As enterprise blockchains inch closer to live launches, a group of cybersecurity experts within IBM is out to make sure clients take every step to keep their new investments secure.
Adewale Omoniyi, a senior managing consultant in the biometrics and cybersecurity for IBM Global Business Services, is one such professional, and on Wednesday, he sought to get the word out about his team and its mission at an event hosted by tech educator Decoded.
There, Omoniyi gave a broad overview of how his team has worked with dozens of IBMâs enterprise clients, all of whom are building distributed ledgers with Hyperledgerâs suite of codebases.
Most notably, he discussed emerging best practices for what he sees as a coming generation of business tools that will sit on top of the technology, sparing no detail about why he believes controls must be built into smart contracts and âon-chainâ versus âoff-chainâ design considerations.
Already, Omoniyi said he has worked on building blockchain-based cybersecurity assurance applications for use cases such as supply chain and digital identity, and what heâs learned is that just because blockchains are difficult to hack, this doesnât mean they canât be compromised.
âFundamentally, we keep saying that blockchain isnât a panacea,â he said, adding:
âSecurity is often always an afterthought, but because of the foundational basis of the technology, there needs to be a depth of defense and building controls in every layer of the application.â
Both Omoniyi and the host of the event, Amadeus Stevenson, CTO of Decoded, mentioned several of the hacks that have happened involving the technology to date, albeit with a heavy focus on cryptocurrencies.
From Mt. Gox to The DAO hack, to the Parity frozen funds, to a BitPay executive getting phished, the session saw discussion of how many layers of complexity there are in blockchain systems, and how it would be easy to overlook one of the other.
âThere isnât a one size fits all. Itâs not just about using one tool, but multiple layers,â Omoniyi said.
For instance, one of tools the IBM team uses is threat modeling, where enterprises are asked to consider who a would-be hacker would be and why theyâd want to exploit the system.
On top of that, the team scans smart contracts and blockchain endpoints, applies traditional cybersecurity hygiene to this new industry, shapes key management strategies and perhaps most importantly, continues to monitor systems even after theyâve passed security assessments.
In conversation with CoinDesk after the event, Omoniyi said:
âYouâre never going to build a Fort Knox, but [all those processes] give you a fighting chance to build better defenses.â
And, according to Omoniyi, these security discussions with enterprise clients are typically not hard conversations, since the security of their customerâs data is of utmost importance. In this way, those clients are usually happy to amend their processes based on the suggestions made by the team.
âWith enterprises, weâre talking about real assets, real credentials,â Omoniyi said. âThis isnât proofs-of-concept and itâs not cryptocurrencies; enterprises take [security] more seriously because theyâre working with really sensitive information.â
Having said that, Omoniyi and his team have yet to find a serious exploit in the enterprise-grade distributed ledgers they have assessed so far. But, he admits, itâs early days.
And thinking about enterprise blockchains going live, and any potential hack that could result, Omoniyi worries that if security controls arenât built into these systems now and continuously monitored, a hack could stall the huge potential blockchain provides.
Omoniyi kept bringing it back to that potential, striking an optimistic tone about the profound use cases for the tech.
He pointed to the collaboration between IBM and a handful of food suppliers, including Walmart, to test a blockchain for more quickly pinpointing the source of a food-borne illness.
Stevenson had also previously mentioned Walmartâs blockchain work, saying that the employees were able to identify where a food product came from in about 2.5 seconds â down from six days before its history was tracked on a blockchain.
In this way, Omoniyi said, food suppliers could save lives by determining exactly where a tainted product came from. They can also cut down on waste, since being able to track exactly where a food product came from would mean they wouldnât have to throw out the same food products from other suppliers.
Wrapping up his excitement for the technology, Omoniyi said:
âChange is constant. You canât fear technology.â
Decoded event image via Bailey Reutzel
