Enterprises in financial services, education, and health care see the tremendous potential behind the blockchain technology -- the one powering Bitcoin and other digital currencies -- but have been held back because of regulatory and data security concerns. IBM took the first step toward making blockchain ready for business with a new framework and service offerings for IBM Cloud.
Blockchain isn't just for Bitcoins and other digital currencies, as its public ledger system can be used to record any kind of transaction. The ledgers are stored concurrently in multiple locations and the entries are cryptographically signed to prevent anyone from modifying them. Blockchain provides an auditable trail of all the transactions and removes the need for a trusted middleman to oversee them. Consider the benefits for real estate, financial, contracts, and even health care.
But blockchain, as it stands, doesn't meet regulatory and data security requirements. For example, enterprises have to know everyone involved in the transaction, something that can't be done with the semi-anonymous nature of public blockchains. IBM's new framework and blockchain-based cloud services address the specific requirements, such as offering a permissions-based blockchain network with defined user roles.
"Clients tell us that one of the inhibitors of the adoption of blockchain is the concern about security," said Jerry Cuomo, vice president of blockchain at IBM. "While there is a sense of urgency to pioneer blockchain for business, most organizations need help to define the ideal cloud environment that enables blockchain networks to run securely in the cloud."
Many organizations have blockchain experiments, but they can't move into full-scale production environments so long as the cloud environment is not optimized for blockchain. If one instance within the cloud environment is not secure, the blockchain network running in that environment is at risk for tampering, breached confidentiality or data leakage.
The transaction keys used to sign ledger entries need to be securely managed, and there has to be proper role-based management tools to control who has access to the ledgers as well as their level of visibility over the network. There has to be a way to audit all transaction logs, and a way to restrict host administrators from accessing the ledgers. And finally, blockchain relies on cryptography to sign and protect individual entries, which can negatively impact overall processor performance if the cloud environment is not properly optimized.
IBM has taken elements of Linux Foundation's open source Hyperledger Project, has tested the code and certified the framework as secure, and is making all of it available in a dedicated environment within IBM Cloud.
The cloud services have been optimized for cloud-based blockchain networks by providing an auditable operating environment with comprehensive log data, necessary for forensics and compliance. Cryptographic keys are secured in tamper-resistant storage. The modules also detect and respond to unauthorized attempts to access the keys. Members in a blockchain network do not share any aspect of the operating environment, such as memory, disk drives, or hardware to prevent data or memory leakage.
Sign up for CIO Asia eNewsletters.