New Call-to-action

Layer, Patch, Test… But the Data is Still Centralized

November 1, 2018

When it comes to security, more of the same is not the answer

Recently, at the Equibit office, we got into a discussion around security and corporate aversion towards adopting better security solutions for the protection of consumer data. The discussion circled around one of the worst-ever data breaches in the history of corporate America, how the hackers breached security months before it was found out, and how the company approached fixing the problem afterwards.

In today’s age of security possibilities, it’s almost unfathomable that something so egregious took place.

There seems to be an aversion to adopting new technology. Instead, companies appear to be doubling down on what didn’t work before; more firewalls, more encryption, and generally more time consuming solutions that’ll involve patching and testing and more patching. It’s the devil you know versus the devil you don’t - sometimes comfort overrides the unknown, and ingenuity.

"The problem isn’t the strength of security measures, it’s centralization of data."

The problem isn’t the strength of security measures, it’s centralization of data. Layering on more of what existed before is not how future attacks are prevented. History has shown us that centralized security is exceptionally difficult to manage. This is particularly true when you look at the many internal tools and applications employed by corporations with access to data. Applications can be real points of vulnerability, acting as a backdoor to a honey pot of data.

That’s exactly how hackers breached one of the largest credit rating agencies; a third party tool used for managing customer support was hacked for access to the personal data of over 143 million users, according to a CNN report.

Just recently a pervasive social media giant was successfully targeted - maybe you were one of the victims whose information was compromised. By now, we know that guaranteeing security of personal data for million, or billions, of people is nearly impossible. For companies using centralized servers, it’s not if there’s a hack, but when.

So why, when better technology is available, are new solutions not being employed? You know where we’re going with this.

From our viewpoint, the best method for securing data sensitive to authentication, verification, and replication, is to decentralize how it is stored using blockchain technology. This is because blockchain’s decentralized architecture eliminates the easy target; data is widely distributed to the point of nullifying vulnerabilities.

"This means that there is no central hub available for attack, and that each wallet posting a transaction to the chain is individually secured."

Blockchain technology, a distributed ledger technology, stores encrypted data across a shared ledger hosted by a network of many global servers. As an abstract concept, a massive public blockchain may appear to have many points of vulnerability, but this is not the case. Each transaction that is entered onto the blockchain is cryptographically secured. This means that there is no central hub available for attack, and that each wallet posting a transaction to the chain is individually secured. If any transaction were to be tampered with, the digital signature (private key) attached to the transaction would become altered, also altering the hash of the block holding the data, thus breaking the chain. So while single points of data can be vulnerable to hackers, if data was breached the network would quickly become aware and the block would not be added to the chain.

In an April report the World Economic Forum noted, “to alter a chain, one would need to take control of more than 51% of computers in the same distributed ledger and alter all of the transactional records within a very short space of time -- within 10 minutes for Bitcoin. To date, this has never happened.”

In essence, the governance structure of blockchain technology puts the ongoing activity under constant scrutiny. This is in contrast to more traditional methods of securing information with routine checks or scans. Transparency rids data of darkness, a calling card for bad actors.

There is some irony here in the narrative surrounding the anonymity of blockchain. While wallets, or user accounts, are cryptographically secured giving each user some secrecy, the actions of these wallets provide an auditable history - transactions are traceable.

In fact, blockchain has provided authorities with an easier method of tracking malpractice by following the digital money trail. Just this past July FBI Director Robert Mueller indicted 12 Russian hackers for their interference in the American political system by tracking their use of Bitcoin.

What we know, and what we’ve seen to be proven, is that the collective is greater than the individual. Relying on siloed security is a near guarantee that a crack somewhere in the shield will be exploited. A public network provides a dedicated consortium cohesively working to deliver strength.

The incentive to hack a valuable pool of data is serious, so security should be too. It’s time for corporations to dive into blockchain. 

Sign up for the most recent news and, join our Telegram community for daily communication with the team.