-
Notifications
You must be signed in to change notification settings - Fork 6
Enterprise
Blockchain is a new data structure and compute model that Enterprises will inevitably adopt as it offers unique security properties not found today in other persistent data structures like Databases, File Systems, Message Queues, Big Data, Cloud storage, etc.
I recently gave a talk on how blockchain can disrupt Enterprise IT at Cryptoeconomicon in Mountain View. See the presentation slides.
Tradle recognizes the strengths and the limitations of the blockchain and is creating a roadmap for Software Defined Trust, that includes trusted storage, trusted compute, trusted networking, trusted user interfaces, trusted software delivery.
Enterprises will not be comfortable with putting all data on a public chain. And frankly, today it will not scale. Aside from scalability, it became clear in our current customer engagement that a hybrid model makes most sense: internal workflow goes to a private chain and is interlinked cryptographically with an external workflow on a public chain. A demo is upcoming that will demonstrate this concept.
Private chains can take that load and can be connected to the main chain, achieving a form of public/private network divide that routers created for us in the early stages of the Internet. Private blockchains can be tuned to be less PoW intensive and to cut blocks faster. Besides, variations of PoS or a hybrid PoW + PoS scheme are emerging which could use the fact that inside the Enterprise all network nodes can have identities, unlike on the anonymous nodes on the bitcoin blockchain.
Chains can be public, private and can also have participants from several known partners. Such chains lend themselves well to Proof Of Stake consensus algorithms, with lower costs and faster transactions times. Possible uses are in supply chains, inter-bank exchanges, industry consortiums, etc.
Blockchain is designed to operate in the open, not hiding behind the firewall like normal Enterprise systems. We need to harden our internal IT with techniques used outside the firewall. We need to construct a lot of hoops for hackers to jump through, as perimeter defense is not holding up anymore, banks, retailers, entertainment companies, law firms and healthcare providers had major data breaches. We need to make our systems anti-fragile, meaning they don't fall like dominos if some of them are attacked. The blockchain data structure is a new mechanism designed for harsh environments.
But how will private chains be secured in the absence of the massive and decentralized Proof Of Work used by the public chain? For example, the CEO may decide to adjust history and there is not much stopping him, as he controls all the mining. Note that this is not a question we normally ask today when discussing existing IT systems. But as always with blockchain tech, we are raising the bar by starting all designs with the security questions.
One known technique is to send periodic hash checkpoints to the public blockchain, thus creating the impossibility of reverting the records before the checkpoint without going out of sync with the public chain. But other methods like pay-to-contract show how to cryptographically commit a workflow to an on-chain address. In our case the workflow is on the private chain and a cryptographic commit is on the public chain.
The blockchain is a new secure data structure, somewhere between a log and a database. It is a lot more than a log, as it uses a sophisticated data structure with Dynamic Membership Multiparty Signature (DMMS), Merkle trees, transaction chains, signatures, hashing, etc. It is less than a DB as it does not provide good searching and filtering, and does not allow all CRUD operations (allows create, read but not update, delete). But it can already be used as a master copy of all data and have databases replicate from it. In this design the blockchain is a master and the database is a slave. This design pattern can extend well to Web and mobile apps, which could use local databases synced with the chain.
Private chains could also serve as extremely secure backup storage, as backups are often targets of hacker attacks. A slave database can be bootstrapped from a chain. Chain can be used for partial restore, using wallet as a filter for transactions that we want to load, e.g. only departmental, branch office, group or just a specific employee data for use in the mobile app (can also be used like a cloud to enable sync between mobile devices).
Private chains can be used as an identity and rights management service, instead of LDAP, Active Directory and similar products. Its secure structure is especially important in this use case. It can also replace key and certificate management servers. This will make credentials and clearances allocation history highly auditable. Note our ongoing work on Identity on chain.
Like Message Queues the chain provides persistence (durability) of messages, guaranteed delivery, has asynchronous nature and can provide an event mechanism. So a private chain could serve like IBM's MQ Series, a reliable wire.
One of the biggest threats for the Enterprises comes from their partner networks, this is how Target was penetrated.
Instead of giving partners a pass to virtual premises (with a web login), you can now allow them to send a package by putting it on-chain, using the chain as a message queue. With on-chain Identity management this path becomes possible and highly defendable.
