July 2nd, 2018 |
The industry portrays that Blockchain will solve the world’s woes. Legacy companies like IBM, HP and Dell are touting Blockchain as the cure-all for anything and everything. In fact, the ‘Blockchain as a security savior’ message is so ubiquitously promoted and repeated, it has become an accepted fact. For many, Blockchain is not just secure – Blockchain IS security. Blockchain Security has created a market pivot and is the latest in security.
We’re here to tell you its not. Here’s why:
Crypto technologies and its variances such as Blockchain were designed to fulfill the following capacity as…
Blockchain functions as crypto-currency, with a specific market value
Blockchain exists as a denomination-independent way to process financial transactions — similar to a credit card
Blockchain validates and verifies non-financial transactions and content
Blockchain provides a decentralized way to process and validate transactions. This is done over public networks while the transacting parties and the processing parties maintain their anonymity. Once the transaction is validated, it is documented in a public ledger shared across many systems. These make up the Blockchain network.
Business applications are built on multiple components. These include endpoints, systems, hardware, programs and data-sets, all of which have exposure points, referred to as an attack surface. Application platforms that use Blockchain are no exception. Though Blockchain is not susceptible to manipulation or fraud while in transit, it does nothing to secure the multiple attack surfaces and associated vulnerabilities of the platform components. In other words there is no such thing as Blockchain security.
This means the endpoints, servers, applications and clouds that make up the platform remain vulnerable. A compromise of any of these systems could allow the attacker to forge seemingly legitimate Blockchain transactions. The end result? A transaction that appears to be made by an authorized user and endpoint which is processed by an authorized application. Blockchain is incapable of offering any protection in this scenario.
So what drives the industry to tout Blockchain Security?
Even though proper cyber-security requires multiple functions (ie: identity, controls, privacy and threat management among others) to protect the entire application platform, Blockchain is limited to ensuring the integrity of the transactions. Without the implementation of other security functions, the entire platform remains exposed and vulnerable.
Blockchain protects the transaction in a very limited and granular way. Yet large swaths of the industry believe it is a new way to secure entire technology platforms!
No doubt, this is an undesirable byproduct of marketing departments gone wild. In their clamor to “simplify” the complex nature of Blockchain, they have managed to confuse, convolute and even misdirect. It’s like paypal claiming that they protect your bank account.
There are many benefits to using Blockchain as a denomination, for financial transaction processing or non-financial data validation. But the sooner the industry is clear about the practical application of Blockchain, the more confidently it can be used in business applications. With that, Blockchain’s growing use in real business applications can even stabilize the turbulent and unpredictable coin markets.
Acreto is the first cloud-delivered, end-to-end connectivity and security platform that can connect and protect any technology, on any network, anywhere. Acreto SASE +Plus delivers Secure Access Service Edge (SASE) functionalities for access technologies such as devices, networks, IoT / OT and third-parties; while Acreto Secure Application and Data Interconnect (SADI) connects and protects application delivery infrastructure such as clouds, SaaS, data centers and co-locations. Acreto SASE +Plus is SASE plus SADI — one platform with one interface from one provider for all of your technologies around the world.