Recently, I was at a local networking event for The Penn Group. Huddled in a small room in an upscale restaurant, a large group of people from a broad range of industries filled the room. With alcohol involved, it turns out you can get people to do just about anything. As I was standing there meeting different people, a gentleman approached me and introduced himself. Standing far too close to my face, he began to explain that he had access to a breakthrough phone system that was far more secure than anything on the market. Naturally, as a security expert, my interest was immediately peaked. Opening his briefcase, he piled a pack of papers in front of me on the table. The papers were a bit withered, and the content seemed to be created in a 1943 version of Microsoft PowerPoint. Firing off his pitch, he reached the climax of his pitch. A phone system, secured by blockchain. Motioning to the deck, he showed me a graphic that had a phone on the left, a box that said “blockchain secured” in the middle, and a person on the right. I couldn’t believe my eyes.
The blockchain phone bandit wasn’t the first or last to triumph blockchain as the savior of all security problems, though. Recently, the app developer ByteDance, maker of the popular app TikTok announced that they would be implementing blockchain to solve many of the security woes that they have been grappling with. In order to understand the significance of this, let's take a dive into blockchain.
What is blockchain?
Blockchain became an overnight sensation several years ago when BitCoin experienced an meteoritic rise to over $20,000 USD per coin. BitCoin, a digital currency designed to be a decentralized currency, was underpinned by blockchain. Formerly the hobby of enthusiasts, blockchain was thrust into the mainstream with hungry investors looking to make significant returns. Invented in 2008, blockchain was born out of a need to create an immutable (non-changing) record system to keep track of digital transactions. In modern computing, creating a system that is immutable can be difficult, as various security challenges exist. With physical access, nearly any system can be compromised by a cybercriminal. From a security standpoint, once the computer is connected to the internet, you only create more problems for yourself.
In order to create a system resistant to modification, and by extension enforce security, a decentralized system needed to be created to offload the responsibility of a singular computing system to handle the transaction data and keep an immutable record. This allowed a collection of computers to contain the ledger, opposed to a single system. Each computer received a replication of the data, allowing for a system of validation for each transaction. This replication/validation process is the basis of blockchain. A decentralized approach improved the security of the system by reducing the likelihood that a signal compromised endpoint would cause a breach.
How is it used?
Underpinning a diverse set of use cases, blockchain can be an incredibly versatile technology. In situations where a ledger or immutable record is required, efficiencies in the implementation of blockchain can be unparalleled. Shipping companies, banking, manufacturing, among a collection of different industries have enjoyed the benefits of blockchain technology.
Blockchain isn’t the magic bullet of security
The inherent problem with blockchain is a lack of understanding in how it works, and how it can be effectively used to improve the security posture of a use case. Take the Iced Tea company that changed its name to include blockchain for instance. Its stock shot up immediately by 500 percent.
Or the phone system that was pitched to me in the restaurant that day. My first question to the salesman was: “how does this increase security?”. He could not answer my question with a straight answer. To this day, my assumption is that this salesman was attempting to tap into the same frenzy that the iced tea company tapped into.
Blockchain can be used to complement security controls in ensuring the confidentiality, integrity, and availability of data. With an emphasis on integrity, blockchain can offer an unparalleled approach to ensuring the data you seek is the data that you expect once you receive it. I would be hard-pressed, however, to understand how blockchain could cover for the basic security flaws facing apps like TikTok. In the end, as technology continues to evolve, the constant tension between what is new and what is true will continue to be exploited. Keep your eyes open, and be skeptical of opportunities that sound a bit too good to be true. Also, another good sign is to steer clear if the salesman’s deck has blurry images on it.