Blockchain security concept
PHOTO: Shutterstock

Digging deeper into blockchain, the technologies behind them and enterprise use of blockchain, apart from the technical difficulties of deploying the technology, it is becoming clear that security concerns are slowing the development of blockchain down, particularly considering the new compliance regulations that have come into play with GDPR.

Types Of Blockchain

The problem goes back to the nature of blockchain itself, and the advantages of using it. A blockchain is an immutable public ledger. Blockchains let us agree on the order of a set of records without trusting a central authority. It is called blockchain because information is stored in blocks. Once information for a single block is finalized and added to the ledger, the ledger turns a page and starts a new block. You can look back through the connections in a chain of blocks in a way like viewing a family tree.

There are two different types of blockchains, one is public like bitcoin and the other one is private. The public blockchains are the ones that are creating enterprise security concerns. The public chains are open and can been seen by anyone. Use and access to private blockchains are usually by invite only.

Kyle Fournier is director of content at CryptoManiaks. He explained that one of the most fundamental aspects of blockchain technology is decentralization. The decentralized nature of blockchains means that they are visible and accessible in their entirety to any node (computer) that elects to participate in them.

Related Article: Blockchain: 10 Questions To Ask Before Diving In

What Information Is Viewable?

Blockchain enthusiasts and evangelists, he said, are particularly excited about the decentralization that the technology will bring. Unlike the traditional technology that blockchains may replace, blockchains are transparent and cannot be controlled and manipulated by centralized authorities that own them.

The question is whether by using transparent, visible technology, can’t any competitor gain insight about their business plans? The short answer is, ‘no’, he said. To attack the premise that blockchains may leave businesses vulnerable to their competition, he points to characteristics that protects them.

First, the only information visible on blockchains is that which businesses put there themselves. Blockchains are very versatile and customizable; they can be utilized for a wide variety of purposes. Some use cases include streamlining supply chains, cataloging digital assets, and recording transactions — but their potential stretches far beyond these three. The important point is that any business that elects to use a blockchain (or blockchains) will decide exactly what information it should contain.

This means that blockchains available to the public will contain only information that the public should have access to. There is absolutely no need for businesses to make any information public that should remain private.

For any sensitive information, private blockchains can be used. While the blockchains that most people have become familiar with are free for anyone to use, there are several cryptocurrency projects that offer individuals and businesses the ability to create their own private blockchains. These blockchains offer the same benefits as public blockchains but can only be accessed by the people given rights to do so.

Related Article: Blockchain Makes Inroads in the Enterprise at Consensus

Using Pseudonyms And Wallet Addresses

There is another blockchain characteristic that will protect enterprises, even if they use public blockchain, according to Chris Newsom founder of CryptoKnits.com. He said that while it is true that transactions on the blockchain exist in a public ledger and are visible to anyone, the parties involved in any transaction are anonymous using pseudonyms, or wallet addresses.

This does leave the basic details of the transaction (amounts, etc.) public, but the parties involved are private so any competition research into your movements on the blockchain would be speculative at best. “In addition, there are new cryptocurrencies that offer much more privacy than the bitcoin ledger, such as Monero, Zcash and others. This technology is in its infancy and as it is accepted and applied in mainstream business, any privacy concerns (if there are any) will disappear as development evolves,” he said.

Furthermore, if it is true that non-permissioned blockchains are entirely public and addresses contained in that blockchain are pseudonymous, only those addresses you choose to publish may be easily linked to identities, Ofir Beigel CEO and founder at Sarasota, Fla.-based 99 Coins, said. Of course, addresses must by necessity be shared to receive payment, or other transactable-like data, and if you know a company’s receiving address, you can monitor exactly how much coin is being sent to and from that address, and exactly when these transfers occur. Further analysis could reveal a great deal about a business' operations.

With a public blockchain, for example, if you establish a shared ledger between businesses, you could use permissioned Blockchain data, where the data would still be protected from prying eyes by a private key (encryption). However, because the blockchain is public, your competitors might still be able to see the volume of transactions, or the amount of data you are posting, even if they cannot read the actual data, giving away vital clues about your transaction patterns, real-time and otherwise.

Hybrid, Private Blockchain For Security

Increasingly, as the debate about blockchain and its uses unfolds, in much the same way the debate about using cloud services unfolded in the early days of cloud, enterprises are looking at two alternatives to public blockchain: private blockchain, and hybrid blockchain.

Private or hybrid Blockchains, while controversial, typically combine the strengths of Blockchain with traditional security measures, such as background checks, ISO security standards, and non-disclosure agreements for the participants, according to Werner Krebs, found of Los Angeles-based Acculation.

Data on a blockchain run by a banking consortium, could be both permissioned (encrypted), and the encrypted data can be further subject to the security standards imposed on traditional financial transactions. A hybrid blockchain might periodically place a cryptographic hash of the private Blockchain on the public Blockchain, adding the tamper-resistant features of the public blockchain to the private blockchain data without exposing either the private data or much in the way of transaction volume.

Krebs added that the emerging consensus seems to be that existing regulations prevent some data from being plated on the public blockchain for compliance reasons, but private and hybrid blockchains subject to traditional data security schemes may be fine, and in fact more secure than pre-blockchain systems.

Private and hybrid blockchains, however, are controversial because they reintroduce a trusted authority or middleman into the picture. If a private entity creates a private blockchain and makes it available to customers for a fee, what stops a private the consortium from suddenly going bankrupt, suddenly charging exorbitant fees, or capriciously denying service to some customers?

Existing regulations can sometimes be used, as a private banking consortium running a private blockchain on behalf of its customers has decades or centuries of private sector experience with bank data behind it. Furthermore, emerging Blockchain standards may make private and hybrid blockchains interoperable, so if one private blockchain operator tries to charge exorbitant fees the participants may be able to move the private blockchain to another operator.

Securing Public Blockchain

Assuming then, that an enterprise is not happy with this "middle man" approach, it is likely that for the near future they will stick with public blockchains. Cal Cook the consumer finance investigator at Syracuse, New York-based ConsumerSafety.org said that what is more likely to happen is that companies will publish certain timestamped data on a public blockchain that verifies the sensitive information that's encrypted on a private server.

Another option, he said, is publishing encrypted data on the blockchain. This data isn't visible to parties without a private key that decrypts the data to make it readable. So, a company could publish encrypted data and provide the key to decrypt it to the specific entities which need access to the information. This approach maintains the transparency benefits of blockchain with the privacy benefits of a centralized server.

Tim Li, head of platform at Theta Labs added that not all blockchains need to be exclusively public and entirely transparent. Permissioned blockchains, which use governance protocols to cover a variety of business relationships, can be used in an enterprise consortium implementation of the blockchain. Currently, blockchain use cases for the enterprise are still relatively rudimentary. There is ongoing development of on-chain protocols related to authorizations and access controls that would allow businesses the flexibility to expose the right level of sensitive data on a consortium blockchain. “The blockchain space is analogous to relational databases of 40 years ago. How many tables to have? How many indexes? Those are the questions that were addressed to enable enterprise-wide adoption of databases. Today, we are trying to figure out for the blockchain-equivalent parameters/protocols and address them,” he said.

Fear of the Unknown

Adopting new technology comes with growing pains, like fear of the unknown. “It is perfectly natural for people and businesses to be weary of certain aspects of blockchain technology — and transparency and security are two very rational concerns. However, by making the choice to explore blockchain technology, take small steps in adopting it, and continue to learn every step of the way, businesses can assuage any worries they may have while setting themselves up for a very bright future,” Fournier said.