Terry Greer-King, vice-president EMEA at SonicWall, discusses looking past the hype when it comes to blockchain and cyber security
Blockchain and cyber security- Within the cyber security industry, there is perhaps no technology that polarises opinion quite as strongly as blockchain. For some, its decentralised model is the future, protecting every node across a network. For others, the hype is outweighed by a limited functionality and, up until now, a limited uptake. But, when we look at the distributed IT model that businesses are now forced to operate in, it becomes clear that blockchain has an important role to play moving forwards.
Traditionally, enterprises have been shielded by a security perimeter around the corporate network, which kept out malicious actors. But this model has drastically changed, and has instead been replaced by a boundless model: enterprises now need to operate in a ‘always on’ IT landscape, where everyone is remote, mobile, and therefore less secure. The previous perimeter-based system is essentially no more, changing into a multitude of endpoints spread across geographies. Meanwhile, malicious actors have continued to diversify their attacks, becoming increasingly invasive and targeted.
Blockchain is far from perfect, and it is certainly not as embedded in enterprise security portfolios as other technologies but, looking forward, there is a strong chance that it will take centre stage, as security continues to emphasise PKI cryptography over flawed human-centric decision-making.
The traceability challenge
With the blockchain, every transaction is instantly identifiable and time-stamped. From a cyber security angle, this provides organisations with additional reassurance that the data is authentic and has not been tampered with, ensuring its integrity throughout the transaction, and the confidentiality of the blockchain makes sure that data is off limits for external parties.
A central theme of blockchain-based cyber security, particularly around the traceability issue, is: how does it fit in with today’s complex regulatory landscape? The GDPR principle around the right to be forgotten is a particular challenge, because the blockchain’s immutability means that data is not deleted or altered. A solution to this would be to encrypt data stored in the blockchain before it is subsequently hashed into the system. This ensures that, if the encryption keys are destroyed, the data is rendered unprocessable and void.