In July 2014, one of the largest data breaches in financial services history occurred. Cyber attacks conducted across two full months compromised 83 million of JP Morgan Chase’s accounts. Prior to this, financial service institutions had been viewed as relatively secure; the sector consistently being the highest spender on cyber security defences and specialist cyber security staff.
In the case of JP Morgan Chase, this exceeded $250 million per year. The 2014 breach highlighted the fact that even the most secure systems contain gaps. Constant improvement and development is needed to resist the ever changing nature of cyber attacks.
Over the last 10 years, the spread of virtualisation, driven by cost saving and the ability to offer new products and services, has opened up a plethora of new opportunities for IT to support businesses. As banks and businesses progressively move toward cloud-based IT, the need for a secure and verifiable supply chain of data which can be traced back to the accountable user, grows more important.
How is data secured today?
To keep data secure in the cloud, encryption is required to ensure that only the intended recipients of the data can read and modify it. Traditional encryption requires keys, of which the most pervasive is public key cryptography. Public key (asymmetric) cryptography assigns every user two keys: one public, known to all, and one private, known only to the specific user. As the two keys share a mathematical relationship, the data encrypted with the public key can only be decrypted by its corresponding private key.
The problem facing cloud service providers is that even a modest cloud, of say 1 petabyte, requires billions of data transactions to be encrypted every single second. The computational power required to do this using public key encryption is huge making the process technically extremely complex, if not impossible. That’s without mentioning that it would make little economic sense!
Could blockchain be the solution?
Blockchain, popularised as the mechanism by which the cryptocurrency Bitcoin is transferred and secured, could put to bed the worries around the security of data in the cloud.
The principle behind blockchain is simple. Imagine a scenario where an aeroplane engine catches fire and provokes automatic engine cut-off. Upon landing, all of the passengers that could see the engine are strapped to a lie detector and confirm that the engine was indeed on fire and the fire was quickly extinguished. The pilots confirm that the aircraft engine management systems indicated an engine fire mid-flight, which cut off the engine, and the flight recorder (black box) validates these observations. The incident investigators record all this information in a report. Such a report functions in the same way as a blockchain. There is no doubt that the fire occurred because it has been verified by multiple sources.
To state plainly, blockchain is a ledger recording transactions. These transactions are anonymously verified by other parts of the blockchain network and irreversibly written into the ledger. In the case of Bitcoin, these transactions record the transfer of ownership of a certain amount of cryptocurrency. However, consider if the transaction pertained to the transfer, storage or processing of data in general. It would be possible for anyone with access to the blockchain to ascertain who accessed the data, where it went and how that data was governed. A truly transparent, unalterable record would exist.
A blockchain, such as that described above, would provide a clear audit trail for data transactions and allow accountability to be apportioned when a data breach occurs. The ability of all users and administrators of the cloud to verify transactions simplifies the process of holding users to account for their actions within the cloud.
What’s out there today?
In 2007, Guardtime, a cloud cryptography start-up, claimed to have created a solution. They assert that their product ‘Keyless Signature Infrastructure’ (KSI) is “the first and only blockchain platform for ensuring the integrity of systems, networks and data at industrial scale”. Fundamentally, KSI operates by receiving hash functions from users, practically irreversible sections of code, every time a data transaction occurs, which are then written into the KSI public blockchain. KSI then provides a signature of this hash function to the blockchain network, which cryptographically proves the time of signature, the integrity of the signed data and the entity originally generating said signature.
This simple process negates the need for key encryption, massively decreasing the computational power required to record data transactions. Using blockchain, it is therefore possible to scale this technology far beyond that previously achievable with public key encryption.
It would mean a transition from a trust based solution to a truth based solution; this would have an enormous impact because any person could choose to validate conclusively the truth against what a person had said in relation to a data transaction.
So... blockchain is the future!
It is clear that by combining two of the biggest developments in technology from the past decade, blockcchain and the cloud, it is possible to answer the challenges that have been preventing full adoption of cloud based IT.
Although still in its infancy, blockchain could provide the perfect solution for full adoption of the cloud, in even the most highly regulated environments because if functioning as envisioned, it contains that all important, undisputable record of the truth.