From the outside looking in, blockchain may seem like a fringe topic. That’s certainly not how it’s viewed by some of the largest organizations in the world, though. Many business leaders are exploring ways blockchain can streamline operations, increase security, and encourage collaboration between organizations. If you’re one of them (or would like to be one someday soon), you’ll have some big decisions to make.
At the top of that list is what sensitive data goes on the chain, and what doesn’t? It’s arguably weightier decision with blockchain than a traditional database. While that may be a bit counter-intuitive since blockchain boasts security advantages, here’s why it’s true.
The three aspects of data security
In his recent talk at the Distributed: Health conference, David Houlding, Director of Healthcare Privacy and Security at Intel Health and Life Sciences, outlined three aspects of data security: protecting integrity, availability, and confidentiality of data.
1. Integrity? Check
Blockchain has inherent safeguards that protect the integrity of the data. It’s very difficult, if not impossible, for someone to tamper with a record on the blockchain. It’s very easy to detect and prevent.
2. Availability? Check
When it comes to protecting availability of data and making sure people have timely access to it, blockchain is great because it decentralizes the records. That means there’s no single point of failure that could bring the whole network down.
3. Confidentiality? It’s complicated...
Does blockchain effectively protect confidentiality of data? It depends on what data you put on the blockchain.
The blessing and curse of immutability
A lot of people are interested in blockchain because records are immutable. The records are by their very nature unable to be altered. Once information is added to a blockchain it cannot be changed, deleted, or redacted.
However, blockchain doesn’t automatically protect the confidentiality of data or prevent unauthorized access. In fact, all information stored on a public blockchain is visible to anyone who wants to look. While that works just fine for use cases that don’t involve sensitive data, it’s not appropriate for highly-regulated industries like finance and healthcare, where blockchain is getting a lot of interest.
In these industries, it’s crucial to limit confidential data access to authorized individuals only. By using safeguards like private or permissioned blockchains and encryption, you can control access to the information stored on your blockchain. But, just like any other security measure, these efforts aren’t guaranteed to work 100 percent of the time.
What data should you put on blockchain?
It’s tempting to think, “Let’s put all our data on the blockchain and then decide what to do with it.” But remember that what goes on blockchain stays on blockchain. When you put a record on blockchain, you can amend, but you can’t go back and change or delete the original record. Suffice it to say, blockchain doesn’t forget.
So David strongly recommends a “minimal but sufficient” approach. Start with your use case and ask yourself, “What’s the least amount of information I need to put on the blockchain to support this use case?” That way, you’ll avoid adding risk without benefit.
Working on a blockchain project? Our engineering team can help. Learn more.