Back
6 Questions to Plan for Blockchain Security
Blockchain is an effective business strategy that extends beyond the buzz of cryptocurrencies. Businesses are using blockchain for real-time transactions and secure payments at scale. Blockchain deployments vary for every organization, but its many uses and successes so far make it a technology to keep researching.
Planning for cybersecurity at the beginning of blockchain exploration helps create more secure deployments, especially when working with valuable financial information. The six questions below can guide internal conversations to align resources around secure blockchain deployments. Get more blockchain security tips in our eBook, “5 Blockchain Security Fundamentals Every C-Suite Needs to Know.”
Definition of Blockchain, or Distributed Ledger Technology (DLT)
Distributed Ledger Technology (DLT), commonly known as “blockchain” is a distributed database secured with cryptography. How this unfolds in reality has many interpretations. One commonality runs through every blockchain use: every participant has a vested interest in the trustworthiness of the data. This creates an environment for secure transactions after servers, or nodes, work together to establish the real state of a database.
“Blockchain is fundamentally a distributed database secured with cryptography.”
One example of blockchain is smart contracts. They act as web applications stored directly on the chain and operate deterministically without requiring an entity to execute the code. Smart contracts allow responsible parties to communicate information including transactions without the use of an intermediary.
The many unique use cases of blockchain give it vast appeal, but it may be particularly useful in industries such as large financial institutions and retail groups.
Blockchain Security in Deployments
Much of the data handled with blockchain is considered sensitive, therefore making it valuable to malicious actors. As with many newer technologies, vulnerabilities can become an issue if security is not baked in from the start.
“Like any other technology, security flaws are typically discovered/introduced during integration, as opposed to being inherent to the technology itself.”
Blockchain security issues can emerge from container configurations, vulnerable contract code, or weak permission models to name a few. Exploring blockchain uses through a cybersecurity lens puts organizations ahead of weaknesses or gaps before vulnerabilities occur.
6 Questions to Prioritize Blockchain Security
These guiding questions will help uncover expectations and requirements as companies continue blockchain research. Use these as a starting point to gain alignment between IT and security teams, as well as other internal departments who may be affected by blockchain use.
- Are teams in my organization pursuing blockchain uses? Have they consulted the security team for potential risks? Do we have trusted providers in place for third-party blockchain pentesting? Are we rushing the development of DLT solutions without proper security processes in place?
- What chain technologies are going to be part of our deployments? Are these chains public/permissionless chains like Ethereum or Bitcoin? Or do we want to work with a permissioned chain system like Hyperledger?
- Are we developing or deploying smart contracts? Do we have a secure SDLC process developed for DLT? Is our development team properly trained in the security considerations of the chain? How will we support contract updates and security fixes? Do we have code audit plan in place?
- Are we running our own nodes as part of the chain use? Will these be deployed on-premises, in Azure/AWS, or via a managed provider like IBM or Oracle? Have we considered configuration reviews for the supporting containers and hosts? Do we have threat models for other malicious nodes on the chain? Have we considered supply-chain threats for the code base?
- Are we performing any custodial or direct ownership of digital assets? Is transaction signing and logic part of our solution? How are we securely managing cryptographic keys? Do we have key recovery process in place? Are we relying entirely on third party APIs to access the chain?
- Are we integrating with any off-chain assets (databases, APIs, etc.)? Have we mapped out threat scenarios related to state-desynchronization? Are we properly leveraging the native security of chain transactions for key logic? Are we storing sensitive data on the chain?
Make Blockchain Security Part of Your Strategy
The goal of DLT is to create a shared database which can be trusted by multiple entities who don’t necessarily trust one another. Blockchain is the answer to this challenge, but it’s a newer technology with its full potential still being realized.
Continue your blockchain research by accessing our eBook “5 Blockchain Security Fundamentals Every C-Suite Needs to Know” or accelerate your blockchain use by connecting with our experts.
