CDSA

Smart Hollywood Summit: Don’t Neglect Blockchain Security

[svg-table-content]

LOS ANGELES — Just by its definition, blockchain sure sounds synonymous with security: A decentralized database, comprised of a chain of records (or “blocks”), with each block containing a transaction, all of which are timestamped, linked to previous blocks via cryptography, and signed with a private key.

But companies delving into the emerging world of blockchain continue to make the same mistakes often seen with other new tech endeavors: too few developers and technical resources are paired with the launch, leading to diminished or even no security, according to Ian Thomas, business operations manager for Independent Security Evaluators (ISE).

First-movers in blockchain aren’t necessarily the winners, he said, speaking Feb. 27 at the Smart Hollywood Summit … the winners are those delivering secure products, he stressed.

“Last year, over $1 billion was stolen in cryptocurrency stolen, due in part to companies rushing to market without securing their products, because they lacked these developer resources,” he said. “More people are coming to market, but they’re not giving [emphasis] to security. It’s happening in [Internet of Things], it’s happening in blockchain … and that’s why we advocate for building security from the very start.”

Thomas shared what ISE sees as misconceptions regarding blockchain development, and how companies can shift their thinking to strengthen their security posture with the technology, avoiding pitfalls of blockchain development.

“There’s a lot of ambiguity surrounding it,” Thomas said. “Is it the wave of the future? Is it something you should be scared of? Is it something you should embrace?”

Besides what it’s best-known for — Bitcoin — blockchain’s uses are growing, covering everything from smart contracts, to medical records, from financial services to ticketing systems. Giant enterprises are adopting it, “and it’s not going anywhere,” Thomas said. “It’s popular, and you’re going to see it deployed more going forward.”

There are a lot of blockchain companies out there doing the same things, but none are addressing the underlying security issues surrounding the tech, Thomas said, with companies continuing to treat security as an IT problem, reserved for the IT staff, instead of as a companywide business issue.

By applying a security mindset to blockchain development at the outset, companies can help stand out as market differentiators, he said.

“It helps to convey authenticity to your clients, build and foster those meaningful relationships,” Thomas said. “It takes a lifetime to build up trust, and only seconds to destroy it. A breach can ruin your reputation, and take you out of business.

“Who cares if you’re first out of the gate, if you don’t finish the race? Take the time, build in security, before going to market.”

To download audio of the ISE presentation, click here. To download the PDF, click here.