Seven reasons blockchain isn’t ready for mainstream deployment

A clear definition of blockchain is still needed

As more and more companies invest in the much-hyped blockchain technology, outside observers could be forgiven for thinking that the technology has arrived. The potential for the distributed ledger to transform key business processes has been spoken about but, like any cutting edge technology, blockchain comes with risks for businesses.

Speaking at the Forrester Digital Transformation Europe summit in London this week, principal analyst Martha Bennett laid out the biggest inherent risks and how businesses will have to overcome these challenges to unlock its potential.

1. Lack of clear definitions

Firstly Bennett said that it is important to reach some form of agreement over a working definition of blockchain. Bennett defines blockchain as: "A store of records which you can only write once and you can append only, you can never overwrite. Blockchain is distributed and either completely or partially replicated.

"It is cryptographically secured, and that is not the same as encrypting. By default the content on a blockchain, the transaction, the record itself, is not encrypted. The cryptographically secured bit is because you are hashing the transaction and linking it with its hash, which makes it immediately obvious if somebody has tried to change it because the hash won't match any more.

Bennett also said that if you replace the word ledger with database it becomes a lot less intimidating to discuss. So, why is this important? "My main message out of all of this is whether you are discussing blockchain make sure you are on the same page, because blockchain is like cloud or big data, it means whatever you want it to mean."

2. Security and risk

One of the key features of blockchain that has financial services and insurance companies salivating is its ability to guarantee secure transactions and reduce risk because any changes to a record are immediately obvious to anyone looking at the chain.

Bennett has some words of warning though: "Blockchain can also create tremendous exposures because, by default, the content on a chain is clear text. Or clear in another way that is easy to be decoded. So even with obfuscation there are typically techniques available to get at the content.

"That can lead to compromises of personal security if there is too much information about people out there. It can give rise to fraud if people have access to information. Most importantly it can be a violation of privacy and data protection regulations.

Bennet added: "If everything pertaining to a trade is on the chain then I can trade against you on that information. That is something companies working on this have already realised and the number of use cases are under re-investigation because of the commercial confidentiality and anti-trust issues. A lot of things need to be figured out around managing the risk, the security, the access."

3. Key Management

Bennett talked about the recent raft of cyber thefts through the global payments processor SWIFT and how blockchain won't be able to prevent these sort of issues.

"You are talking about a 'write-once' unchangeable record here, there will be people that make mistakes," she said. "There will be fraudulent transactions that get onto the chain because, where there is money, there will be fraud. It may be easier to detect on a chain but a chain cannot prevent fraud.

"People were saying SWIFT issues wouldn't have happened on the blockchain. No, SWIFT was about credentials theft and you can steal someone's keys for a chain. You may be able to track it better but you won't be able to prevent it."

4. Access rights and permissions

Bennett set out a list of questions IT teams will need to answer when it comes to blockchain.

"How many sets of keys do you have to manage for permissions and encryption. How do you revoke trust? How does the chain function? Which consensus algorithm do you use? Is encryption used? How many nodes are there? Is the storage on or off the chain?

"When you talk to vendors these are all important questions and you will find many of the startups can't answer these questions."

5. Enterprise deployment

Just because the technology looks ripe for enterprise use cases, like payments, remittance, post-trade processing, and compliance ledgers, it doesn't mean they are easily applicable to an enterprise IT environment. As Bennett said: "Overall the technology is in its infancy."

"Large scale adoption is five to ten years away because you have a combination of technologies that are quite immature. So you have companies involved that have extremely bright people working on them but have never encountered enterprise requirements when it comes to scale and security and of course things need to interoperate."

6. Storage

Anyone looking deploy blockchain technology will need to make a decision regarding storage.

Bennett says: "You can have storage on the chain itself, elsewhere or even in a parallel blockchain. That is something I am seeing increasingly under investigation. The moment you have a lot of computational intensive transactions that also need to be replicated across a number of databases you have latency issues, so you might want to take some of the storage or computation off chain."

7. Agreed common standards

Lastly, Bennett said there will need to be agreement on common standards and processes. Although there are moves to do this such as the R3 consortium which is working with many of the world's biggest financial firms -- collaboration is a challenge. "When did you last get over forty banks agree on a single identical process?" she asked.

Bennett had a final piece of advice for anyone investigating blockchain: "Start with a use case, not the technology. It saddens me to see the millions of pounds being used on projects that aren't going to go anywhere so it is important to get your hands dirty, try out this stuff and see what it feels like when it bites."

Join the CSO newsletter!

Error: Please check your email address.

Tags Blockchain

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Scott Carey

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place