The Blockchain Security Fallacy

Acreto
Acreto
Published in
4 min readMar 28, 2018

Blockchain: It slices, dices and juliennes, but is it security?

The industry claims that Blockchain will solve the world’s woes. Legacy companies like IBM, HP and Dell are touting Blockchain as the cure-all for anything and everything. In fact, the ‘Blockchain as a security savior’ message is so ubiquitously promoted and repeated, it has become an accepted fact. For many, Blockchain is not just secure — Blockchain IS security.

We’re here to tell you its not. Here’s why:

Crypto technologies and its variances such as Blockchain were designed to fulfill the following capacity as…

Denomination
Blockchain functions as crypto-currency, with a specific market value

Transaction Processing
Blockchain exists as a denomination-independent way to process financial transactions — similar to a credit card

Data Validation
Blockchain validates and verifies non-financial transactions and content

Blockchain provides a decentralized way to process and validate transactions. This is done over public networks while the transacting parties and the processing parties maintain their anonymity. Once the transaction is validated, it is documented in a public ledger shared across many systems. These make up the Blockchain network.

Business applications are built on multiple components. These include endpoints, systems, hardware, programs and data-sets, all of which have exposure points, referred to as an attack surface. Application platforms that use Blockchain are no exception. Though Blockchain is not susceptible to manipulation or fraud while in transit, it does nothing to secure the multiple attack surfaces and associated vulnerabilities of the platform components.

This means the endpoints, servers, applications and clouds that make up the platform remain vulnerable. A compromise of any of these systems could allow the attacker to forge seemingly legitimate Blockchain transactions. The end result? A transaction that appears to be made by an authorized user and endpoint which is processed by an authorized application. Blockchain is incapable of offering any protection in this scenario.

So what drives the industry to tout Blockchain as Security?

Even though proper cyber-security requires multiple functions (ie: identity, controls, privacy and threat management among others) to protect the entire application platform, Blockchain is limited to ensuring the integrity of the transactions. Without the implementation of other security functions, the entire platform remains exposed and vulnerable.

Blockchain protects the transaction in a very limited and granular way. Yet large swaths of the industry believe it is a new way to secure entire technology platforms!

No doubt, this is an undesirable byproduct of marketing departments gone wild. In their clamor to “simplify” the complex nature of Blockchain, they have managed to confuse, convolute and even misdirect. It’s like paypal claiming that they protect your bank account.

There are many benefits to using Blockchain as a denomination, for financial transaction processing or non-financial data validation. But the sooner the industry is clear about the practical application of Blockchain, the more confidently it can be used in business applications. With that, Blockchain’s growing use in real business applications can even stabilize the turbulent and unpredictable coin markets.

About Acreto IoT Security

Acreto IoT Security delivers advanced security for IoT Ecosystems, from the cloud. IoTs are slated to grow to 50 Billion by 2021. Acreto’s Ecosystem security protects all Clouds, users, applications, and purpose-built IoTs that are unable to defend themselves in-the-wild. The Acreto platform offers simplicity and agility, and is guaranteed to protect IoTs for their entire 8–20 year lifespan. The company is founded and led by an experienced management team, with multiple successful cloud security innovations. Learn more by visiting Acreto IoT Security on the web at acreto.io or on Twitter @acretoio.

--

--

Acreto
Acreto
Editor for

Advanced Security for Distributed IoT Ecosystems