Blockchain has been made popular by the creation of Bitcoin; so what exactly does the technology mean to information security within the enterprise?
In basic terms, a blockchain formation is a continuously growing list of records, called blocks, which are linked and potentially secured using cryptography. Each block typically contains a cryptographic hash of the previous block, a timestamp and transaction data.
By design, a blockchain is inherently resistant to modification of the data and in effect forms a distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way. These properties lend themselves to several enterprises and a few security applications but the most useful are within access control, identity management, auditing and traceability.
At its core a blockchain can act as a shared distributed ledger with strict, yet customisable rules detailing how to place information into the ledger. This is as simple as it sounds. It is a ledger, beloved by accountants and the key detail of a ledger is that you can’t go back and change a single item without having to rewrite the entire ledger. In a security context, creating a blockchain that records every access to an application along with every change to configuration files provides a valuable and immutable log. This use case could allow organisations to discover and assign culpability for security failures or even prove that they have followed security best practice to regulatory bodies.