Blockchain, the shared database technology that drives cryptocurrencies like bitcoin, has developed a virtually unchallenged reputation as the next big thing in finance. Yet as business and security experts begin to understand blockchain's potential to securely manage and track an almost endless variety of assets, they see technology rapidly breaking free from its virtual cash roots.
"Blockchain addresses the reality that we live in a heavily connected world and our interactions increasingly are between multiple different parties who would benefit from a tool that enhances trust between them," says Steve Cerveny, IBM's blockchain program director. "Combine this with the fact that our transactions are increasingly occurring through digital means, and the opportunity for blockchain to improve the way we interact starts to shine."
A blockchain is fundamentally a distributed ledger that allows multiple authorized parties to make changes in an agreed upon manner. "Your checkbook is a ledger and your bank has its own ledger associated with your checking account," says Todd Little, an Oracle software architect. "A blockchain is essentially an electronic version of those two ledgers." Each party has access to the deposits and withdrawals, and each can make entries that the other can see. "All of this is under the control of smart contracts that determine who can view or add to the ledger," Little says.
Yet unlike a financial ledger, blockchain can be used to track almost any type of transaction. "Any asset or data that can be tokenized and individually recorded can be managed on a blockchain," notes Rich Meszaros, connected commerce lead at Accenture Mobility.
Blockchain can protect any encrypted block of documents chained together chronologically or by transactional activity. Such document blocks may include "smart records," such as archived corporate and legal documents, or "smart contracts" that store the terms of a deal using blockchain as a trail of all contract-related activities and agreements. "These could be contracts made between trusted parties in a swap arrangement, an exchange of legal documents for a title on a home or between parties in a trustless relationship, such as DLT (Distributed Ledger Technology) shares to be issued by the state of Delaware for initial public company offerings," notes Len Steinmetz, a director in the Financial Services Advisory practice of Grant Thornton.
In an increasingly digital age, virtually any asset can be represented digitally and therefore added, moved, transferred or tracked on a blockchain. "Retail items, including foods and pharmaceuticals, have SKUs and other unique identifiers," Cerveny notes. Even specialty items, like diamonds, are now on the blockchain. "Land registry deeds, cross border remittances, shipping containers, healthcare records and so much more are all physical assets with a digital representation on a blockchain today," Cerveny says.
Raimund Gross, an SAP solution architect and futurist says that some of the most promising blockchain applications are in the supply chain field. He notes that the technology promises to help manage any "complex system of suppliers, logistics and services (that) rely on the transfer of, and reference to, data and information as a backbone, such as sales orders and delivery notices."
Raphael Davison, Hewlett-Packard Enterprise's worldwide director for blockchain, financial services and insurance, envisions secured distributed ledgers tracking the financial identities of both organizations and individuals. "I would store different attributes of my identity -- when I graduated college, my job status, income, medical history, age, etc. -- in a secure distributed ledger," he says. Such a ledger could be used to quickly and easily verify an individual's identity and financial resources to car dealers, credit card companies and mortgage and loan providers, among others.
Reliable and secure
Since it relies on both cryptography and private/public encryption to validate transactions, Blockchain is generally regarded as being highly secure. "Public-key encryption provides record-level security of data and ... there is no single point of failure as the network is resilient against attacks on individual nodes," Meszaros says.
In traditional databases, data security is primarily managed by protecting the database perimeter. "If the perimeter is breached, then access to the entire database is possible", Meszaros observes. With blockchain, data is encrypted at the record level. "If a key is broken, only that record is compromised, not the entire database," Meszaros says. "Gaining access to an entire database would require breaking the individual key for each unique record on the blockchain."
Blockchain is "the antithesis to information centralization," since rather than relying on data centers or other forms of centralized resource points, data storage and verification functions are provided by a dense network of computers, notes Gross. "Add to this the fact that blockchain ledgers, as originally designed, verify the entire record from start-to-finish every few minutes and you have a system with no single point of breaching access," he says.
[Consider what blockchain concepts could do to secure the Internet of Things.]
One attribute all blockchain technologies have in common is that transactions are stored on a single ledger that all participants can access and view. "This ledger groups transactions into blocks and then chains them together with a very simple computer science concept called a 'hash'," Cerveny says. "If any of the data changes in any of the blocks, the whole chain is broken."
Blockchain also eliminates the need for information intermediaries, Gross notes. "Financial services and data transfers typically rely on intermediaries whose sole function is to verify the information being transferred (such as a bank verifying that a sender has adequate funding in his or her account to support a transaction) and record said transaction," he says.
