Maksim Kabakou - Fotolia

Security Think Tank: Too soon to dismiss blockchain in cyber security

What are the best and most effective ways information security professionals can use blockchain technology?

Blockchain is distributed ledger technology. The premise of blockchain is that everyone involved in the chain has the same version of the truth at the same time. Each block in the chain builds on the previous and each has a unique identifier.

Blockchain technology is finding its way into more and more areas of global business, yet the use of blockchain in the world of cyber security is still nascent. Many of the most developed use cases involve financial transactions.

However, due to the inherent security attributes of decentralised, redundant ledgers, hashing/encryption, and other privacy-preserving techniques used by blockchains, security-related applications are also significant. Early forays have focused on identity, data, and the internet of things (IoT).

Identity and access management focuses on validating that someone is who they claim to be, a fact that attackers are keenly aware of when they target the credentials of privileged users in an organisation, such as systems administrators or C-level executives, to gain access to key digital assets.

A blockchain-based system could be used to track identities, entitlements, entitlement assignment, and access events, with any attempts at change, such as the privilege escalation, flagged and checked against policies before it is allowed.

From a data perspective, blockchain can be used to store data in a distributed manner. Today, data storage is often centralised, and cyber attacks frequently focus on accessing data in one location. Using distributed ledger technology lowers the risk if an attacker were to access the data – even if they were to get in, there’s less data to steal than with centralised data storage.

The internet of things is growing rapidly despite persistent concerns about the security of endpoints and the mission criticality of many IoT applications. 

Blockchain’s peer-to-peer (P2P) architecture and intrinsic security technologies – including the encryption/hashing of data, redundant and immutable ledgers, robustness of data to compromised nodes, and use of hardware wallets and chip-level trusted execution environments – bring the potential to increase IoT security. These characteristics enable the development of networks of trusted devices – whether in private or public blockchain deployments.

Enterprise blockchain adoption in security is in its infancy and several enterprises have adopted a “wait and watch” approach owing to the ongoing development of blockchain technology, the need for significant investment, and the lack of a specialised workforce.

However, Ovum has developed a series of questions to consider for blockchain use in security: Does the use case require a database? Would there be several users updating the database? Is there a need for the users to establish trust between each other? Are there any issues with the involvement of a central or third party? And do the transactions have dependencies between each other?

If the answer to all of the above questions is “yes”, then this is a good use case for blockchain in security – or in any other potential use case. In the cyber security world, blockchain should not be dismissed as emerging technology that has little value; instead, organisations should consider maintaining a watching brief and exploring possibilities.

Read more from Computer Weekly’s Security Think Tank about how information security professionals can use blockchain technology

Read more on Hackers and cybercrime prevention

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

One of the biggest advantages of investing in digital currencies like BITCOIN is the possibility of making millions overnight. Also, bitcoin makes cross border payments possible, and also provides an easy way for people to escape failed government monetary policy. When some people hear about bitcoin, they think of it as nonsense but it’s simply because they have no knowledge or lack professional guidance/mentorship. Bitcoins can be sent from anywhere in the world to anywhere else in the world. No bank can block payments or close your account. I can go on and on to list the benefits of bitcoin investments but I will pause and let you find out more. Also, If you wish to make profits from bitcoin investments, need consultancy about any digital currency, mining of bitcoin or retrieve stolen wallet, lost passwords. Contact Professor John Hang via his email address
( c r y p t o j a c k i n g @ g m a i l c o m ) for consultancy and help.