Every complex application finds itself with a need for a job scheduler. Jobs are used to delay the execution of some functions to keep user response time low. Jobs are used to smooth over the peaks of processing load by sequencing the execution and tune it to the number of processors at hand. They are used for a guaranteed execution of some functions. Jobs are used to reduce database contention, by shortening the transactions and delaying non-critical part of the processing to the later time. And lastly they are used for periodic tasks and to track the results of these tasks. The blockchain can create an irrevocable record of scheduled maintenance tasks, which can be an important security measure.
Private chains can also be used where an Enterprise Service Bus (ESB) product would be used today. ESB incorporates the features required to implement a service-oriented architecture (SOA). ESB is used as a mechanism that manages access to applications and services (especially legacy versions) to present a single, simple, and consistent interface to all systems.
Chain as a Repository can be a foundation for Enterprise Data Governance, to facilitate integration, conformance, monitoring, audit.
Chain can be a registry of services definitions, to enable services discovery, business processes coordination, and services composition in builders and toolchains.
Bitcoin blockchain executes scripts in a secure way. Its upcoming release greatly extends the types of scripts that can be created. Ethereum's blockchain offers even more powerful scripts, with intermediate storage and loops. These scripts enforce the rules that validate transactions and can become a powerful and secure rule engine for the Enterprise.
Chain can be a registry of ownership of equipment, devices, places, network nodes, software, licenses/rights, tokens, etc. As we move towards the Internet Of Things (IoT), each device will need to have an identity, rights, relationships and history of actions.
If resource allocations are on-chain, a more dynamic mechanism for their efficient use can be developed. As an added bonus, hackers would not be able to use the same resource too many times without risking detection. A "resource" could be the use of some service, allocation of virtual machines, use of shipping, use of manufacturing, use of warehousing space, etc.
Blockchain already offers a lot of ready-made tools for audit and security analysis. Its append only immutable structure is perfect for audit. It is also highly structured, unlike many types of logs, and carries identities on every transaction.
The bitcoin blockchain has initiated a renaissance of crypto tech, like multisig, payment channels, HD wallets, hot-cold storage, and other innovations in key management. These new tools and techniques will be extremely helpful to defend the Enterprise:
-
pervasive compartmentalization: store data on-chain encrypted with per-transaction keys. Store only what is necessary for the immediate access in a decrypted form (on encrypted drives) in a database (sort of like hot and cold wallets). When homomorphic encryption matures, even DB records could be encrypted.
-
hardened authentication techniques, e.g. bitauth, QR code over an air-gap, etc.
-
deterministic software production, some methods are used by bitcoin core devs, others can be found in the gitchain project
-
make some transactions anonymous so that hackers can't sniff their way around (e.g. Tor, ZeroCash).
-
zero knowledge proofs for credentials and computation correctness
-
use other P2P tech that proved to operate in the presence of massive attacks, like DHT and bittorrent
-
harden those P2P technologies with the use of the blockchain (some ideas in S/Kademlia)
-
security scripts for the above features run on-chain, so would be harder to bypass
-
verify requests based on a chain of prior activities instead of a naked access token (drawing inspiration from bitcoin’s cumulative DMMS, as described in a sidechains whitepaper). Each network participant will incorporate either a full node or an SPV client instead of trusting the access token.
The blockchain ecosystem is growing extremely fast. There are already 20K+ projects on github right now. IT will be able to pick and choose a variety of tools vetted by the community, augmenting the vendor short list based on Gartner's magics quadrants and other analyst assessments. For example, we will be able to do all kinds of data transformation into and out of the chain (e.g. a tool we're currently developing called bitloader).
New organizational structures will emerge that will make inside/outside divide much less clear. These clear boundaries started to erode with the extranets in the 90s, then with the multi-tenant cloud platforms, and lately with the smartphones and the IoT. As we move forward we will see value chains where participants have multiple roles and affiliations. We will be designing token based systems that produce gains for any participants, internal or external.
Finally, blockchain can be used not only for IT infrastructure, but to build apps. It lends itself really well into commerce apps providing secure, reliable workflow channel and rule-based settlement. Chain can also be used as a sharing medium for communications, knowledge exchange, process coordination, etc.
As with the Web in 1995 and a cloud later on, the boards will start asking a question - what is our blockchain strategy? It is very likely that the unspoken motivation to get rolling with a chain-based project will be its hype, after all we are all excited about bitcoin and sometimes irrationally so, not having enough facts on our hands but expecting great things to come. And they will.
See a new and evolving thought piece on the use of chains in B2B
###Software
###Front end