As more and more companies invest in the much-hyped blockchain technology, outside observers could be forgiven for thinking that the technology has arrived. The potential for the distributed ledger to transform key business processes has been spoken about but, like any cutting edge technology, blockchain comes with risks for businesses.
Speaking at the Forrester Digital Transformation Europe summit in London this week, principal analyst Martha Bennett laid out the biggest inherent risks and how businesses will have to overcome these challenges to unlock its potential.
1. Lack of clear definitions
Firstly Bennett said that it is important to reach some form of agreement over a working definition of blockchain. Bennett defines blockchain as: “A store of records which you can only write once and you can append only, you can never overwrite. Blockchain is distributed and either completely or partially replicated.
“It is cryptographically secured, and that is not the same as encrypting. By default the content on a blockchain, the transaction, the record itself, is not encrypted. The cryptographically secured bit is because you are hashing the transaction and linking it with its hash, which makes it immediately obvious if somebody has tried to change it because the hash won’t match any more.
Bennett also said that if you replace the word ledger with database it becomes a lot less intimidating to discuss. So, why is this important? “My main message out of all of this is whether you are discussing blockchain make sure you are on the same page, because blockchain is like cloud or big data, it means whatever you want it to mean.”
2. Security and risk
One of the key features of blockchain that has financial services and insurance companies salivating is its ability to guarantee secure transactions and reduce risk because any changes to a record are immediately obvious to anyone looking at the chain.
Bennett has some words of warning though: “Blockchain can also create tremendous exposures because, by default, the content on a chain is clear text. Or clear in another way that is easy to be decoded. So even with obfuscation there are typically techniques available to get at the content.
“That can lead to compromises of personal security if there is too much information about people out there. It can give rise to fraud if people have access to information. Most importantly it can be a violation of privacy and data protection regulations.
Bennet added: “If everything pertaining to a trade is on the chain then I can trade against you on that information. That is something companies working on this have already realised and the number of use cases are under re-investigation because of the commercial confidentiality and anti-trust issues. A lot of things need to be figured out around managing the risk, the security, the access.”
3. Key Management
Bennett talked about the recent raft of cyber thefts through the global payments processor Swift and how blockchain won’t be able to prevent these sort of issues.
“You are talking about a 'write-once' unchangeable record here, there will be people that make mistakes,” she said. “There will be fraudulent transactions that get onto the chain because, where there is money, there will be fraud. It may be easier to detect on a chain but a chain cannot prevent fraud.
“People were saying Swift issues wouldn’t have happened on the blockchain. No, Swift was about credentials theft and you can steal someone’s keys for a chain. You may be able to track it better but you won’t be able to prevent it.”
4. Access rights and permissions
Bennett set out a list of questions IT teams will need to answer when it comes to blockchain.
“How many sets of keys do you have to manage for permissions and encryption. How do you revoke trust? How does the chain function? Which consensus algorithm do you use? Is encryption used? How many nodes are there? Is the storage on or off the chain?
“When you talk to vendors these are all important questions and you will find many of the startups can’t answer these questions.”
5. Enterprise deployment
Just because the technology looks ripe for enterprise use cases, like payments, remittance, post-trade processing and compliance ledgers, it doesn’t mean they are easily applicable to an enterprise IT environment. As Bennett said: “Overall the technology is in its infancy.”
“Large scale adoption is five to ten years away because you have a combination of technologies that are quite immature. So you have companies involved that have extremely bright people working on them but have never encountered enterprise requirements when it comes to scale and security and of course things need to interoperate.”
Anyone looking deploy blockchain technology will need to make a decision regarding storage.
Bennett says: “You can have storage on the chain itself, elsewhere or even in a parallel blockchain. That is something I am seeing increasingly under investigation. The moment you have a lot of computational intensive transactions that also need to be replicated across a number of databases you have latency issues, so you might want to take some of the storage or computation off chain.”
7. Agreed common standards
Lastly, Bennett said there will need to be agreement on common standards and processes. Although there are moves to do this such as the R3 consortium which is working with many of the world's biggest financial firms - collaboration is a challenge. “When did you last get over forty banks agree on a single identical process?” she asked.
Bennett had a final piece of advice for anyone investigating blockchain: “Start with a use case, not the technology. It saddens me to see the millions of pounds being used on projects that aren’t going to go anywhere so it is important to get your hands dirty, try out this stuff and see what it feels like when it bites.”