Adewale Omoniyi, a senior managing consultant in the biometrics and cybersecurity for IBM Global Business Services, is one such professional, and on Wednesday, he sought to get the word out about his team and its mission at an event hosted by tech educator Decoded.
There, Omoniyi gave a broad overview of how his team has worked with dozens of IBM’s enterprise clients, all of whom are building distributed ledgers with Hyperledger’s suite of codebases.
Most notably, he discussed emerging best practices for what he sees as a coming generation of business tools that will sit on top of the technology, sparing no detail about why he believes controls must be built into smart contracts and “on-chain” versus “off-chain” design considerations.
Already, Omoniyi said he has worked on building blockchain-based cybersecurity assurance applications for use cases such as supply chain and digital identity, and what he’s learned is that just because blockchains are difficult to hack, this doesn’t mean they can’t be compromised.
“Fundamentally, we keep saying that blockchain isn’t a panacea,” he said, adding:
“Security is often always an afterthought, but because of the foundational basis of the technology, there needs to be a depth of defense and building controls in every layer of the application.”
No Fort Knox
Both Omoniyi and the host of the event, Amadeus Stevenson, CTO of Decoded, mentioned several of the hacks that have happened involving the technology to date, albeit with a heavy focus on cryptocurrencies.
From Mt. Gox to The DAO hack, to the Parity frozen funds, to a BitPay executive getting phished, the session saw discussion of how many layers of complexity there are in blockchain systems, and how it would be easy to overlook one of the other.
“There isn’t a one size fits all. It’s not just about using one tool, but multiple layers,” Omoniyi said.
For instance, one of tools the IBM team uses is threat modeling, where enterprises are asked to consider who a would-be hacker would be and why they’d want to exploit the system.
On top of that, the team scans smart contracts and blockchain endpoints, applies traditional cybersecurity hygiene to this new industry, shapes key management strategies and perhaps most importantly, continues to monitor systems even after they’ve passed security assessments…