"Traditional central authority ledgers require protection of the ledger system," says Ed Moyle, director of thought leadership and research for ISACA, a non-profit organization that advocates the adoption globally accepted knowledge and practices for information systems. "Blockchain, instead, self-enforces some of the protections that would otherwise need to be specifically addressed as part of the application security architecture in a traditional deployment," he notes.
Although blockchain uses advanced cryptography to help sign and secure both transactions and assets, the technology's real security comes from the network itself, says Anoop Nannra, senior leader and head of blockchain incubation at Cisco. "As transactions are published across the network, hashed together, blocked and then validated, the ... connected serial blocks together, that are also replicated across the network, is what gives blockchain its security," Nannra explains.
The fact that each node in the blockchain network maintains a record of events in blocks means that if any attempt were made to manipulate any transaction or block the hacker would need to not only decrypt the block of interest, but also every cryptographically secured proceeding block, and at the same time must also perform the same manipulation on every node in the network concurrently. "At even moderate scale, this is a financially intractable problem," Nannra observes.
Most experts agree that it's relatively easy for any organization to begin exploring blockchain's potential. "Open source implementations are out there that can make getting a viable implementation for a production deployment an exercise of a few hours or even a few minutes," Moyle says. The hard part is in planning the actual blockchain application. "It’s really important to make sure that you think through the 'what-if' scenarios ahead of time in any application," Moyle states. "For highly distributed multi-party implementations, failure to plan can lead to forks (unwanted technical events that occur because participants failed to to agree on common rules)."
Most popular open source tools have evolved to the point where even a novice user can create a local blockchain network and begin experimenting with the technology under a few hours. "There are even simple tools that will allow a novice user to connect to existing public blockchain networks with only a few minutes of effort," Nannra observes. "That said, to attain a meaningful level of understanding of just how the various technologies work may take longer, (but) simple experimentation can be started within an afternoon or at the worst case over a weekend."
Meszaros says that organizations interested in blockchain should start by identifying one or two priority use cases that are relevant and have some potential to drive value within the organization. "Prototypes can then be created to run as a small-scale pilot, helping to better explore the use case, understand the impacts to the business and potentially build a business case for rolling out at scale."
A pilot deployment, Meszaros notes, allows for continued learning on a use case followed by the completion of a high-level assessment and transition roadmap. "Over time, there can be an expansion of the platform to additional use cases and business teams, with ongoing management to deploy any improvements," he says.
Blockchain and the real world
As always, when evaluating any new technology, it’s important to focus on real use cases addressing real problems." Distributed ledger technology enables digital transformation and disruption--it is not the transformation or disruption itself," Meszaros observes. "Organizations should identify use cases focused on where there is friction in an existing process or on new business opportunities, identifying new business models made possible by distributed ledger technologies that could reinvent a business." Once those points are identified, he notes, it’s important to continue learning about what blockchain can enable and to understand its impacts and confirm its value to the business.
Cerveny notes that blockchain newcomers often underestimate the business process and multi-party interaction aspects of a blockchain project. "Getting the technical pieces built is one thing, changing business processes and interactions across multiple firms is much more difficult," he says. Configuring business networks that define new transaction flows and interactions between groups and consortiums -- even when competitors agree to work together -- requires significant effort. Laying the groundwork for effective distributed network governance also demands careful planning. "Many groups are now creating charter documents that set basic rules, such as how new members join or the binding nature of smart contracts," he says.
Blockchain is also generating a great deal of vendor hype that threatens to blind some potential adopters to the technology's real value. "Blockchain is becoming one of the most talked about technologies ever developed, and with that there is a lot of questionable information and claims," Little says. He recommends carefully investigating vendor promises to determine whether a distributed ledger is really the best solution to a particular business challenge. "Far too many companies are engaging in blockchain proof of concepts without a clear idea of the problems they want to solve with the technology," Little observes.
Nonetheless, Davison remains excited about blockchain's potential. "We are at the same point today with blockchain and the exchange of value as we were in the early 1990s with the Internet and the exchange of information," he says. "There was no way we could have foreseen Facebook, blogging, Google and Twitter."
"Who knows what the Google of blockchain will be?" Davison asks. "It's a time of uncertainty, but also a time of excitement."
John Edwards is a veteran business technology journalist. His work has appeared in The New York Times, The Washington Post, and numerous business and technology publications, including Computerworld, CFO Magazine, IBM Data Management Magazine, RFID Journal, and Electronic ... View Full Bio