The Equifax argument for Decentralized Databases
The Equifax data breach of this past summer is making the headlines and for good reason. It is considered to be one of the biggest security failures in terms of personal data privacy in modern times. To those who are not too aware of what happened, between May and July of 2017, hackers were successfully able to access and steal the personal information (names, taxpayer ID numbers, birth dates, addresses, driver’s license numbers, etc) for approximately 140 million US consumers. This hack included the theft of over 200 thousand credit card credentials. This hack affected not just Americans but residents of Canada and the United Kingdom.
Equifax uses centralized computing services including possibly cloud-based databases, that are possibly distributed in a limited manner but are all under the umbrella of the same centralized cloud provider and data center. As this article will suggest, there are various aspects of this “traditional model” of data storage that are vulnerable to the attacks that occurred. Put simply, had Equifax used a proper decentralized data storage strategy instead, this incident would not have occurred.
A key aspect of a decentralized database such as Bluzelle’s own decentralized database (also called Bluzelle) is that the data is not stored in one place. There is no centralized storage whatsoever so there is no single central location to which data gets stored, and therefore no single central storage location from which data gets retrieved either.
This is very important for databases, as it vastly improves performance consistency, reliability, and scalability. But another aspect that is enhanced is security.
The reason security is improved is fairly simple to understand. In Equifax’s case, a single server or collection of clustered servers on the same cloud service or in the same data center was likely hacked. These servers each had large amounts of the customer data that was breached — a single server could have all the data or a large proportion of the data, and once one server like this was breached, the same weaknesses were likely exploited to get onto the other servers to steal the rest of the data with negligible marginal effort. This approach makes it very easy for someone who successfully breaks into a network to steal most of the data, and possibly all of it.
Had Equifax been powered by a decentralized database like Bluzelle’s DB, the situation would be different. The data would now be sharded (broken up) into say 100,000 different shards (pieces). So if 200M records were being stored, on average, only 2000 records would be in each shard (piece), not a number like 200M all on one server. Each such shard (piece) is stored on a different subnetwork (swarm) of computers. So really, a hack here would happen on a swarm level, where only a single such swarm gets hacked, where the hacker would get access to one piece, which is 2000 records. The hacker would need to break into every swarm (network) separately, with repeated effort every time since each swarm is protected separately. This is not a practical nor effective approach to steal data. Ultimately, these obstacles nullify the motives behind such a hack.
The result is there is a huge demotivation to break into decentralized networks in general. Successes are small and painful, with small rewards, compared to the effort and massive rewards attributed to breaching centralized networks. Decentralized networks will typically not be hacked for this reason and even if one was, only a few shards (pieces) would be compromised, with insignificant and easily correctable damage.
Like many aspects of Internet technology that are already being disrupted by decentralized technologies, decentralized databases like Bluzelle are poised to disrupt the database storage space. These innovations will reduce and eventually eliminate Equifax-level data hacks from occurring in the future.
Check out an interview with our CEO, Pavel Bains, conducted by CNBC, in Singapore and Hong Kong, regarding the Equifax hack and the argument for decentralization:
Want to find out more? Speak directly with our project team on our open Telegram group today.
