Note to IT: Blockchain Isn't Magic
Whether you have partaken of the trademarked fruit punch or not, everyone can agree that one of blockchain’s chief exports these days is hype. It seems as if this method of data storage and organization is the perfect answer for everything. Some are calling it the next internet. Others are saying that it’s the answer to all your database and IT security needs. If you listen to the enthusiasts, then it’s better than night baseball. (But it’s not; nothing is better than night baseball, except maybe afternoon baseball.)
As an IT manager, you’re likely being deluged by questions from others in your organization, asking if you should be deploying a blockchain solution. Or maybe complaining that you haven’t already done so. And, of course, they all want a blockchain strategy, and they want it yesterday.
So, to start things off on the right foot, let’s start with the strategy question. An easy one to answer because it’s always going to be “no.” Not because you don’t want blockchain, but because the question makes no sense. The engineer doesn’t tell the captain how fast the ship is going to travel. The captain figures out where he’s going and then tells the engineer to set an appropriate speed.
What Is Blockchain?
You start the process that way because like any new technology, and contrary to marketing hype, blockchain isn’t magic. It’s essentially a bookkeeping method; in this case, a distributed ledger. The hype would tell you that blockchain is somehow safer than other types of record keeping, that it’s more secure, or that it’s more reliable. None of these claims is true.
If it’s implemented properly, then a blockchain is a collection of information organized into blocks. Each of those blocks is created through a process of solving a cryptographic puzzle that depends, in part, on the value of the previous block in a chain. This ensures that you can’t change the contents of a block because that would change the cryptographic value, which, in turn, would affect the values of all other subsequent blocks in the chain.
So, done right, the contents of the distributed ledger can’t be changed once they’re written. And this is further ensured because of the blockchain’s distributed nature, which means there are many copies of the blockchain and they all have to agree. In addition, a blockchain is supposed to be set up so that entries are only posted by authorized users and that, once posted, they’re verified to be correct.
Top Identity Management Solutions
Common Blockchain Myths
But those are a lot of “ifs.” In some applications of blockchain—notably, the blockchain that’s used to define Bitcoin cryptocurrency—the process of creating a Bitcoin ensures the accuracy of the ledger. But it’s important to know that, just because there’s a blockchain entry, that doesn’t mean it’s correct.
This is complicated by the fact that a blockchain can be much more than a financial instrument. The blocks in the chain can contain any kind of information, including programs and data. This is one reason why it’s being suggested that blockchain is the next great database tech.
But the flexibility of blockchain is also its biggest risk. Because a blockchain can contain anything; it can contain information that’s malicious, harmful, or simply—even deliberately—wrong.
“Blockchain doesn’t have any security. It’s just a ledger app,” explained George Waller, CEO of Blocksafe Technologies, which makes security products for blockchain implementations.
“The myth is that the blockchain is safe and, while the blockchain is immutable, access to it is not,” Waller said. Instead, he said that the blockchain used by your company needs to be at least as well-protected as your company network, if not more so. “It could be catastrophic if a hacker got on to it,” he said.
Waller said that one particularly worrisome scenario is malware that somehow gets inserted into the blockchain, at which point its greatest strength—the fact that it’s immutable—becomes its biggest weakness. He worries that too many organizations are implementing blockchain without also implementing proper access controls and adequate security.
Approach With Caution
But all this is not to suggest that using a blockchain is automatically a bad thing. If you need a way to keep data of any kind so that it’s protected but also instantly available to everyone who is authorized to see it, then using a blockchain makes a lot of sense. You just need to remember that it’s not a silver bullet. Doing blockchain right means you need to spend some time planning before you make the move. You need to decide exactly what you plan to use it for, who will have access to it, how you’ll control that access, and most important, how you’ll protect it.
A good way to get started is to work with a vendor that not only has real experience, but can also provide the support necessary to help you through the entire development process and beyond. IBM, for example, has a blockchain platform and a trained professional services staff. In IBM’s case, you can use it with IBM Cloud (formerly, IBM/SoftLayer).
So, the next time you’re asked about your IT blockchain strategy, remember there’s no need to flounder for an answer. As with any other key tech, the IT strategy is secondary to the business strategy, so just turn the question around. What’s their blockchain strategy? What do they expect to do with a blockchain? And why should it be blockchain and not some other data management method? Blockchain can be powerful and extremely useful, but just like everything else, it has its strong spots and its risks. You need to look at both sides of that equation before jumping on the bandwagon.