Blockchain and Distributed Ledger Technologies
Blockchain or Distributed Ledger Technologies (DLT) are not yet mainstream, but they will be very soon, and they will dramatically change the business world. Strategic CISO and Audit leaders need to be extending their thinking and frameworks now. Here's why..
Like the steam engine or the Internet, DLT is a general-purpose technology (GPT) that can be utilized to solve many different problems. DLT provides highly reliable and decentralized trust in any system of record. This is why people from different places who have never met each other can use Bitcoin to exchange value between each other without the overhead normally associated with a bank or credit card transaction.
Like any other GPT, society tends to over-estimate its immediate value and then underestimate it's long term value. For the Internet, we had the dot.com bubble. That huge disappointment built the foundation for companies like Internet based Amazon, Alphabet (Google's parent) and Tencent (Chineese gaming and social media) to become 3 of the worlds 5 most valuable companies. Companies like Blockbuster and Sears, who neglected to adapt, saw their businesses collapse because their services were no longer of any value.
With DLT, the ICO (initial coin offering) bubble has matured the field to the point where it is ready for general adoption. Think about where digital ledgers are used. Finance is obvious but what about energy (ledgers to trade electricity on the grid), food (tracking farm to table or hook to plate), or real-estate, contracts and property title management. How many cubicles in NYC, London and Hong Kong are filled with accountants and auditors toiling away to settle and verify trades - this is because every financial institution keeps their own ledger and has to reconcile that with everyone else's. It's a mathematical nightmare. What if they all shared a distributed ledger that was reliable and immutable? Every supply chain, every financial transaction, every business, every industry relies on ledgers like these. That is why 9% of the Forture 1000 companies either deployed or piloted DLT based business models in 2018 - Companies including the US Federal Reserve, all major financial institutions, energy and agriculture and.. Amazon, Google and Facebook.
Cyber leaders need to embed existing control frameworks in DLT business models with out stifling them.
If you are a cyber leader that is not working on this then you may be becoming as irrelevent as Blockbuster or, worse, you have already become irrelevant.
At VoSec, we've researched and developed the frameworks for security DLT implementations:
- Executive training modules on the technologies, the emerging threat surfaces they present and potential mitigating controls,
- An organizational structure that enables a seamless partnership with the business,
- Control frameworks and operating models that embrace change, the principles of zero trust and DLT specific controls like multisig and automated code analysis for smart contracts,
- Very low friction for users.