Blockchain sees data security potential in Singapore

Because it provides a public "immutable" ledger, blockchains can facilitate a "single source of truth" and offer a robust, inexpensive way for documents to be digitally signed and authenticated.
Written by Eileen Yu, Senior Contributing Editor

Blockchain has moved on from its Bitcoin past and is being touted as an effective and inexpensive way to safeguard data, with one Singapore-based vendor launching its first blockchain-based authentication tool.

Because it provides a shared replicated "immutable" ledger, blockchain can facilitate a "single source of truth" and a secure, tamper-proof system of record, according to Alan Lim, Asean practice lead for IBM Blockchain and Bluemix Garage. "Industrial blockchains also offer verifiable identification and transactional privacy," he said.

Lim explained that these traits could be helpful in establishing identities and safeguarding personal data. Users would be able to store and transfer their information in a secured manner as well as grant and revoke access to that information. Service providers also would have stronger assurance of the veracity of data shared, he added.

He pointed to healthcare as an industry that could tap blockchain technology to safeguard patient privacy, noting that IBM recently partnered the US Food and Drug Administration to assess if blockchain could be used to securely transfer medical data. The initiative aimed to use blockchain to store and share medical records between healthcare providers, facilitating a faster process of requesting, sending, and receiving a patient's medical information. An audit trail also could be properly maintained.

Frost & Sullivan's Charles Lim agreed, adding that blockchain could be used to improve the security of data-sharing as well as facilitate a more effective and seamless exchange.

The Asia-Pacific industry principal of cybersecurity practice and digital transformation suggested that blockchain could become the technology to facilitate data exchange as it authenticated trusted parties to contribute and obfuscated contributors' details with anonymity. It also provided a tamper-proof system that prevented unauthorised changes of data shared, Lim said, echoing the views of IBM's Lim.

According to the Frost & Sullivan analyst, the Singapore and Australian governments were in the midst of establishing more Information Sharing and Analysis Centres (ISACs), which would form platforms for both private and public-sector participants to share threat intelligence and improve their readiness against cybersecurity attacks.

"However, participants are wary of exposing their weak security posture when contributing intelligence due to a successful attack," he noted. "And there are issues of untrusted sources that may contribute the wrong intelligence."

And despite its much-touted potential, particularly in the banking and financial sectors, blockchain also had been described by some as overhyped.

Gartner's senior vice president for technology, Peter Sondergaard, acknowledged its potential in providing a distributed ledger, but questioned blockchain's short-term impact and ability to scale. Speaking at the Gartner Symposium in Cape Town last September, Sondergaard said there still were technical issues concerning blockchain that first needed to be resolved. "When you overlay it with the requirements of everybody having the complete ledger running on your environment, it starts to be very heavy as you scale it," he said.

So what should organisations consider before deciding to adopt blockchain technology? IBM's Lim highlighted the need to go back to the fundamentals and define the business problems they needed to address.

Like all use cases, they still would need to establish clear business motivation for deploying blockchain and ask themselves key questions.

Lim posed: "Is there an identifiable business network with a need to share information? Do participants require a relatively high degree of collaboration? Is there a need to maintain the history of all updates to the assets? Are there significant benefits from confirming transactions in minutes, rather than days or weeks?"

Pointing to IBM's belief in open governance, he also urged businesses to consider open source blockchain projects, specifically, one supported by the Linux Foundation, called The Hyperledger Project. IBM was a founding member of the initiative.

The vendor is working on several blockchain initiatives across Asia-Pacific, according to Lim, including with Kasikornbank in Thailand, where it is looking to build a new blockchain network aimed at simplifying procedures for the bank's corporate credit business. It also is working with Walmart in Beijing, alongside Tsinghua University, to better track supply chains and improve record-keeping through blockchain technology.

IBM's blockchain development centre in Singapore, launched last year, was expected to roll out several pilots in the financial and trade industries based on the Linux Foundation Hyperledger platform. Lim added that the first initiatives out of the facility would use blockchain to enhance the efficiency of multi-party trade finance processes and transactions and would involve global banks and fintech companies in Singapore.

Acronis taps blockchain to fight ransomware

Singapore-based data storage and security vendor, Acronis, on Thursday unveiled its first blockchain-based tools with the launch of its True Image 2017 New Generation data backup application.

Developed by its R&D team in the city-state, the release features the vendor's "active protection" technology, which is touted to have the ability to detect and prevent ransomware attacks in real-time and automatically recover data.

True Image 2017 also encompasses Acronis Notary, a blockchain-based data authentication tool that offers content certification and verifies modifications against the original version. It certifies any digital object with a hash, or a unique digital fingerprint of the content, and records it into the blockchain ledger. Users can then verify the authenticity of the information or document, including contracts and financial files.

In addition, True Image 2017 is integrated with a blockchain-based document certification tool, Acronis ASign, which enables multiple parties to generate and certify documents with a secure and publicly auditable digital signature.

The application uses the Ethereum blockchain ledger, which Acronis CEO Serguei Beloussov described as the fastest-growing and most advanced in the features it offered, including support for smart records. Only hashes would be recorded on the Ethereum ledger, with copies of the signed documents stored on the customer's system or at Acronis' data centre.

Beloussov said blockchain provided not only a secured and reliable way to safeguard data, it also offered an inexpensive way to digitally sign documents, bypassing the need for a trusted intermediary. This meant multiple copies of any file, content, or piece of data could be created as well as digitally signed more cost efficiently.

He further noted that while there were PKI (public key infrastructure) and other providers today offering digital signature services, it would impossible to ascertain that these companies would still be in the market 10 or 50 years from now.

In contrast, because blockchain was effectively a public ledger, it would be safe to assume it would be available indefinitely, he said. Like the internet, when one access point was switched off, the ledger would still be accessible via another online.

Beloussov believed the ability to securely create and store data copies was an important defense against ransomware, since such attacks would be less effective if organisations had backups to fall back on.

Ransomware was estimated to have resulted in damages of more than US$1 billion last year and expected to increase in attack volume in 2017.

Editorial standards