Terry Greer-King, vice-president EMEA at SonicWall, discusses looking past the hype when it comes to blockchain and cyber security
A boundless model can lead the way towards blockchain-powered cyber security.
Within the cyber security industry, there is perhaps no technology that polarises opinion quite as strongly as blockchain. For some, its decentralised model is the future, protecting every node across a network. For others, the hype is outweighed by a limited functionality and, up until now, a limited uptake. But, when we look at the distributed IT model that businesses are now forced to operate in, it becomes clear that blockchain has an important role to play moving forwards.
Vendor collaboration in cyber security industry essential during Covid-19
Traditionally, enterprises have been shielded by a security perimeter around the corporate network, which kept out malicious actors. But this model has drastically changed, and has instead been replaced by a boundless model: enterprises now need to operate in a ‘always on’ IT landscape, where everyone is remote, mobile, and therefore less secure. The previous perimeter-based system is essentially no more, changing into a multitude of endpoints spread across geographies. Meanwhile, malicious actors have continued to diversify their attacks, becoming increasingly invasive and targeted.
Blockchain is far from perfect, and it is certainly not as embedded in enterprise security portfolios as other technologies but, looking forward, there is a strong chance that it will take centre stage, as security continues to emphasise PKI cryptography over flawed human-centric decision-making.
The traceability challenge
With the blockchain, every transaction is instantly identifiable and time-stamped. From a cyber security angle, this provides organisations with additional reassurance that the data is authentic and has not been tampered with, ensuring its integrity throughout the transaction, and the confidentiality of the blockchain makes sure that data is off limits for external parties.
A central theme of blockchain-based cyber security, particularly around the traceability issue, is: how does it fit in with today’s complex regulatory landscape? The GDPR principle around the right to be forgotten is a particular challenge, because the blockchain’s immutability means that data is not deleted or altered. A solution to this would be to encrypt data stored in the blockchain before it is subsequently hashed into the system. This ensures that, if the encryption keys are destroyed, the data is rendered unprocessable and void.
Blockchain is by no means a perfected technology, and there is still obvious room for improvement. Crucially, changes must be made to design a blockchain that not only effectively secures data but also upholds regulatory compliance.
Decentralisation: the model of the future?
Blockchain technology, in its core design, is structured so that data is not stored within a central entity. Data is never stored in a single physical location, which could be vulnerable to malware intrusions. Because every single node across a single blockchain is democratically controlled, a single compromised node would render the entire system unexecutable.
Blockchain in energy: Optimising profits with decentralised trading
For example, if your motorbike has a punctured tyre, you would stop, and ensure that it is fixed. If your vehicle does not alert you, and you carry on as normal, you remain at risk. The same goes for business security. If you do not know that your system is compromised, how do you know where to start making it right? How do you know that you need to improve security? Looking back to Marriott’s first data breach, for instance: the system was first infiltrated during 2014, only for the breach to be revealed to the public four years later. In that time, up to 500 million customer records were leaked. If the perimeter had been protected by a decentralised system of nodes connected in a blockchain, this would not have happened, as the second a hacker attempted to tamper with the data, the system would have analysed each and every block, identifying the outliers and excluding them from the chain.
Designed for the new era of boundless computing
When external interfaces of the blockchain, especially for the inserting or reading of data, are secured, data is protected across the whole transactional route. Looking forward, companies like Marriott would be able to implement secure systems and avoid the £99 million fine handed out in 2019 by the Information Commissioner’s Office.
Blockchain as a technology is still in a period of development, and we are only just breaking the surface of what can be achieved with it. In a sense, it is designed for the very era that we are now entering: the era of boundless computing, where distributed IT has become the norm. A multitude of devices can be secured by blockchain PKI, distributed enterprise networks can be secured at the edge, organisations can tackle the challenge of remote working, and decentralisation ensures tampered systems are discovered and intruders stopped.