Blockchain and Data Security: Ways to Mitigate Risks

Smart enterprises need to be wary and better understand the ins and outs of data confidentiality before they rush to embrace blockchain technology.

Ken Krupa is Enterprise CTO for MarkLogic.

Everything seems to be full speed ahead for blockchain, with nearly 6 in 10 large enterprises considering blockchain deployment, Juniper Research says. Yet smart enterprises need to be wary and better understand the ins and outs of data confidentiality before they rush to embrace the much-hyped technology, especially in industries like finance and health care.

That’s because data written to blockchain is “public” data. Even “private” blockchains that are centrally administered are transparent to the participants in them. Also, the data written to the blockchain is not managed by you or by your company. Instead, it’s on a shared ledger that is stored on a distributed system. This can carry significant privacy and security risks without a full understanding of which data can and should be on a blockchain vs. which data must remain off of the blockchain.

Companies can and must deal with these risks if blockchain is to achieve its full potential, which some have compared to the early days of the Internet with similar potential to disrupt industries such as health care, manufacturing and especially financial services.

It’s also important to remember that blockchain is not a database management system in the traditional sense. It is designed for immutable record keeping and trust consensus. A database management system is designed for high-throughput read and write, and for complex querying and data discovery, things that blockchains are not designed for. As such, blockchain implementations are enhanced by a DBMS that would perform critical operational and data intensive functions.

Operational data is the lifeblood of a successful business, powering real-time applications and analysis throughout the enterprise. But, organizations usually struggle to efficiently and consistently deliver the data integration, advanced search, and operational data triage that are essential to success. An Operational Data Hub (ODH) approach overcomes these challenges and can be foundational for blockchain advancements. This approach allows companies to easily integrate data from multiple sources or silos into one place – maximizing data discovery and harmonization; security and governance; and real-time operational capabilities.

Protecting the Data

Whether establishing a private blockchain, or implementing architectures that leverage a public blockchain, you must decide the best platform for deployment. Even though blockchain has inherent properties that provide security, vulnerabilities can be manipulated, particularly as they may relate to technologies that interact with a blockchain. After all, many past blockchain-related exploits (e.g. bitcoin exchanges) were the result of either weaknesses in the complementary technologies used, poorly thought-out data architectures, or both. Ideally, any technology that will participate in a blockchain architecture should be comprised of an infrastructure with integrated security that can:

Restrict access to data. There will be some data that companies will never upload to a public blockchain, such as electronic medical record information or social security numbers. With a private blockchain, security features need to be strong enough to prevent anyone from accessing any type of similarly sensitive information. Here, we’re talking about the need to be able to redact sensitive data, such as any personally identifiable information (PII). This provides organizations with the ability to safely share the right views of their data with the right people by removing, replacing or blocking out sensitive information in order to prevent a data breach or the violation of laws or regulations. Element level security also allows specific parts of documents to be hidden from particular users. Finally, full encryption of sensitive data ensures data will not be accessible by unauthorized parties, especially when data is in transit and perhaps flowing through untrusted networks.

Validate data quality before it enters the blockchain. Blockchains can only take responsibility for the accuracy and quality of data once it has been inputted into the blockchain. “You need to trust the data being pulled from organizations existing source systems is of good quality,” writes Deloitte in a report, Blockchain & Cyber Risk. In that report, Prakash Santhana, Advisory Managing Director at Deloitte U.S., is quoted as saying “the biggest vulnerability in the blockchain framework will lie outside the framework in ‘trusted’ oracles. A corrupted oracle could potentially cause a domino effect across the entire network.” Validating data pre-blockchain is critical.

Have effective data governance policies throughout. It’s important to implement and follow effective data governance policies and best practices such as maintaining access controls, metadata, data quality and security features—inside and outside the blockchain. One of the most likely vulnerabilities with distributed ledger technology originates outside the blockchain. They are the places where blockchains meet other computers that employees and entities use to access blockchain services. It is during the process of accessing the blockchain that the data on the chain may be the most vulnerable.

Role of Data

To date, the applicability of blockchain technology has been most evident with digital currencies. However, there are many other blockchain applications with great potential that have yet to take off in earnest.  Smart contracts – the ability to consummate agreements without human interaction ­­– is one area that is generating a lot of interest. However, smart contracts will benefit from the technology as long as the intelligence inside the blockchain has the correct data upon which to act. For instance, in investment banking, blockchain technology holds the promise of enabling a significant reduction of settlement and other manual intensive processes associated with complex trades. However, in order for that to be possible, the data that would go into the smart contract in the first place has to be completely accurate. This is true of many industries. In fact, for any that rely on record keeping, blockchain technology promises to reduce risk and enable more trust, provided the end-to-end data flow is well-thought-out.

The database value-add to blockchain technology is to enable validation of data, ensure data consistency, provide anonymized data storage, manage risk and maintain compliance when data meshes with other sources, and to enable 360-degree views into data so that companies and entities can gain actionable insights.

No matter how data is stored or transmitted, its ultimate value lies in the insights that stem from that data.

If inputted data is accurate, blockchain technology can play a powerful role in transforming the resultant data output, streamlining operational processes, and enabling organizations “to verify transactional data faster than any other system,” Deloitte reports. Such efficiencies will empower organizations to take more proactive actions with their data and gain competitive advantages.

Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish