Blockchain is often seen as a game-changer for businesses, governments and criminals alike. But, as organizations rush to deploy applications based on blockchain technology, do the potential benefits outweigh the information risks?
The Information Security Forum (ISF) is releasing a new briefing paper aimed at boosting understanding of the technology.
It’s designed to help organizations understand the main components of a blockchain network, identify security issues associated with developing or using blockchain applications, address security issues in a structured manner by determining security requirements, apply a secure systems development lifecycle (SDLC) and support live blockchain applications.
“Blockchain’s indelible and visible record provides many advantages. However, this record does not render blockchain immune from security issues,” says Steve Durbin, managing director of the ISF. “Many of the security issues associated with developing and operating any application — such as managing an implementation, providing acceptable technical support and training staff — are still applicable to blockchain. The main security issues specific to blockchain relate to breaches of the integrity of the ledger and individuals performing malicious or fraudulent transactions.”
Blockchain introduces a relatively new concept based on trust in a distributed network of participants, some of whom may not be known. Blockchain security is therefore built on assumptions that the content of the blockchain ledger is both immutable and irrefutable, that the underlying cryptography is secure enough to last the life of a blockchain application, and that consensus algorithms are robust
As blockchain is put to different uses, it’s vital for potential users to look beyond the hype and understand its merits and disadvantages. It may not always be the best solution to a problem; directories, databases and other types of data store still have value.
“While there may be a commercial advantage from being at the forefront of adopting blockchain, prudent organizations should be aware that blockchain is immature and unforeseen security issues may emerge,” adds Durbin. “Consequently, organizations should place a particularly strong emphasis on evaluating the risks of developing or using blockchain applications before trusting this innovative approach.”
The full Blockchain and Security: Safety in Numbers is available to ISF Member companies via its website.
Photo Credit: StockPhotoAstur/Shutterstock