Be Aware of Blockchain’s Benefits & Risks
Companies are heavily investing in blockchain technology. According to a recent Deloitte survey of companies with $500 million or more in annual revenue, 28 percent of respondents had invested at least $5 million in blockchain technology. Further, 21 percent of respondents had filed for blockchain patents.
Several features make this technology highly desirable, but there also are risks. Companies interested in blockchain technology need to understand how it works as well as the benefits and risks.
Blockchain technology stores data and processes transactions in a way that’s largely unalterable, backed up and efficient—and can reduce the volume of sensitive information stored within it. However, this comes at a cost and with risks. You’ll need to ensure an appropriate level of computing power is dedicated to the system, confirm the system’s computers or nodes are secure and determine which computers will have network access.
While this isn’t an exhaustive list of blockchain technology’s features and risks, it’s a good starting point.
Resilience – Rather than using one centralized database, a blockchain approach uses multiple copies of that same database, spread across as many computers as desired. If one computer crashes or is otherwise compromised, the network still functions.
Unalterable – The term “blockchain” refers to how the data is arranged in batches—called blocks—that are chained together as follows: a digital fingerprint is taken from each block. Each successive block uses the previous block’s fingerprint as an input to the generation of the current block’s fingerprint. As such, if any transaction in any of the preceding blocks is changed, it affects not only that block’s fingerprint, but all successive blocks’ fingerprints. When this occurs, the network is alerted and can be configured to disregard information sent by that computer. This structure makes a blockchain database unalterable, assuming most computers on the network aren’t compromised.
Reduces sensitive information – Usernames and passwords are used in many traditional databases. When you log in, you have to provide your password. A malicious third party can access your account if it intercepts your password. A blockchain database doesn’t require a password. Instead, it requires a one-time use code that’s mathematically tied to your password and the specific transaction you’re authorizing. Even if that code is intercepted, it’s useless to the third party. This is similar to chip technology that recently rolled out in credit cards. While I’ve referred to a “password” for the sake of explanation, “private key” is a more accurate term for blockchain technology.
Efficient – A network can verify a transaction nearly instantly with a blockchain approach, as opposed to a traditional, centralized approach. The traditional approach often includes layers of security and, in some cases, manual review of transactions before they’re approved. With a blockchain approach, security is still important, but—due to its unalterable nature—it’s perhaps less arduous than with a traditional database.
Underpowered network – The phrase “safety in numbers” applies to blockchain technology. A blockchain database with a small number of computers could easily be compromised by malicious actors, simply by being outpowered. Many of the features described above depend on people with integrity controlling the network. If not, the system’s integrity is compromised.
Bugs in the protocol – An improperly written blockchain protocol—much like a website with improper security—can potentially be exploited, undermining the system.
Compromised protocol – Consider how the blockchain protocol is deployed to the network’s computers. Each computer plays by the same rules, but if the deployment of those rules is centralized, a hacker could rewrite those rules if he gains access to the computer that deploys those rules.
Lost or stolen private keys – Much like losing your bank account password, losing your private key to your account in a blockchain database means you’re no longer the only person who controls that account. Anyone using the network who has private keys should ensure those keys are kept safe.