Covid-19 prevents people from coming to work and operating the on-premise security systems that controls large amounts of assets. Hub security enables to do that remotely with the same security standard
EY announced in early March the launch of its Baseline protocol project. The new initiative is a an open-sourced paackage of blockchain tools that will allow enterprises to build and deploy blockchain-based products securely and privately on the public Ethereum blockchain. The project is part of a joint effort between EY, ConsenSys and Microsoft.
The Baseline protocol leverages several technologies, including zero knowledge proofs, off-chain storage and distributed identity management so that enterprises can define and synchronize processes and agreements using common standards, with full privacy, and without storing sensitive business information on the blockchain itself.
“This initiative builds on that groundwork and starts filling in gaps such as enterprise directories and private business logic so enterprises will be able to run end-to-end processes like procurement with strong privacy,” said Paul Brody, EY Global Blockchain Leader.
The Baseline protocol will also support smart contracts and industry-wide tokenization standards. In doing so, they will enable an ecosystem of interoperable business services. Key process outputs like purchase orders and receivables are tokenized and integrated into the decentralized finance (DeFi) ecosystem.
The initial release of the Baseline protocol includes the process design and key components to enable volume purchase agreements and lays the groundwork for blockchain applications that link supply chain traceability with commerce and financial services.
“With the Baseline protocol, we are developing enterprise processes that are ecosystem ready because they are being built in a truly blockchain-native manner. When delivered on the public Ethereum network, this will drive adoption and the whole ecosystem,” said Yorke Rhodes, Principal Program Manager of Blockchain at Microsoft.
By supporting smart contracts and tokenization, as well as integrating into a DeFi ecosystem, enterprises will have access to an extensive toolbox of resources with which to research and develop blockchain solutions. The protocol enables confidential and complex collaboration between companies and enterprises without leaving sensitive data on-chain.
With the blockchain industry’s value estimated to hit $23B by 2023, it’s hard to keep track of the amount of blockchain-based solutions launching each month. As the industry grows though, so does its risks. While the security features inherent in blockchains make DLT resistant to attack, they do not make it immune. In fact, DLT technology is subject to a number of issues that centralized databases are not.
The growing list of blockchain technology providers who have become victims of malicious hacks and attacks is starting to make many wonder if blockchain is really as secure as it’s made out to be. While industry experts continue to remind the public that DLT technology is eons beyond current data security solutions, many still believe companies should take extra precautions when safeguarding their data –– especially on the cloud.
As more governmental, industrial, and commercial sectors adopt the use of blockchain and DLT-based technology, there’s a growing need for discussion. Below are some points to consider which also serve as a means to raise awareness of the risks still associated with the use of blockchain and Distributed Ledger Technology.
One of the most common points of vulnerability with DLT technology is actually outside of the blockchain. Endpoint vulnerabilities are critical because of where they take place: at the time and place humans and blockchains meet. Simply put, an endpoint could be anywhere an individual is using to access sensitive data such as the computer of a bank employee.
Since most hackers know there’s no use in attempting to guess a user’s keys, they spend a lot of time trying to steal them. The best chance of obtaining keys is to attack the weakest point in the entire system, a personal computer or mobile device.
The process of accessing the blockchain in order to receive that data is what makes endpoints so vulnerable. Endpoints provide malicious attackers the opportunity they need to get nasty code in or out. Once a device is exploited, hackers can piggyback off the credentials of high-access users in order to do the most amount of damage.
As DLT adoption continues to grow, many look to new solutions to provide them with the security and protection DLT technology promises. But while many new products continue to grow, it also creates another security vertical of great concern: vendor risks. Often, companies looking to deploy 3rd-party blockchain apps and platforms are not aware of the security risks associated with faulty and exposed vendors.
It’s not uncommon for vendor solutions to have limited focus on security measures with weak security controls on their own systems, flawed code, and even personnel vulnerabilities that can easily expose their clients’ blockchain credentials to unauthorized users. This threat is especially relevant when discussing products that involve the use of smart contracts. Since an organization’s entire operation and policies can be housed as a smart contract on a blockchain, a vulnerability of this magnitude has the potential to be catastrophic.
While Bitcoin has been around awhile, blockchain technology is still considered highly experimental. While we still don’t know the full scale of what’s possible ––– security experts can agree on one thing: every new blockchain product that leverages DLT technology must undergo vigorous testing before being released to the public. While some DLT projects are tempted to launch their half-heartedly tested code on live blockchains, the cyber risks can be damaging and long-lasting.
As new technologies enter the market, developers are incentivized to be first or early with the release of applications, often at the risk of deploying insufficiently tested code on live blockchains. Given the decentralized model of many blockchain solutions, the risks are often greater due to the irreversibility of the technology.
The on-ramp of digital assets is one of the most critically exposed points in the development of a blockchain-based solution. More specifically, how are the assets and information securely signed on to a blockchain? This all comes down to the private keys used to sign and encrypt blockchain transactions. If someone gets ahold of the keys, the entire downstream blockchain-based solution is corrupted.
Not only is protecting these keys critical but also ensuring they’re used safely, e.g. not exposed by software when used to sign a transaction. Additionally, the process of approval for using the keys must be protected –– otherwise, someone can hack or impersonate an approver and sign a malicious transaction. And of course, this element of your blockchain solution needs to be considered from the start, or else it will likely prevent or slow down a successful transition into production.
