How to Secure the Blockchain Ecosystem

Blockchain is early in its development, and long-term investments may be risky.

Like many emerging technologies enjoying a sudden increase in popularity, there are many myths and inflated expectations surrounding blockchain — all due to an incomplete understanding of the capabilities and vulnerabilities of these technologies.

Blockchain technology certainly has a lot of promise. It has the potential to shape and disrupt many industries from banking to government, and overall digital business. But with that promise comes risk. “Security and risk management (SRM) leaders must take a critical look not only at the possible benefits of blockchain, but also the threats,” says Mark Horvath, research director at Gartner. “Consider using a multilayered model of blockchain security, so risks are clear at the business, technical and cryptographic levels.”

Public or private blockchain?

As many organizations look to capitalize on the benefits of blockchain, SRM leaders must ensure that they involve themselves in the planning process. Their core responsibility will be to define, frame, recommend and implement security best practices to mitigate organizational risk. But with blockchain technology being relatively new in the enterprise, SRM leaders will need to extract these best practices from a variety of sources.

One of the strengths of blockchain is that it uses established technologies to build common cryptographic properties like identity and integrity into a dynamically changing document

“Blockchain can be viewed as a protocol — and as such, must support an existing or needed business process in the same way that the HTTP protocol supports e-commerce,” explains Horvath. “Ensuring blockchain makes sense for the business is the key priority. Enterprises should ensure the implementation of blockchain technology enhances or creates a new digital business initiative that otherwise could not be recognized.”

Once you decide that blockchain can help solve your business problem, you need to decide if you need a public blockchain where anyone can join, a private one in which only select members can participate or a hybrid model that combines features of both. Additionally, many blockchains operate within a business context that includes several other groups or organizations that form a consortium as the governance model. 

Plan how to recover if things go wrong

Blockchain depends on networks, yours and others — and on client software. Both have long histories of compromises, security events and human error, so it makes sense to look at these layers and plan how to recover when things go wrong. A public blockchain may be more exposed, but similar problems can also turn up in a privately managed blockchain.

The CIO Executive Communication Guide

Speak the language of the C-suite to communicate the business value of IT

Get Free eBook

Private keys can be managed both in software and on smartcards, but both require a degree of maintenance and protection to keep the keys safe. This is in addition to the aforementioned network management issues. If a blockchain project involves physical goods, for example, money or freight, understanding how to translate blockchain or smart contract events into physical processes will be fundamental to your success.

Read more: The Irrational Exuberance of Blockchain

What’s secure today may not be tomorrow

Plan for critical security events and evaluate your preparedness and incident response plans. One of the strengths of blockchain is that it uses established technologies to build common cryptographic properties like identity and integrity into a dynamically changing document.

It’s well-known that hashing algorithms, which are considered safe today, may, in a few years, be deemed unsafe. SHA-1 is a good example of a widely used hashing algorithm that was weakened over time and replaced.

Gartner expects a period of heavy consolidation of blockchain technologies and platforms. “Prepare for turnovers in the technology and be ready for critical security events,” says Horvath. “This will enable you as SRM leaders to design resiliency at the heart of your security and risk approaches.”

Gartner clients can read more in Evaluating the Security Risks to Blockchain Ecosystems by Mark Horvath. This research is part of the Gartner Special Report “Blockchain-Based Transformation.” This collection of research highlights the scope of blockchain’s transformation, how it impacts various industries, and the current state and evolution of these technologies.

Get Smarter

Gartner Security & Risk Management Summits

The latest insights on IT trends, evolving security tech and the ever-changing threat landscape.

Explore Gartner Conferences

Predicts 2019: Blockchain Business

Blockchain introduces a new vector to accelerate the move to digital business. This allows enterprise architecture and technology and innovation leaders to create or represent assets in a digital context and to create a new, decentralized economic and societal model.

Read Free Gartner Research

Webinars

Get actionable advice in 60 minutes from the world's most respected experts. Keep pace with the latest issues that impact business.

Start Watching