On April 27, 2022, NetSPI CTO Travis Hoyt published an article in the Forbes Technology Council called Beyond Bitcoin: Understanding Blockchain Security Implications. Preview the article below, or read the full article online.
The blockchain market is expected to grow 68.4% over the next four years, with 86% of senior executives believing blockchain will become a mainstream-adopted technology. While the majority of the world has been fixated on various cryptocurrencies – including bitcoin, ethereum and the emerging non-fungible token (NFT) market – organizations have adopted blockchain technology behind the scenes. To do this, the right education and implementation strategies are needed because without proper implementation strategies factoring in architectural nuances, organizations are opening their business up to security risks.
There are a handful of blockchain deployment models: private (or internal), permissioned/consortium and public. While they all possess some common traits, each has its own nuances when it comes to its use and associated security risks.
Private (Or Internal) Deployment
Blockchains on a private network are generally isolated but are intended to solve internal operational efficiency problems. They offer an alternative data plane to traditional database architectures, with smart contracts serving as stored procedures.
Private networks are quicker than other deployment models—largely because all of the infrastructure is within the four walls of the organization –– but most importantly because the consensus model doesn’t require trustless verification that public chains do. When deployed internally, processes become more efficient, so the steps to protect business assets are more controlled. We see this specifically with an organization’s internal supply chain—the blockchain enables a faster and more cost-efficient delivery of services.
The organization that controls the blockchains can set permission requirements and implement its own security precautions. By controlling which users can view, add or change data within the blockchain, private information is protected from third parties.
Alternatively, private blockchains are potentially more vulnerable to fraud, so organizations must understand the interworking of the network in order to patch a vulnerability effectively. If a malicious insider or cyberattack presents itself, the steps to mitigate are essentially the same as with any other cyberthreat: conduct risk assessments, have penetration testing in place to identify security gaps and build a threat detection and response plan. Organizations that have neglected to address blockchain acumen gaps in their IT and cyber resources may find their response playbooks aren’t completely meeting their needs.
Read the full article online.