Jan. 1, 2019 | by Bradley Cooper
As blockchain continues to mature, many financial institutions are starting to experiment with the technology. The Bank of America, for example has gathered more than 50 patents related to the technology. The majority of financial institutions, however, have not yet made the jump, especially due to security and scalability concerns.
Bradley Cooper, editor of Blockchain Tech News, moderated a panel at the Financial Services Data Security Summit, sponsored by Thales and Networld Media Group, with Jose Diaz, director of payment strategy at Thales eSecurity and Sudhakar Kamalanathan, associate director of information security at Cognizant Technology Solutions on the topic of blockchain and security.
The panelists shared key thoughts on why blockchain acceptance is slow going for financial institutions, security concerns, and how to make blockchain secure.
Why it's slow going?
Diaz pointed out one reason why blockchain technology is slow going is that it was originally created for an open system, where anyone could read transactions. Financial institutions, on the other hand, are looking for a closed system.
Kamalanathan said one of the biggest challenges is that there is a "lack of overarching standards while legal/compliance framework is in its nascent stage."
Both panelists also said that scalability and data confidentiality are major issues with private/permissioned blockchain technologies, since many chains cannot handle the type of data quickly and securely that financial institutions regularly manage.
There is also the simple problem that the standards and best practices for blockchain applications are still evolving, according to Kamalanathan. Many financial institutions will not want to try to hit a moving target.
While blockchain does offer value for secure immutable transactions, there are still some security concerns for financial institutions.
Kamalanathan mentioned how there is a "lack of consistent best practices which exposes vulnerabilities in underlying protocols for public blockchains; no central source documenting known vulnerabilities, attacks and problematic constructs."
The panelists also pointed out that it can be a challenge to handle private keys, such as who has ownership of the keys and how to keep them secure.
A third concern is with vulnerabilities in smart contracts. Kamalanathan said, "Any security holes in smart contracts are visible to all participating nodes and can be exploited. They are prone to all risks that come with a software development life cycle."
How to make it more secure
In order to make blockchain solutions secure for financial institutions, Kamalanathan recommended financial institutions pilot all potential blockchain projects and set "realistic participants and environments before using them as value-bearing instruments."
He also advised "tightening security reviews of code based entities." If your smart contract program, for example, allows any unexpected behavior, it can be difficult to determine if an action is malicious or neutral.
Finally, in order to handle private keys, Kamalanathan recommended using good public key infrastructure life cycle management. That way you can "secure private keys pertaining to consensus, transaction or customer entities."
All that being said, Diaz and Kamalanthan both stated that overall blockchain acceptance is still a ways down the road for many industries.
Financial institutions should focus on permissioned blockchains that are scalable, programmable, interoperable and Layer 2 compatible (off-chain / sidechain) for enterprise adoption, said Kamalanathan.
Blockchain, however, still has a wide variety of use cases, ranging from identity management to cross border payments to claims management. With that in mind, financial industries should pay attention to blockchain developments and carefully consider how it can benefit their businesses.
Image via Istock.com.