Blockchain is one of the biggest tech buzzwords of the last few years, and the technology is marketed as a cure for everything that ails you, including cybersecurity. In practice, at least as far as security is concerned, blockchain might actually cause more problems than it solves.
The basic idea behind blockchain is that you've got a list of items, or a ledger, that you're sharing with your peers. A clever bit of encryption keeps you from changing the previous elements on that list, unless the majority of your peers sign off on the change.
It's pitched as being better than having one trusted central party keep track of the list and make corrections when needed, because the trusted central party usually charges money for the service.
So, for example, banks can get together and move money from one to another without any centralized gatekeeper.
Security experts seem to agree that the technology has a lot of potential in their space.
"Blockchain holds great promise," Phil Quade, CISO at Fortinet, the Sunnyvale, California-based cybersecurity firm, said.
One example is its potential to improve efficiency of key and certificate distribution, David Cook, CISO at Databricks, the San Francisco-based data analytics firm, told us. "I think there's some business value to it," Cook said.
The downside is that when there's a problem with a transaction, instead of having that central entity step in and resolve the dispute and correct the ledger, you have to negotiate with everyone else in the system.
This happens a lot with cryptocurrencies, which are currently the biggest and best-known implementations of blockchain. And those implementations haven’t been without problems.
For example, more than $500 million worth of the Ethereum cryptocurrency has been lost because people accidentally left a payment destination address field blank.
"In a traditional [system] you have the ability to roll back the transactions," said Cook. "With blockchain, it's permanent."
Another $500 million of the Ripple cryptocurrency was recently lost when its billionaire owner died, since he was the only one who had access to that currency wallet.
Hackers typically don't go after the core blockchain encryption technology. Instead, they go after poorly implemented wallets, attack currency exchanges, and launch man-in-the-middle attacks to intercept money transfers. Without a central authority, there's nobody to complain to when things go wrong.
In the first six months of this year alone, hackers stole $1.1 billion worth of cryptocurrencies, according to security researchers at Carbon Black.
Besides hacks and reversibility issues, there are the practical problems of adapting business processes and technology platforms to blockchain.
"In my prior position, I ran operations for data centers, and based on the legacy code in the infrastructure, I would say we are far from actually implementing it," Cook said.
As a result, data center operators haven’t yet started deploying blockchain technology to any noticeable degree, he said. "In my dealings with other CISOs, nobody is using it."
Cook said he also wants to see major vendor support and mainstream acceptance before considering using blockchain. "I would probably wait until one of the bigger companies, like Google or Microsoft, starts to adopt this," he said. "There are a lot of questions about this technology. On the surface, it seems super secure, but I do feel that it's going to take a while to adopt based on what I see with my infrastructure."
Another barrier to implementing blockchain is that it’s resource-intensive.
It takes work to do the calculations that guarantee the integrity of the data blocks in the blockchain.
"Blockchain is extremely intensive in terms of computing and power demands, cooling, and wear and tear," Dave Klein, senior director of engineering and architecture at the Israeli security company GuardiCore, said.
At Syncsort, a Pearl River, New York-based data management company, CTO Tendu Yogurtcu has been researching blockchain extensively.
"The blockchain platform has the promise of more transparency, increased security, and increased efficiency," she said.
But even once the security and management challenges are addressed, adoption won't be easy, since the frameworks are difficult to use, and different blockchain tools don't work together. "The technology adoption is still far behind," she said.