Adopting new technologies always comes with the fear of the unknown. While blockchain-based solutions continue to provide customers with high levels of security and transparency, the onus falls on product designers to begin considering security from day one. From design to development, every step in the product development cycle is crucial to ensuring products are safe, reliable and secure for consumer use.
With the explosion of distributed ledger technology (DLT) as a safe and secure solution for transparently handling and sharing information across organizations, many businesses are jumping on the DLT bandwagon. Proponents of the distributed ledger technology known as blockchain consider it to be one of the best ways to secure transactions.
But while blockchains have many desirable features, such as transaction efficiency, there are still other conditions and requirements to consider when leveraging blockchain technology for business. The publication of DTCC’s most recent paper on the matter outlines key risks associated with the use of the nascent technology and an acknowledgment of the many security risks still associated with its use for both small businesses and enterprises alike.
“With the adoption of DLT across the financial services ecosystem likely to continue to increase in the coming years, we need to be certain that all DLT-related security risks are identified and addressed to maintain the safety and stability of the markets,” said Stephen Scharf, Chief Security Officer at DTCC.
With hundreds of new blockchain-based products released each year, many of today’s development teams don’t consider the security risks associated with the use of DLT early enough on in the project development cycle. Infosec usually isn’t on every founder’s mind when they start projects, especially when it comes to pilots. Once things are in the air, often they are forced to take a few steps back once they realize they hadn’t considered security performance and infrastructure from the get-go. Interestingly, the same is often true for blockchain vendors who are in a rush to get their products deployed.
The fact of the matter is, most don’t consider the fact that all blockchains aren’t created equal. It’s important for businesses to be aware of this fact when evaluating whether the technology they’ve chosen will have the proper security measures they require –– both internal and regulatory.
For fintech solutions looking to meet security regulation standards, opting for a simple cloud-based solution often can do more harm than good. Trusting cloud providers can be risky business –– or better yet, a major risk for your business. However you choose to look at it, while many cloud providers promise to keep highly sensitive data secure many also fail to do so as the recent WSJ’s Cloud Hopper investigation revealed.
When establishing a private blockchain, businesses must consider the best platform for deployment. While blockchain has inherent properties that provide security, known vulnerabilities in any infrastructure can be manipulated by those looking to get their hands on yours or your customer’s data.
Ideally, you should have an infrastructure with integrated security that can:
Considering these capabilities before developing your DLT-based solution will ensure your blockchain network has the added protection it needs to prevent attacks from both within and without.
Encryption requires high levels of cryptography and secrecy. Often encryption aids in the transfer of data from one point to another, safeguarding the data lest it is intercepted or falls into the wrong hands.
Encryption is most commonly used on documents and messages before they’re transmitted, but if the recipient of the information cannot verify its source or the identity of the sender, the authenticity of the information may not be trustworthy.
This is the primary reason for the use of keys when decrypting data. Keys are shared between the sender and receiver of encrypted communications and verified by digital certificates in order to establish the integrity of any incoming information.
In the world of data encryption and decryption, there are typically two kinds of keys, private keys, and public keys. Private keys are when both the sender and recipient of the information have an identical key that allows for the translation of the incoming data. In cases of private keys, both parties must make efforts to keep the key secret and safeguarded –– which can become challenging when more than two keys are involved.
That’s where public keys come in useful. Used more often today, public keys can be used to encode information and a private key is required to decrypt it. A good example of this would be credit card usage. While a credit card company may provide an authorization device with a key that is readily available, customers must input a pin that allows the machine to decrypt their information, making the sharing of sensitive financial data more regulated and secure.
Public keys are the basis for a Public Key Infrastructure when decrypting highly-sensitive data. PKIs enable the use of digital signatures and encryption across large user sets. The Public Key Infrastructure (PKI) is the set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys.
Often they help establish the identity of people and devices, enabling controlled access to systems and resources, protecting data and authenticating transactions. Many of today’s emerging technologies, especially within the fintech space, are becoming more and more reliant on PKI technology to guarantee security and protection of sensitive data.
The Fifth European Money Laundering directive came into effect January 1st, which updates a fourth EU Money Laundering Directive to include crypto services. The law would allow for the sale and custody of Bitcoin and other cryptocurrencies across the EU, including Germany.
The People’s Bank of China (PBoC) announced last week that the top-level design of its digital currency is finally complete. The digital currency’s next step is to “follow the principles of stability, security, and control,” said Mu Changchun, head of the digital currency research institute at the PBoC.
The Spanish telecommunications giant Telefonica recently reported it will launch a new partnership with the local Association of Science and Technology Parks (APTE) to grant 8,000 Spanish firms access to its blockchain.
Turkey’s Takasbank announced the release of its blockchain-based gold-backed transfer system Dec. 30th. Developed by the Istanbul Clearing, Settlement and Custody Bank, the BiGA Digital Gold trading platform provides banks with a blockchain-based system for the issuance, repayment, and transfer of digitized gold.
As of January 1st, Illinois’s Blockchain Technology Act took effect, opening the door for the legal use of blockchain-based contracts.
Keep up with cyber security news!