[BreachExchange] Using the Blockchain to Secure Sensitive Information

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jul 6 15:32:05 EDT 2018


https://themarketmogul.com/using-blockchain-secure-sensitive-information/

The internet is in bad shape right now. After nearly two decades of tech
innovation and mass participation on the world wide web, there are now
obvious dangers when valuable information is stored online.  After almost
two decades of innovation and growth, the cracks are beginning to show, and
it is becoming increasingly clear that storing information online comes
with severe risks. The internet has seen hackers and other malicious actors
profiteering from the sale or fraudulent use of user data. From Yahoo to
Equifax, major players online are vulnerable to hackers on a near-weekly
basis.

Data Breaches

It is not just emails and financial data being siphoned off – social media
giant Facebook, home to almost a quarter of the world’s personal
information, recently made headlines with the Cambridge Analytica scandal:
a breach that saw the data of 87 million users misappropriated in order to
micro-target users in an attempt to influence their political views. The
usual surface-level reactions of outrage and cries to boycott did not do
much to help – despite its popularity in the media, the #DeleteFacebook
campaign was a failure. History is bound to repeat itself if a viable
solution does not appear – going analogue in the digital era is not
feasible.

The solution has to lie in better technology. As people continue to
digitise every byte of information they produce, there needs to be a more
secure infrastructure that allows individuals to use the internet without
running the risk of having their data compromised.

The Blockchain Offering

There is a significant buzz around blockchain as a means to improve
internet security. The hype is unsurprising – a blockchain is a
decentralised ledger with censorship resistance and immutability baked-in
at the protocol layer. It was introduced almost a decade ago as the
mechanism that secures bitcoin and has since captivated startups and
established companies.

Some blockchains support smart contracts, which allow for the creation of
fully decentralised applications atop the network. Ethereum is the leading
security actor on the blockchain and has been adopted by thousands of teams
in their efforts to create secure platforms. With its popular ERC-20 token
model an established industry standard, companies working with Ethereum are
on the front line of security in the digital space.

For all its strengths regarding internet security and transferability,
blockchains are currently incapable of storing large amounts of data. As
while tokenisation opens up interesting ways to timestamp and guarantee the
provenance of the data, blockchains are incapable of providing privacy
(given their public nature). There are fortunately better methods of
storage that can work in conjunction with a distributed ledger. For
example, instead of uploading company records or scanning documents to the
blockchain, an ‘off-chain’ solution would be better suited to preserving
these records.

As such, sensitive information can stay secure with its provenance assured,
while also remaining transferable through the use of a utility token.

Building a Digital-First Future

Revaluating security in a digital age, where citizens are ‘plugged in’
through internet-connected PCs and smartphones in both a personal and
professional capacity is essential for businesses and governments. If
recent hacking and data breaches are anything to go by, then businesses
need to stop using dated infrastructures prone to compromise, and start
considering alternative technologies. Blockchain-based systems are shining
a bright light on a dark problem. When existing centralised hierarchies are
dissolved and by embracing decentralisation, internet users will be able to
securely and privately store their data without fear.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180706/c0993e34/attachment.html>


More information about the BreachExchange mailing list