Protecting Sensitive Data by utilizing Block chain — Distributed Leader Technology
Data breaches and data loss is one of the most common and costly problems that organizations of all sizes faces every day. And with today’s data being transferred among business networks, the cloud, mobile devices, and BYOD, data breaches have steadily been on the rise. Recent studies conducted by IBM and the Ponemon Institute have shown that many companies and organizations have suffered a data breach more than 17,000 times annually. Most of these breaches have resulted in a significant data leak that caused loss in productivity, decreased consumer confidence, trust, and increased costs associated with organization response. Because of the growing number of security threats, data loss and data leakage in the workplace has become a major concern for many companies and small businesses. Organizations are required to share data for business related activities with both internally and externally. The possibility of Data Theft and misuse is on rise. Hence, Organizations can utilize the power of distributed ledger technology known as blockchain to prevent and secure sensitive organization’s data.
Protecting Sensitive Data by utilizing Blockchain — Distributed Leader Technology. Organizations/Companies need to share sensitive data with both across business units internally and outside of the organization with third-party service providers or vendors. The data may be shared via email, through some type of cloud storage or a file-sharing service, or even using a thumb drive. It could contain Sensitive information that is downloaded from a services to meet business or organization needs. But, Think for a while… Once the information leaves the organization, worker’s desktop or the primary data processing system it is unprotected and can be easily sent to an unauthorized recipient by accident or stolen during a security breach or can be sent deliberately for misuse.
The advent of outsourcing key operations, use of personal devices, and the ease with which information can be share this making the risk of sensitive stakeholder’s data getting into the wrong hands. The Blockchain Technology can protect files throughout the Algorithms of Distributed Ledger [A distributed ledger: is essentially an asset database that can be shared across a network of multiple sites, geographies or institutions. All participants within a network can have their own identical copy of the ledger. Any changes to the ledger are reflected in all copies in minutes, or in some cases, seconds… Underlying this technology is the ‘block chain’, which was invented to create the peer-to-peer digital cash Bitcoin in 2008].
Blockchain algorithms enable Bitcoin transactions to be aggregated in ‘blocks’ and these are added to a ‘chain’ of existing blocks using a cryptographic signature [Cryptographic digital signatures use public key algorithms to provide data integrity. When you sign data with a digital signature, someone else can verify the signature, and can prove that the data originated from you and was not altered after you signed it]. The Bitcoin ledger is constructed in a distributed and ‘permission less’ fashion, so that anyone can add a block of transactions if they can solve a new cryptographic puzzle to add each new block. The incentive for doing this is that there is currently a rewarding the form of Bitcoin awarded to the solver of the puzzle for each ‘block’. Anyone with access to the internet and the computing power to solve the cryptographic puzzles can add to the ledger and they are known as ‘Bitcoin miners’. The mining analogy is apt because the process of mining Bitcoin is energy intensive as it requires very large computing power. It has been estimated that the energy requirements to run Bitcoin are in excess of 1 Giga Watts]. The document owner can automatically enforce exactly who can view the file, what they can do with the file (edit, print, screen capture etc.), from which device and for how long. Access to information and files can be revoked in real time even after distribution. In fact, you can set automatic expiration of access to data information with third parties after a set date.
Distributed ledger technologies can help organizations to protect sensitive data and it can ensure the integrity of data records. This technology offers the potential to protect organization’s data by sharing data records securely according to exact rules. For the users [Internal Employees or External Vendors/Stakeholders/agencies] of all of these data, the technology offers the potential, according to the circumstances, for organizations to control access to sensitive data records and to know who has accessed them and exercise control on data sharing. Current means and methods of data management, especially of sensitive data, typically involve large Information Technology Infrastructure and systems located within or outside an organization. To these are added an array of networking and messaging systems to communicate with the outside world, which adds cost and complexity. Highly centralized systems present a high cost single point of failure. These are vulnerable be vulnerable to cyber-attack and massive data breaches. Few Notable examples are: Heartland Payment Systems, 2008–2009: 130 million records compromised, Sony online entertainment services, 2011: 102 million records compromised, National Archive and Records Administration, 2008: 76 million records compromised, Anthem, 2015: 69 million to 80 million records compromised, Epsilon, 2011: 60 million to 250 million records compromised, Home Depot, 2014: 56 million payment cards compromised, Evernote, 2013: More than 50 million records compromised, TJX Companies Inc., 2006–2007: At least 46 million records compromised, Texas attorney general exposes millions of voters’ Social Security numbers and the list goes on…
The distributed ledgers technology of Blockchain are inherently harder to attack because instead of a single database, there are multiple shared copies of the same database, so a cyber-attack /data breach attack would have to attack all the copies in the network simultaneously to be successful. The technology is also resistant to unauthorized change [They are highly efficient because changes by any participant with the necessary permission to modify the ledger are immediately reflected in all copies of the ledger. They can be equally robust in rejecting unauthorized changes, so corrupting the ledger is extremely difficult.] Or malicious tampering, in that the participants in the network will immediately spot a change to one part of the ledger. Added to this, the methods by which information is secured and updated mean that participants can share data and be confident that all copies of the ledger at any one time match each other.
