An analysis of the blockchain security landscape by Akshay Aggarwal, CEO of Zove Security, with examples from fintech, banking, insurance, and retail industries. Our experience and insights into the foundational issues, risk factors, and promising use cases associated with blockchain technology.
As the blockchain industry continues to grow, with market projections reaching around $20 billion in the next few years, it is essential for us to understand the security landscape of blockchains. In doing so, we can better leverage this innovative technology across various industries, such as fintech, banking, insurance, and retail.
A key aspect of understanding blockchain security is recognizing the inherent risks associated with its foundational technologies, including decentralized and distributed ledger systems, public-key cryptography, and Merkle trees. By comprehending these risks, we can determine the suitability of use cases and their implementation strategies.
Cross-border B2B payments are one of the most compelling use cases for blockchain technology. Blockchain promises to streamline processes, reduce transaction costs, enhance security, and enable trust through identity management. According to a 2020 report from the World Economic Forum(1), 40% of blockchain use cases are in the financial services sector, with 70% focusing on cost reduction.
For instance, Ripple(2), a global payments network, leverages blockchain technology to provide faster and cheaper cross-border transactions for financial institutions. In the insurance industry, companies like Lemonade(3) use blockchain technology to automate claims processing and reduce fraud, resulting in lower premiums for customers.
In the retail industry, Walmart(4) has partnered with IBM to implement a blockchain-based system for tracking food products in its supply chain. This initiative helps improve transparency, traceability, and efficiency, ensuring that consumers receive safe and high-quality products.
To navigate the blockchain security landscape, we propose a risk criteria model for business decision-makers, as suggested by Aggarwal et al. The Zove Blockchain Risk Framework includes six different criteria:
- Legal and Regulatory: This refers to the uncertainty surrounding the use of blockchain technology in various jurisdictions and the potential impact of changing regulations on its value and implementation.
- Foundational: This involves the inherent risks associated with the underlying blockchain technology, its fundamental building blocks, and the choice of foundational elements.
- Technical Implementation: This refers to the risks related to how the blockchain solution is implemented from both a code and deployment perspective, including adherence to application security practices.
- Operational Integrity: This criterion focuses on how the blockchain technology is actually going to work in practice, ensuring its smooth operation.
- Scalability: This risk criterion is unique to blockchains and concerns the potential limitations in the foundational technology’s ability to handle increased usage, which may ultimately limit its value.
- Future-proofing: This involves considering the evolving nature of the technology and its various foundational elements and implementations, ensuring that the chosen solution remains relevant and adaptable over time.
To make this real, the authors convened a panel of a dozen blockchain, security and legal experts. The panel examined 10 use cases and created a heatmap of the risks associated with various blockchain use cases. In the heatmap, red represents high and unmitigated risk, yellow signifies high risk with some mitigations in place, green indicates managed risk, and white denotes unknown or undetermined risk.
For example, the expert panel evaluated risk for smart contracts (see attached heatmap) are as follows:
- Legal and Regulatory: Smart contracts are in a better position compared to ICOs from a legal and regulatory perspective, but they still face uncertainties.
- Foundational: Smart contracts share some of the same basic foundational issues related to security as other blockchain technologies.
- Technical Implementation: The real risk for smart contracts lies in the technical implementation, as poorly implemented contracts may lead to security vulnerabilities and other issues.
- Operational Integrity: Ensuring the smooth operation and execution of smart contracts is another area of risk.
- Scalability: The scalability of smart contracts can be a significant issue, particularly in an enterprise setting where massive adoption could hamper the effectiveness of the underlying blockchain.
- Future-proofing: Smart contracts may require a higher level of future-proofing due to their potential long-term nature, as they need to withstand the temporal aspects of blockchain technology.
As we look to the future, we anticipate the wide acceptance of 20 to 30 enterprise use cases and an increase in legal and regulatory frameworks surrounding blockchain. We are also interested in the security challenges that may arise when a popular blockchain technology loses users and becomes vulnerable to attacks.
Blockchain auditing holds significant value for supply chain management and digital assets. While the technology can be useful in tracing the origin and changes in code for digital products, verifying physical products can be more challenging, as the digital record may not always match the physical reality.
In conclusion, navigating the security landscape of blockchains requires a deep understanding of the technology’s inherent risks and a comprehensive risk criteria model for business decision-makers. By staying informed and anticipating future challenges, we can leverage the power of blockchain technology across various industries while mitigating potential risks.
(1) World Economic Forum. (2020). “Unlocking Blockchain for the Underbanked.” Retrieved from https://www.weforum.org/agenda/2020/10/blockchain-technology-financial-inclusion/
(2) Ripple. (n.d.). “RippleNet.” Retrieved from https://ripple.com/ripplenet/
(3) Lemonade. (n.d.). “Powered by Tech, Driven by Social Good.” Retrieved from https://www.lemonade.com/about
(4) IBM. (2017). “Walmart and IBM Are Partnering to Put Chinese Pork on a Blockchain.” Retrieved from https://www.ibm.com/blogs/blockchain/2017/10/walmart-ibm-chinese-pork-on-a-blockchain/
Reference as Navigating the Security Landscape of Blockchains: Understanding Risks and Opportunities by Akshay Aggarwal, Zove Security