What Blockchain Can And Can't Do For Security

I recently heard yet another blockchain expert who was supposed to razzle dazzle a computer IT audience with the promise of blockchain. Usua

Roger A. Grimes
July 11, 2019
What Blockchain Can And Can't Do For Security

I recently heard yet another blockchain expert who was supposed to razzle dazzle a computer IT audience with the promise of blockchain. Usually, I hate these events, but I was a guest speaker and couldn’t slip out of the room. Imagine my surprise and relief when this speaker, whose job is to gin up interest in blockchain, didn’t over-sell it. In fact, she said, “Blockchain may not be the right technology for you.”

[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they're for, what they cost, and which you need. | Sign up for CSO newsletters. ]

The speaker was CEO and BlockSpaces co-founder Rosa Shores. BlockSpaces is a Tampa, Florida-based blockchain incubator. It opened two years ago but came about from earlier informal meetings about blockchain technology that Rosa had been involved with since 2014. Now, BlockSpaces is involved with a multitude of companies, large and small, making and exploring real applications using blockchain. Most aren’t related to cryptocurrencies.

She said that over 50 different industries now have some sort of blockchain pilot project started. Many come to BlockSpaces to learn what blockchain is and how they might use it. Shores helps them understand the space better get their own projects off the ground.

Shores previously worked for the Home Shopping Network (HSN) in its ecommerce division. Then in 2014 she worked on a college project, the Bitcoin Bowl, that involved BitPay, which makes it easier for vendors to accept bitcoins payments. That project helped bring Bitpay to over 200 merchants.

A local candidate got involved with the project (he wanted to accept bitcoin campaign donations) and he saw the bigger promise of blockchain. He wanted to explore using blockchain to improve elected officials’ voting record transparency. At the same time, Rosa was attending and leading meetings about blockchain. The meetings expanded into more specialized niche meetings. Those meetings focused on what blockchain was, how it differed from bitcoin, and what it was and wasn’t good for.

Why blockchain won't solve all problems

I’m not used to blockchain promoters talking about what blockchain isn’t good for. My inbox is full of daily PR pushes that tell me that blockchain is going to solve all the world’s problems including cancer, religion and politics. My favorite blockchain pitch is how it will solve E.coli outbreaks in the U.S. food supply system. Rosa made me realize I was wrong.

I’ve been critical of proposed blockchain solutions because blockchain is a very good security technology for verifying the integrity of ledgers and sequential data stores. It can take processes where maintaining data integrity is crucial (say, real estate transactions, medical credentialing, supply chain tracking) that used to take weeks or months and cut the time to seconds.

Blockchain security is mostly about integrity of data over time. If the problem you are proposing a fix for doesn’t have a data integrity problem, blockchain isn’t the answer. For example, with the E.Coli outbreak solution, there’s been no widespread incident of farmers or anyone in the food supply chain changing database values used to track the health of our food supply system.

Distributed ledgers vs. blockchain

Shores then told me the part that I had been missing: What most vendors need is probably something close to blockchain, but not really blockchain. She says many solutions are better candidates for a lightweight blockchain cousin called distributed ledger. Rosa defined “blockchain proper” as a secure, distributed, decentralized, permission-less, open-source ledger where anyone running a node can see the entire transaction history. Many projects don’t need all those attributes. Most could make do with a subset of attributes, but could still benefit greatly by using a secure, distributed ledger.

In my E. coli example, she says, we need a way to do global tracking of the food supply chain. If you say you’re using blockchain, enough people are interested in and have heard about it that it creates enough excitement to get it finally done, via blockchain pure or distributed ledger. It’s difficult to get big, global, distributed projects started, much less done. If using the term blockchain gets your distributed ledger project going faster, what’s the harm? Her answer was so right.

Article on CSO