But this is not to say that distributed ledgers are invulnerable to cyber-attack or malicious tampering, because in principle anyone who can find a way to ‘legitimately’ modify one copy will modify all copies of the ledger which is computationally and practically infeasible even after using today’s most advance computational power. So ensuring the security of distributed ledgers is an important task and part of the general challenge of ensuring the security of the digital infrastructure on which modern societies now depend. Organizations can apply distributed ledger technologies to conduct their business and secure their sensitive data. The organization can use distributed ledger technology known as Keyless Signature Infrastructure (KSI) the one currently used by Estonian Government, developed by an Estonian company, Guardtime. KSI allows citizens to verify the integrity of their records on government databases. It also appears to make it impossible for privileged insider’s to perform illegal acts inside the government networks. This ability to assure citizens that their data are held securely and accurately has helped Estonia Government to launch digital services such as e-Business Register and e-Tax etc. by securing database using Block chain Technology. Organizations like Empowered Law use the public distributed ledger of transactions that makes up the Block Chain to provide Multi-Signature account services for asset. protection, estate planning, dispute resolution, leasing and corporate governance. The National Security Agency (NSA) is using Guardtime’s Black Lantern, a program based on the technology behind Bitcoin, or “blockchain,” which prohibits users from tampering with files. It is important to understand the data itself isn’t stored in the block chain. Rather, it stores a cryptographic hash, a long and unique mathematically-generated string of letters and numbers [nonce: is an arbitrary number that may only be used once. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.] that corresponds to the original piece of data. Cryptographers can use these hashes to tell whether a file or piece of data has been changed. You might have downloaded a piece of open source software that displayed a bunch of random alphanumerical characters on the download page with a label like “SHA” or “MD5” (to Check the integrity of the downloaded software) (Example-1: OpenOffice.org MD5 66bd00e43ff8b932c14140472c4b8cc6. Example-2: KNOPPIX_V4.0.2CD-2005–09–23- EN.iso.md5: 1188f67d48c9f11afb8572977ef74c5e, *KNOPPIX_V4.0.2CD-2005–09–23-EN. .SHA1: 56857cfc709d3996f057252c16ec4656f5292802) next to the download link, you’ve seen this in action. These sorts of hashes are what Guardtime distributes to various p2p machines.
Distributed ledger technology is still at a early stage of development. The development of blockchain technology is but the first, though very important step towards a disruptive revolution in ledger technology that could transform the conduct of public and private sector organizations. The technology can be adopted so that ‘legitimate’ changes to ledgers can be made in principle by anyone (an non-permissioned’ ledger), or by a limited number of individuals or even a single authorized person (in a ‘permissioned’ ledger) of a Block chain. The cryptographic codes of the digital world are extremely hard to break, but however hard these may be, they can be vulnerable to being bypassed. Bypass mechanisms range from the human, who may give away the key accidentally or deliberately, to the presence of ‘back doors’ due to deficiencies in the software code. The hardware hosting distributed ledgers may provide additional vulnerabilities and equal attention should be paid to the resilience and security of hardware systems. This will enable organizations is utilizing this technology for legitimately in Protecting Sensitive Data.
Blockchain Technology will enable organizations, banks, payment industry, non-banking financial companies, payment banks, law enforcement and others to protect their sensitive information and data wherever it goes, providing a new layer of security defense and protection from data theft and data breach — Saving Trust, Cost and Reputation of the organization.
Best way to like my articles…Don’t Buy me a Beer…
Just support my work and night spent on this post. With your support, I’ll be able to write more cool articles like this. Maybe you can Buy me a Beer :)
1. The Science of the Blockchain by Roger Wattenhofer
2. Great Chain of Numbers: A Guide to Smart Contracts, Smart Property and Trustless Asset Management by Tim Swanson
3. Blockchain: Blueprint for a New Economy by Melanie Swan
4. VALUEWEB: How fintech firms are using bitcoin blockchain and mobile technologies to create the Internet of value by Chris Skinner
5. Age of Context: Mobile, Sensors, Data and the Future of Privacy by Robert Scoble & Shel Israel 6. Data Privacy Law: An International Perspective by Lee Andrew Bygrave
6. Decentralizing Privacy: Using Block chain to Protect Personal Data | http://web.media.mit.edu/~guyzys/data/ZNP15.pdf
7. Decentralizing Privacy: Using Block chain to Protect Personal Data by G. Zyskind ; Media Lab., MIT, Cambridge, MA, USA ; O. Nathan ; A. ‘. Pentland [IEEE]