This post was originally published here by (ISC)² Management.
The future of cybersecurity was the subject of lively discussion during a session on blockchain’s potential to revolutionize how data is protected. The session was part of the 2018 (ISC)2 Security Congress, taking place this week in New Orleans.
The Blockchain session’s presenters, Nitin Uttreja and Ashish Dwivedi, who are both cybersecurity engineers for CA Technologies, argued that blockchain provides effective, reliable ways to secure cloud storage and the Internet of Things (IoT), and to manage identities and passwords.
But not everyone in attendance was buying it. Questions arose as to whether networks still have to be secured in conjunction with blockchain. Uttreja argued that secure networks are not necessary because of how the blocks – or records – in each blockchain are handled. Data in blockchains is distributed among multiple nodes in peer-to-peer global networks. One file, for instance, could be split into four parts, with each part having a different host.
Blocks, or records, rely on hashes, which are used to index pieces of data in a database. Each time that piece of data is modified, it generates a new hash. This, blockchain proponents believe, makes it hard to modify hashes because anytime someone tries to do so, members of the peer-to-peer network will notice it. And no changes can be made to the blockchain without approval from 51% of the peers.
Because blocks are secured through cryptography, Uttreja said, there is no need to use secure networks. “The blockchains are secure and immutable,” he said. “You don’t need any additional security.”
But some in the audience remained unconvinced, and there seemed to be some confusion over exactly how it all works. This isn’t surprising because blockchain is still relatively new and complex – and the jury is still out on whether businesses will ever be comfortable enough to use it for security.
Blockchain’s decentralized approach to data storage also helps make it secure, said Dwivedi. Files are broken down and distributed with true redundancy and privacy. There is no single point of failure, unlike cloud storage, which is centralized and, according to Dwivedi, “not as secure as it could be.” Dwivedi said cloud storage may move to blockchain in the future.
The same decentralization principle applies to identity management, he said. When private data is stored in a central repository, it’s easier for hackers to break in and get to the data. With blockchain, neither the identity management provider nor the service provider that is using the authentication stores any of the data centrally.
Whether blockchain becomes viable remains to be seen. Blockchain, along with machine learning and other new approaches, is being looked at closely as the cybersecurity industry looks to improve its methods and practices. Expect it to be the subject of further conversation at next year’s Security Congress, to take place in Orlando.