While blockchain is among the hottest technologies in the enterprise security, data storage and file-sharing arenas, many experts question its use or even whether it’s really as secure as billed.
As marketplaces struggle with how best to deploy the distributed ledger technology, IT vendors are beginning to test it in their products — in some cases, as a reaction to customer inquiries rather than a proactive move.
“It’s a very hot topic right now,” said Zulfikar Ramzan, CTO of RSA Security, a subsidiary of the Dell EMC Infrastructure Solutions Group. “We are definitely getting a lot of inbound inquiries around blockchain and its implication within enterprise environments. I think it’s driven largely by the fact that when there’s a new technology out there, to some degree people want to be buzzword compliant with the latest and greatest.”
Ramzan said his customers are asking about blockchain for audit logging and or verifiable logs, which is viewed as a reliable way of tracking what happened in an organization to satisfy regulatory auditors. Other RSA customers are interested in it for user authentication to ensure users are accessing the correct digital records at the right time.
“We’re examining how blockchain can be used in that context,” Ramzan said. “I think it’s a very nascent technology. I think it’s an area that has gotten a lot of hype, and now it’s a question of whether that hype can be converted into reality.”
Blockchain and Bitcoin
Blockchain is a decentralized electronic, encrypted ledger or database platform — in other words, a way to immutably store digital data so that it can be securely shared across networks and users.
While the technology has grown in popularity, mainly because it’s the basis for the wildly hyped cryptocurrency and payment platform Bitcoin, many experts are still not sure exactly how it works.
Even the founder of Bitcoin, Satoshi Nakamoto, is a shadowy figure and no one appears to know with certainty who he is or if the name is a pseudonym for a group of developers. Nakamoto, however, holds one million bitcoins, or the equivalent to $1.1 billion.
Angus Champion de Crespigny, blockchain leader at Ernst & Young, called the technology “overhyped” and said many business applications touted as beneficiaries of its use have regulatory or operational issues that can be difficult to solve via one technology alone.
“We’re seeing interest in using it to propagate security policies and identity access management, but it’s early days. We’re seeing more vendors producing business specific products, which is really what’s needed,” de Crespigny said.
One problem facing blockchain’s use, de Crespigny said, is a ‘rip and replace’ mentality now popular in enterprise environments, which may not be economical.
“We do see identity management, however, as a real beneficiary, [since it] can help establish single customer views [and] streamline onboarding,” de Crespigny said. “It’s a technology paradigm, similar to saying relational databases: there are many different ways to implement it and different strengths and weaknesses to each implementation. Similarly, [that’s true] with the different flavors of private and public blockchains.”
The real power of blockchain, de Crespigny said, is in public environments such as Bitcoin, but the environment is immature. “It’s not to say there aren’t benefits within enterprises, particularly when they work across legal entities.”
Decentralization a feature, not a bug
One conundrum facing blockchain adoption is the technology’s sheer complexity, which comes from it performing every function without a centralized source of management.
“Blockchain’s strength is in creating a decentralized, distributed ledger. If you’re in an enterprise environment, in many cases you don’t need that decentralization. You can achieve the same objectives in a centralized fashion and it’s much easier if you use a single point of trust,” Ramzan said.
“That’s partly what we’re trying to help our customers understand. They understand the benefits of blockchain,” Ramzan continued. “They have the why, but they don’t necessarily have the understanding of the how or the what. Our goal is to help them make a determination [about whether] this is a better way to achieve their ends.”
For many, blockchain’s complexity — stemming from its decentralized structure — is reason enough to give organizations pause in adopting it.
“It’s difficult to understand the way it performs encryption,” said Serguei Beloussov, CEO of leading data backup provider Acronis. Beloussov has a PhD in computer science and has co-authored more than 200 U.S. technology patents.
“I have several very smart computer scientists who tell me it’s major overkill. And, if it’s overkill, then it’s secure but it’s a way of securing something that’s unecessary,” Beloussov said in an interview. “Then I have several computer scientists who tell me it’s really not secure — they believe you can penetrate it.”
For his part, Beloussov believes blockchain – while extremely complex, is by its very nature secure.
Acronis embraces blockchain
In February, Acronis for the first time introduced blockchain technology in its True Image 2017 data backup software. The blockchain platform is also used as a data certification and verification element in True Image’s ASign application — an electronic document signing or notary service.
Within a couple of months, Acronis also plans to introduce blockchain for data verification in its Acronis Backup 12 Advanced, its core backup product for small and mid-sized businesses.
“We deal with data management, effectively we’re backup, but eventually data management software, and data management software needs to make sure that the data is immutable and you can control access to data in some smart way,” Beloussov said. “So it’s about controlling access to data in a smart way.”
Beloussov sees Bitcoin’s use of blockchain technology as its most basic capability — as a way to make digital objects unchangeable. But eventually he sees it having merit as a way to efficiently create smart contracts.
For example, HealthCoin is a blockchain-based database that can be used by physicians and other healthcare providers to confirm that patients are following treatment regimes to avoid complications from long-term diseases such as congestive heart failure and diabetes.
That HealthCoin network creates a marketplace for employers, healthcare plans, hospitals and life insurers to financially reward employees for taking part in proven prevention methods. Employees’ actions can be tracked through wearables and rewarded with the Healthcoins, which are placed in a digital wallet.
Blockchain allows a set of users on unrelated servers to control digital records, which it calls blocks, in a distributed manner. Each block has a timestamp and is linked to a previous block, creating an unbroken chain — meaning each block is its own unchangeable record linked to that user.
Blockchain can only be updated by consensus between participants in the system, and when new data is entered, it can never be erased. The blockchain contains a true and verifiable record of each and every transaction ever made in the system.
A constantly evolving technology
Like the internet itself, blockchain’s capabilities are continually evolving with new features or add-on applications. Since it is not regulated by a single control center as there might be with a system administration, there’s no single point of failure. In an enterprise, theoretically, there would be no need for an IT professional to monitor security on a blockchain database.
There are several general uses for blockchain platforms. There are public blockchains, which allow anyone to see or send transactions as long as they’re part of the consensus process.
There are consortium blockchains where only a pre-selected number of nodes are authorized to use the ledger. For example, a group of banks and their clearing house might use blockchain as part of the trade clearing process where each node is associated with a step in the verification process.
And, then there are private blockchains, where the ability to write to a ledger is restricted to a single organization.
Acronis’ version of the distributed database software is based on Ethereum, a custom-built platform that was introduced in 2013 by developer Vitalik Buterin. At the time, he was just 19.
The Ehtereum platform was originally used for verifying online payments, but its capabilities grew under the Swiss nonprofit Ethereum Foundation.
In January, a report from Accenture claimed blockchain technology could reduce infrastructure costs for eight of the world’s 10 largest investment banks by an average of 30%, “translating to $8 billion to $12 billion in annual cost savings for those banks.”
The savings, according to Accenture, would come in replacing traditionally fragmented database systems that support transaction processing with blockchain’s distributed ledger system. That would allow banks to reduce or eliminate reconciliation costs, “while improving data quality.”
In February, Accenture, J.P. Morgan Chase and Microsoft were among 30 companies that announced the formation of the Enterprise Ethereum Alliance, aimed at creating a standard version of the platform for financial transaction processing and tracking.
“Given the tremendous cost of data reconciliation — which is part of every aspect of the capital markets industry — it’s no surprise that we’ve seen a significant amount of investment in blockchain technology, David Treat, managing director for Accenture’s financial services industry blockchain practice, said a statement. “But, as with any emerging technology, understanding what these investments might yield is a challenge.”