The enterprise sector is quick to embrace innovative emerging technology to unlock new revenue streams, enhance existing operations, uncover and consolidate new business models. At the same time, the internet has become the default foundation not only for the business and industry sector but also for key areas such as healthcare, finance and public services.
Without a doubt, this increasing reliance on technology and the internet has led to an exponential increase in the amount of data generated and stored worldwide. According to Cybersecurity Ventures, the world will store a total of 200 zettabytes of data by 2025, including data stored on public and private IT infrastructures, utility infrastructures, public and private clouds, personal devices as well as IoT (Internet of Things) devices. To clarify and illustrate the dimension of this number, a zettabyte is equal to approximately a thousand exabytes, a billion terabytes, or a trillion gigabytes.
The accumulation of these vast volumes of data indicates the fact that data has become a central component of our society. This point was also highlighted in 2015 by the former IBM Corp.’s Chairman, President and CEO, Ginni Rometty during the IBM Security Summit – “We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.”
The fact of the matter is that the value of data has come to outweigh that of gold. As a result, cybercriminals seem poised to exploit every gap and opportunity presented by existing systems as well as new technologies in an attempt to hijack and compromise a company’s most valuable asset, its data. This is showcased by cybercriminals’ increasingly complex attack patterns and strategies that target specific valuable information like financial data, health records, personally identifiable information (PII) and intellectual property.
Blockchain, a new player in the cybersecurity space
Blockchain is a digital, distributed and decentralized ledger of transactions which stores transaction data in structures called blocks. Each block contains transaction data and metadata (a set of data that provides information about the respective block). The advantage of this structure is that each block is constructed upon the previous block, in a chain-like structure (hence the name blockchain), by calculating the hash of the previous block and combining it with the hash of the second block of transactions.
This complex design is what gives the data introduced in the blockchain its immutability and integrity. If a malicious actor attempts to alter the data from a block, every change will be immediately noticed by the system and every other network participant, because it will render all the following blocks invalid. These design choices make blockchain ideal for storing data securely because it is an append-only structure, which means that data can only be introduced into the system, it can never be completely deleted. Any changes made to data that has already been recorded in the blockchain are processed as new transactions, which means that the system keeps an integral audit trail of every piece of information that was introduced in the system.
ince its early days, blockchain technology has managed to stimulate the curiosity of security experts throughout the world with its ability to act as an infrastructure that ensures in-depth information traceability, data immutability and integrity, operational resilience in a system failover scenario, while also mitigating the risks associated with single point of failure scenarios. This set of unique characteristics, features and functionalities fall in line with provisions of the CIA security triad.
What is the CIA security triad?
Action movies aficionados, I’m sorry to disappoint you but the CIA security triad doesn’t refer to an agreement between the US Central Intelligence Agency and a transnational organized crime syndicate. Although, to be fair it has the potential for a B movie script. In information security, the CIA security triad is one of the oldest and most popular organizational models designed to guide information storing policies. Each letter represents a core principle of cybersecurity: confidentiality, integrity and availability. To avoid confusion with the Central Intelligence Agency, the CIA security triad is sometimes referred to as the AIC (availability, integrity and confidentiality) triad.
The most common method to ensure data confidentiality is through encryption, a process through which information is transformed into ciphertext, an unintelligible block of text that can be decrypted only with the correct encryption key. For decades, data encryption has become an important line of defence in the flow of cybersecurity architecture because even if data is intercepted by malicious actors, a complex encryption algorithm can block attackers from deciphering the content of the information.
Although an invaluable tool, how encryption is applied to protect information usually determines the levels of data tamper resistance. The problem is that encryption is mostly used to protect data at rest or in transit, leaving it potentially vulnerable during processing. As encryption mechanisms have evolved, the range of attacks on data has also expanded, ranging from attacks focused on encryption keys, integrity or corruption attacks, ransomware, and data destruction attacks.
Modex BCDB enables companies to tap into the potential of blockchain technology to store their database entries into a secure tamper-proof blockchain ecosystem. The infrastructure of the BCDB system was designed with security in mind. As such, to supplement the security capabilities of a standard blockchain network, Modex BCDB comes with a default data encryption mechanism that removes the need for programmers to write new code to encrypt the data. To enhance user experience and add a layer of flexibility to the BCDB environment, users have the option to enable automatic encryption at the field level.
NIST defines data integrity as “the property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit”
Data integrity is an essential component of information security that measures the overall accuracy, completeness and consistency of data throughout its life cycle. The concept of data integrity can be used to describe a state, a process or a function. As a state, data integrity measures the authenticity and consistency of information. As a process, data integrity determines if the information has remained unaltered after it has transited to a new location or after it has been utilized in various operations. Lastly, when viewed as a function, data integrity is closely related to security, namely processes and procedures that maintain information in the same state it was introduced in the system.
Data integrity is commonly imposed through standard protocols and guidelines during the designing stage of a database, data warehouse or any other type of data storage medium. It is conserved through multiple error-checking validation procedures, rules, and principles based on a predefined set of business rules. When evaluating data integrity the following metrics are taken into consideration: accessibility, authenticity, completeness and transparency. Furthermore, depending on the sphere of activity a company activates in, data integrity also calls for ensuring compliance with international regulations that focus on the storage management and processing of sensitive data. Compliant status is achieved by following a series of protocols, guidelines and criteria stipulated in the body of legislation such as the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS). Failure to comply with international regulations attracts considerable financial fines.
Blockchains are highly valued for their ability to guarantee data integrity, and security because they store a digital signature of the information present in the database in interdependent structures called blocks. Unlike databases, blockchain is an append-only structure which means that information can only be added to the network but never deleted. At first glance, this may seem troublesome because it may lead to the accumulation of redundant data, but in fact, this feature acts as a timekeeping mechanism for the data, as it creates an exact historical record of each version of the data, providing useful information like when it was modified, how it was modified and who modified it.
Information traceability and record history
In a traditional database system, users can perform the standard CRUD operations (create, read, update, delete), four basic functions of persistent storage that constitute the backbone for interacting with any database. Both relational and non-relational database systems are designed to rely on the CRUD operations to enable basic interactivity. The problem with this approach is that database administrators or users with sufficient clearance can access and modify data entries. This is also available for malicious actors who manage to exploit a security vulnerability and gain access to the database which can lead to numerous problems such as data breaches, corruption and even complete loss of data.
Blockchain technology enables companies to strengthen their database security and enhance audit and reporting operations by facilitating information traceability and record history. Blockchain differs from traditional databases because it is an append-only structure, which means that delete and update operations cannot be performed on existing data. As such, companies can employ a pure blockchain network or a hybrid solution like Modex BCDB that fuses the advantages of blockchain technology and the familiarity of a traditional database engine solution that stores all the previous versions of the information in a separate table to simply reporting and audit operations. In Modex BCDB the database displays by default the latest version of the information, but by accessing the record history, users can interact with older versions of the data and perform various operations including integrity checks, data analysis, and even settle disputes if the need arises.
Due to blockchain’s design, data traceability is available without configuring record history. This is because each data insert in a database has its hash stored in the blockchain network. Even a small modification to an input can drastically change the hash of the information. By comparing the two hashes, an admin can easily determine that the information has been tampered with. But because it is impossible to determine the initial input from the hash digest, they will not know exactly how the information was modified in the database.