Working on the (Block) Chain Gang

By Dinesh Dhir, Global Practice Leader – Finance Industry and Mark Rasch, Security Evangelist, Verizon Enterprise Solutions

It used to be that every few years there was a new and disruptive technology that changed the way we looked at things.  Today these advances in technology occur in every industry not every few years, but every few months.  Examples include skateboards that evolved to scooters and then to terrestrial hover boards, which lead (eventually) to true hovering hover boards; and computers which evolved to laptops which became tablets, and now on to phablets.

In the field of securities transactions, which require immediate reconciliation across disparate enterprises in different countries and time zones with a high degree of efficiency, trust and non-repudiation, the most recent “disruptive” technology is Blockchain.  It has great potential to distribute and more fully automate the process of completing ledgers for purchases and sales of a host of objects.

One reoccurring question for users and regulators alike is, “Is it safe?” or more importantly, “Is it safe enough?”

The answer to that question, like many questions in life is, of course, “it depends.”

Blockchain was originally developed as a method of accounting for crypto currencies such as Bitcoin.  Unlike other currency models such as those employed by central banks and consortia of such banks, Bitcoin had no central authority.  Unlike 20th century models of reconciliation which relied upon trust between participants, Blockchain (in some implementations) assumes a lack of trust in the entire ecosystem.  It relies on a form of “security through obscurity” and the protection of data at the data level.  It is, at least in theory, a self-contained, self-authenticated network with a common framework and common language dedicated to performing a few simple ledger-specific tasks.

What could go wrong?

The short answer is, “plenty.”  The only slightly longer and only slightly more accurate answer is, “We don’t know.”  While crypto currencies have been using Blockchain-type technologies for several years, and it has survived some of the most virulent attacks by hackers, problems may arise as we attempt to integrate this process into our older, legacy systems.

It is at these boundaries that we may find threats and vulnerabilities.

Blockchain applications hold great promise for authenticating and keeping records of transactions, for dealing with trans-border data transfers, and for limiting the scope and potential damage resulting from a breach.  However, they must be assessed as part of a much larger, more complicated and eternally dynamic infrastructure which may be more porous.  At their heart, Blockchain technologies still depend on the following: 1) having an authorized person, with authorized credentials; 2) initiating an authorized transaction, within the scope of his or her authorizations; and 3) creating and maintaining a record of that transaction that cannot be easily repudiated.  Blockchain only deals with parts of this equation.

Most security and authentication solutions require various layers of authentication such as access control; software and hardware engineering; managed monitoring and managed services; penetration testing and certification; threat intelligence and action; breach identification and response; and a trusted partner that evaluates the system as a whole.

Two key questions must be answered. Is a vulnerability within one aspect of a network likely to lead to harm, damage, denial of service, breach of data, or lack of trust in other parts?  What is the likelihood that an outsider or trusted insider could abuse the network, application or system?

Today’s security mandate is not just “trust, but verify.”  It’s “don’t completely trust, and verify, verify, verify.” While Blockchain may remove some layers of complication and solve some problems, as a distributed system, it relies on the availability of the network to work – and to work properly.

Thus, like their more ancient “command and control” models, distributed networks still rely on the network – and users must continue to have plans for system resiliency, disaster recovery, business continuation, and of course denial of service (DOS) mitigation strategies.  Even the best technology won’t work if the network is down, clogged or taken over.

So before rolling out the next big shiny object, take a slow, deep breath, assess it, test it, hack it, monitor it, gather threat intelligence about it, and build it as if your business and career depended on it.

Contact: Dinesh Dhir
Global Practice Leader – Finance Industry
Verizon
Dinesh.dhir@verizon.com
972-439-8229
About Verizon Enterprise Solutions

Verizon Enterprise Solutions brings the best of all Verizon global assets together from across our two business units—wireless and wireline—including America’s best 4G LTE network, Verizon’s global IP network, and the only 100% fiber network in the United States. We provide medium-sized and large enterprises with the technologies they need to help them become more competitive, secure and in touch with their customers. Our global team of technology specialists understands the needs of businesses—and has the knowledge and experience to help deliver the solutions and products companies need. We know how to make large enterprise technology deployments a success—combining innovative technologies with an expert professional services organization to meet each company’s requirements.  http://www.verizonenterprise.com/industry/finance/

Advertisement

Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.