We hear a lot about wallets and exchanges being hacked. And about ICO scams and unfortunate investors waking up to zero balances. Investing in the crypto space is scary. The prospect of losing money is scary. But what about losing data? As Equifax so monumentally demonstrated, having one’s personal information wind up in the hands of hackers is no walk in the park either.
So, would using blockchain make us any safer? If this is the technology with the potential to store the world’s data, how do we know it won’t be stolen by cyber criminals as well? And if blockchains are practically (but not completely) immutable, what’s to stop our entire identities from being hijacked, manipulated, or rewritten?
Blockchains Aren’t Prepared to Hold Sensitive Data – Yet
According to Anurag Angara, Blockchain Project Manager at Hydrogen, data theft on blockchains isn’t something to worry about just yet. “It’s not best practice right now to record private or sensitive data on blockchains. Once a piece of information is stored on-chain, it is publicly accessible; if it is encrypted, and you pass the decryption key to someone else, that opens a communication vector for someone to steal the decryption key, which means all of your encrypted on-chain information is now [an open]book for a hacker.” Not a comforting thought.
Of course, private blockchains can keep data on lockdown, but they’re vulnerable in other ways. “This is one of the reasons many people don’t see much of a value-add in the expensive process of implementing private blockchains. While implementations of private blockchains vary, they generally rely on trusted parties to a much greater degree than public chains do. Even if these parties are not malicious, they can introduce central point of failure into a system,” Angara explains.
But Blockchain Tech is Continually Improving
Whenever the threat of cybersecurity comes into play, many look to the decentralized nature of blockchain tech as holding the answer. But when it comes to data that needs to be kept secure, can we really risk having our medical records or credit card details floating around like an open book?
Technologies such as zero-knowledge proofs are starting to address this issue, Angara says, and becoming accessible on Ethereum and other blockchains. That could “make this process more secure by allowing you to prove knowledge of encrypted information without passing the decryption key.”
In fact, Hydrogen has developed a 2FA public blockchain product designed to secure large databases and APIs with blockchain technology. They’re also coming out with an iOS/Android blockchain-based alternative to 2FA apps like Google Authenticator and Authy for end users.
Angara reiterates, “Whether data is stored in a private system or a decentralized system, in order to make it secure, access must be restricted to authorized parties. Transparency and veritability are critical to confirming authorized accessors. Hydro’s Enterprise Raindrop product requires accessors to record an identifying piece of information on-chain whenever they are trying to access a system. In this way, invalid access attempts always leave an immutable paper trail.”
The Bottom Line
Says Angara, “There is another, much less frequently discussed challenge with blockchain: companies are happy with private databases; it would be expensive to overhaul their entire existing infrastructure. Most of the solutions blockchain provides, such as identity management and payment solutions, only really work if everyone gets on board with them, so few incumbent parties want to spend all the money it takes to be a leader in the space.”
Overhauling systems and replacing existing infrastructure is not an attractive prospect to many businesses looking out for the bottom line. So, will blockchain ever reach a point where it is widely used for data storage? Angara believes so. “Hydro uses APIs to bring blockchain functionality to businesses without requiring them to overhaul their existing systems. This will be a big step [toward]making blockchain technology accessible to today’s businesses instead of remaining overhyped.”
He continues, “It is important to note that private chains in many cases have the same security vulnerabilities as the traditional database systems that exist today, so it is reasonable to question their efficacy in the systems of the future.” As blockchain technology matures, we will begin to see a clearer distinction between public, private, and permissioned networks. And this, Angara says, “will play a critical role in creating secure systems.”