Virtualization Technology News and Information
Blockchain and Security Reviewed in Latest Information Security Forum Report

The Information Security Forum (ISF), a trusted resource for executives and board members on cyber security and risk management, has released Blockchain and Security: Safety in Numbers.

The organization's latest briefing paper helps those involved in blockchain deployment to understand the main components of a blockchain network, identify security issues associated with developing or using blockchain applications, address security issues in a structured manner by determining security requirements, apply a secure systems development lifecycle (SDLC) and support live blockchain applications.

Often described in terms of anonymity and security, Blockchain is advertised as a game-changer for businesses, governments and criminals alike. However, as organizations rush to deploy applications based on blockchain technology, do the potential benefits outweigh the information risks? While the more familiar manifestations of blockchain - such as cryptocurrencies - are based on public (permission-less) blockchains, private (permissioned) or federated blockchains are increasingly of interest to organizations. Understanding the potential security issues, and how they can be addressed, is vital for any organization planning to use applications based on blockchain technology, especially considering a number of well-known blockchain breaches within financial services.

"Blockchain's indelible and visible record provides many advantages. However, this record does not render blockchain immune from security issues," said Steve Durbin, Managing Director, ISF. "Many of the security issues associated with developing and operating any application - such as managing an implementation, providing acceptable technical support and training staff - are still applicable to blockchain. The main security issues specific to blockchain relate to breaches of the integrity of the ledger and individuals performing malicious or fraudulent transactions."

Blockchain introduces a relatively new concept based on trust in a distributed network of participants, some of whom may not be known. Blockchain risks are particularly acute considering that its security is built on assumptions that the:

  • Content of the blockchain ledger is both immutable and irrefutable
  • Underlying cryptography is secure enough to last the life of a blockchain application
  • Consensus algorithms are robust

As blockchain is put to different uses, it is vital to look beyond the hype and understand its merits and disadvantages.  After all, it may not always be the best solution to a problem; directories, databases and other types of data store still have value.

"While there may be a commercial advantage from being at the forefront of adopting blockchain, prudent organizations should be aware that blockchain is immature and unforeseen security issues may emerge," continued Durbin. "Consequently, organizations should place a particularly strong emphasis on evaluating the risks of developing or using blockchain applications before trusting this innovative approach."

The ISF provides guidance to organisations on how to work effectively with Blockchain, as well as covering all other areas of cyber security and risk management. This research is complements a comprehensive suite practical information security tools. Blockchain and Security: Safety in Numbers is available now to ISF Member companies via the ISF website.

Published Thursday, May 09, 2019 9:49 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<May 2019>