happen.
  • Key/Password/Secret management: Often, people end up storing their keys, secrets, and passwords in basic and vulnerable places like browsers, configuration or text/code files, emails, or unknown third-party apps.
  • Transaction validation/ Secure Comm/3rd Party integrations: While there are standard/custom mechanisms like API endpoint with known parameters, it is often forgotten to include provision for validation/consent from all the possible owners of the information (such as an employee identity or a vendor who has supplied equipment or services, etc.). The validation is often single-sided and opaque to all required parties, thus not allowing a good trust setup.

 
Blockchain Advantages and Fitment
There are two main types of blockchain,
 
Public Blockchains
The typical blockchains used by cryptocurrencies are identified by three characteristics – immutable, decentralized, and distributed ledger. It allows all participants to see and validate the information and request a transaction acceptance. Accepting a transaction is based on a consensus system, such as proof of work or proof of stakes. The information storage has top-class encryption and chained blocks for dependency and audit tracking. Mostly suitable for finance-based products or systems like bitcoin, DeFi staking, flash loans, crypto exchanges, and such.
 
Private Permissioned Blockchains
Private blockchains use similar principles but are not bound to enforce the same rules as public ones. These are mostly suitable for corporations and enterprises for a private purpose; below aspects become prominent to them,

  • Cryptography-The information being moved and stored in these systems is encrypted with high-class crypto algorithms (RSA, DSA), even considering future quantum algorithms.
  • Distributed ledger-The transaction blocks are stored on all participating nodes for safety, redundancy, and avoiding tampering.
  • Default Immutable-By default, the system does not allow any change in the stored information, the same as the public blockchain.
  • Mutable by Consent (consensus)-To undo the mistakes or malicious modifications (like stealing of bitcoin or ethers by hackers and then not being able to revert that), the private permissioned blockchains can allow changes based on the consent of the involved parties; the consensus can be achieved using any of the available mechanism like PoW, PoS, RaFT, etc.

It is clear from the features of private blockchains that they could solve the Cybersecurity challenges listed in the previous section,

  • Trust & Source of truth is established by an immutable, decentralized, distributed ledger system. When all nodes have a copy, there is no need to trust a single system.
  • Tampering, hacking, and ransomware attacks are prevented using an immutable, encrypted, distributed ledger. For successful tampering, at least 51% of nodes must be controlled.
  • Data leakage, ownership, and secrets management issues are solved using the blockchain network's immutable, cryptographically secured data storage.
  • 3rd party integration security and transaction validity will be covered by means of using to avoid a decentralized ledger and consensus-based validation/approvals.
  • Additionally – rare modifications to correct mistakes can be done with consensus-based mutability features of private blockchains.

 
Blockchain Has Issues too!
While Blockchain technology has perfect promise for modern enterprises, there is still a long way before it practically delivers. Here is a list of issues not yet fully resolved,

  • Scalability & Performance- Most blockchain networks rely on decentralized storage; thus, the main nodes on the network need to store blocks and execute the smart contracts. It puts a limit on the number of transactions per unit of time.
  • Security- With the increased use of cryptocurrency, hackers have their attention on it.
  • 51% - Simply when 51% of the nodes of the consensus group decide to steal.
  • Sybil – An impersonation-based attack where a small number of entities control multiple identities that participate in the consensus/decision process
  • Phishing – Phishing is a quite common attack, where data or money can be stolen by luring people using deceptive mechanisms of fraud sites, apps, emails, etc.
  • Routing- A blockchain network can be divided and manipulated by manipulating routing infrastructure at the network provider level.
  • API Endpoint vulnerability – The endpoints used by end-users, wallets, exchanges, and other applications built on a blockchain network are prone to attacks like DDoS and could leak more than required information to hackers.

 
Web 3.0 and the Future of the Industry
When blockchain principles (decentralization, immutability, zero trust, distributed ledger) become the core basis of internet protocols, we will have the web 3.0 dream fulfilled. Even though it is still far from reality, the promises are worth the wait and effort. When the public internet systems move to web 3.0, the enterprise and internal systems will have to follow suit simply for better integrations and maintainability. This disruption could be smooth for ready and willing enterprises compared to completely unaware businesses.
 
The author is COO, Cybage


Add new comment