The bubble for cryptocurrency may have burst in 2018, but the potential for the blockchain technology behind is just getting started, especially within the enterprise. The same benefits blockchain technology provides crypto—reliability, efficiency, transparency—can all be realized by the enterprise in order to increase efficiencies, reduce costs, create new markets, and ultimately impact the bottom line.

It is with these benefits in mind that Kudelski Security launched our Blockchain Security Center in early 2019. The BSC is wholly committed to helping the enterprise deploy, validate, and secure blockchain ecosystems. Through our work over the past year and a half, our team has come across common scenarios, use cases, and ultimately, solutions to help enterprise adopters confidently design, develop, and run secure blockchain technology.

These solutions address pain points that are specific to the enterprise implementation of blockchain. Where previously, blockchain primarily supported one-to-one transactions, the stakes are much higher and the scale much bigger at the enterprise level.

We’ve seen three main factors emerge that enterprises need to bear in mind when exploring secure blockchain implementation: code validation, global scalability, and proof of provenance..

We’ll explore each of these a little deeper later in this post, but first, it is important to understand some foundational concepts about blockchain.

What is blockchain technology?

A blockchain is a mathematically protected database that uses hashes, signatures, and algorithms to create a fixed record of transactions, known as a ledger. As transactions occur, a hash is generated that links it to the transaction before, creating a chain. If information within the chain is altered, the mathematical algorithm breaks in a way that indicates data has been tampered with.

Is blockchain technology inherently secure?

While blockchain comes with some built-in protections, it does not inherently mean the processes and technology around it are secure. Therefore, security of the entire blockchain ecosystem must be considered. Not only that, but the applications making decisions based on information stored in the blockchain can also only be as good as its underlying algorithms. If those aren’t secure, or if they don’t do what they say they will do, blockchain cannot be viable in the enterprise. That foundation is essential, and it is the foundation that we’ve built the BSC on.

Three Considerations for Enterprise Blockchain Adoption

In our work in the BSC, many of the enterprise client requests we have encountered involve at least one of the following activities: validating the blockchain, scaling the blockchain, and proving provenance in the blockchain. For good reason, too. Each of these activities is essential to ensuring processes and technologies deliver the uninterrupted, enterprise-level service customers and the business rely on.

1.   Validating the Blockchain

Blockchain is only as good as the math it runs on, right? For blockchain technology vendors and customers, validating that the blockchain does what it is supposed to do is critical to establishing and maintaining trust. The abstract, distributed nature of the blockchain makes it difficult to assess without deep expertise in cryptography.

I am lucky to work with some of those experts. They are able to audit nearly any type of blockchain code or cryptography in order to perform assessments of existing blockchain architectures or to test new technologies. For example, a vendor could claim that their blockchain consensus is based on proof of elapsed time, but they have no way to prove that to clients. A code audit can verify those claims and create that trust.

2.   Scaling the Blockchain

Blockchain is an immature technology that wasn’t necessarily built with the enterprise in mind. For one-to-one cryptocurrency transactions, a personal wallet or ledger sufficed. However, as blockchain expands into digital asset custody for financial institutions or transportation monitoring for the supply chain, the number of transactions, users, locations, devices, etc. involved in the process multiplies. These processes can be critical for quality and integrity of service, and so the blockchain ecosystem must be designed to support and integrate with the global architectures, access management, and IoT platforms they run on.

3.   Proving Provenance in the Blockchain

Provenance in the blockchain means tracing the origin or authenticity of an asset as custody is transferred through digital means or physical supply chain. It is a record of what an asset is and where it has been. As enterprises rely more on blockchain technology to automate processes and decision-making, proof of provenance ensures operational efficiency and reliability.

Take, for example, our supply chain scenario. Blockchain could facilitate an automated decision for whether or not to pay a delivery truck driver. Each transfer of the asset is recorded in the blockchain. If the asset is what it is supposed to be and comes where it is supposed to come from, then there is no reason not to pay the driver. If, however, the asset has been tampered with, the blockchain would break, and payment would not be issued.

If your organization has deployed or is thinking of deploying blockchain technology, our team would be happy to talk through the above solutions or any other requests you might have. Not only do we bring blockchain and cryptographic experience to the table, we have the expertise and services of the entire Kudelski Security team to help you securely integrate blockchain into your enterprise architecture.

 

 

Scott J. Carlson

Scott J. Carlson

Head of Blockchain Security at Kudelski Security
Scott Carlson currently serves as Kudelski Security's Head of Blockchain Security. He has spent nearly 20 years leading security, operations, and engineering efforts at Charles Schwab, PayPal, Beyond Trust, University of Phoenix, and most recently as CISO with blockchain/supply-chain company Sweetbridge. He believes operations and architecture can meet with a common sense approach to security and that blockchain projects can be delivered effectively with uncompromising security built in from the outset.
Scott J. Carlson