Blockchain Security Fallacy

Share

Blockchain, it slices, dices and juliennes, but is it security?

The industry portrays that Blockchain will solve the world’s woes. Legacy companies like IBM, HP and Dell are touting Blockchain as the cure-all for anything and everything. In fact, the ‘Blockchain as a security savior’ message is so ubiquitously promoted and repeated, it has become an accepted fact. For many, Blockchain is not just secure – Blockchain IS security. Blockchain Security has created a market pivot and is the latest in security.

We’re here to tell you its not. Here’s why:

Crypto technologies and its variances such as Blockchain were designed to fulfill the following capacity as…

Denomination
Blockchain functions as crypto-currency, with a specific market value
"<yoastmark
Transaction Processing
Blockchain exists as a denomination-independent way to process financial transactions — similar to a credit card
"<yoastmark
Data Validation
Blockchain validates and verifies non-financial transactions and content
"<yoastmark

Blockchain provides a decentralized way to process and validate transactions. This is done over public networks while the transacting parties and the processing parties maintain their anonymity. Once the transaction is validated, it is documented in a public ledger shared across many systems. These make up the Blockchain network.

Business applications are built on multiple components. These include endpoints, systems, hardware, programs and data-sets, all of which have exposure points, referred to as an attack surface. Application platforms that use Blockchain are no exception. Though Blockchain is not susceptible to manipulation or fraud while in transit, it does nothing to secure the multiple attack surfaces and associated vulnerabilities of the platform components. In other words there is no such thing as Blockchain security.

This means the endpoints, servers, applications and clouds that make up the platform remain vulnerable. A compromise of any of these systems could allow the attacker to forge seemingly legitimate Blockchain transactions. The end result? A transaction that appears to be made by an authorized user and endpoint which is processed by an authorized application. Blockchain is incapable of offering any protection in this scenario.

"<yoastmark

So what drives the industry to tout Blockchain Security?

Even though proper cyber-security requires multiple functions (ie: identity, controls, privacy and threat management among others) to protect the entire application platform, Blockchain is limited to ensuring the integrity of the transactions. Without the implementation of other security functions, the entire platform remains exposed and vulnerable.

Blockchain protects the transaction in a very limited and granular way. Yet large swaths of the industry believe it is a new way to secure entire technology platforms!

No doubt, this is an undesirable byproduct of marketing departments gone wild. In their clamor to “simplify” the complex nature of Blockchain, they have managed to confuse, convolute and even misdirect. It’s like paypal claiming that they protect your bank account.

There are many benefits to using Blockchain as a denomination, for financial transaction processing or non-financial data validation. But the sooner the industry is clear about the practical application of Blockchain, the more confidently it can be used in business applications. With that, Blockchain’s growing use in real business applications can even stabilize the turbulent and unpredictable coin markets.

 

Other Articles you may like….

21st Century Security Must Address the Entire IoT Ecosystem

Babak Pasdar
Babak Pasdar
Babak Pasdar is an ethical hacker and a globally-recognized expert in Cyber-Security, Cloud, and Crypto-currency. He has a reputation for developing innovative approaches and methodologies for the industry’s most complex security problems. Before Acreto, Pasdar brought the first proxy-in-the-cloud platform to market, even before the word “cloud” was coined. He called in security in the "Grid". Named one of New York’s Top Ten Startup Founders over 40, he has built and successfully exited two Cyber-Security technology companies and his innovations have been widely adopted by the industry.

Watch Video

Replay





Interested In ...

Show Buttons
Hide Buttons