In my previous blog, I asked whether the hype around blockchain is justified. My answer was a resounding yes: Blockchain technology can enable the anonymous exchange of digital assets and data, and removes the need for a central authority. It can streamline, protect and order operational processes and document based activities, as well as enable real time global views of information that would have previously been difficult to see.
I believe that blockchain and distributed ledger technology truly has the potential to be a globally transformative technology. That said, there are several areas that we need to carefully consider before and during any implementation of the technology in the real world. I will discuss some of these areas in more detail in my next blog, however, for this one I wanted to highlight the question of security … especially when dealing with financial transactions.
For blockchain to reach its potential, it must meet—or exceed—accepted security standards and prove it is as secure and resilient as it claims to be.
The security considerations of blockchain
The reason security is such a critical issue when it comes to blockchain is simple: The technology is set to provide a new infrastructure on which the next generation of business applications will be built. Moreover, the nature and attributes of blockchain demand a very particular approach to security.
There are three core considerations in this respect:
Mirroring a decentralised approach to technology means that security must move from a centralised to a decentralised approach.
An asset and its means of protection must be combined in a single token.
Security must be robust: Digital wallets have proven easy to exploit, and the malicious transfer of value can be instant and irreversible.
The ability to secure distributed ledgers, digital wallets and other applications is mission critical. However, while blockchain technology has proved highly tamper-resistant, the vulnerabilities in blockchain applications have been exploited—and with significant consequences for the companies involved.
When looking at most of the security breaches surrounding blockchain, they have predominantly been due to errors in the environment that it was built upon (e.g., a bug in a Java development tool making the signature algorithm less secure).
Bugs and security breaches are natural for a new technology. However, with the collaborative focus on the technology, whether through its open source roots or its many working groups and consortiums, it remains in everyone’s interests to increase the technology’s security.
It would be remiss of me not to mention the DAO hack in a post about blockchain security. It has been big news and is continually mentioned as a demonstration that the technology is not secure yet. I have to state that the reason why this hack was possible was actually a vulnerability in the smart contract programming, as opposed to the blockchain itself.
A new approach to blockchain security
Accenture has created a system that makes it easier for blockchain users to store their security credentials in hardware security modules (HSM)—the highly secure processors that companies use to secure passwords and “digital keys.”
Unlike vulnerable digital wallets, which have until now been used to store blockchain security credentials, our new approach isolates the credentials from the rest of the network, making them virtually impossible to access without permission. Integrating blockchain security with HSMs in this way meets the three security considerations I outlined above, and represents a significant step forward in the blockchain story.
A tipping point for blockchain
This innovation means that blockchain infrastructures can now be put to service in any business that deals with highly sensitive or valuable information, as it provides assurance that there is an enterprise-grade key management system available. We hope that this will increase trust in the security of blockchain technology, and therefore its uptake will accelerate more rapidly.