It’s a staggering statistic, but 39% of companies are still not using robust data security measures. In 2019 alone, 7.9 billion data records were breached, quadrupling in 2020 to 36 billion globally. Data breaches are a tremendous threat to any enterprise, as malicious actors continue to be the driving force behind these breaches. With risks so high, what is the hold up on implementing security? In a word, complexity.
Implementing cryptography correctly is challenging. Toss in compliance requirements that are ever-changing and it’s a formidable task. And yet, security is not a nice-to-have feature or an afterthought - it’s a critical business necessity, and ensuring that an appropriate governance structure is in place is crucial. It’s not hard to understand why companies are exercising diligence when selecting a data protection solution. The needs are loud and clear: make it automated, and straightforward.
Are Distributed Ledger Technologies the Answer to Securing Data?
Within the midst of various global regulatory requirements, distributed ledger technologies (DLTs), like blockchain, have moved into the data security limelight, positioning themselves as a solution for secure data storage. Blockchain is an open, distributed ledger technology that records transactions safely, permanently, and very efficiently. Blockchain solves complexity issues and eliminates the duplication of effort that’s typical of traditional business networks because transactions are recorded only once and establish a strong chain of trust.
Blockchain is ideal for delivering information fast. It provides immediate, shared, and completely transparent information stored on an immutable ledger that can be accessed only by permissioned members. And because members share a single view of the truth, you can see all details of a transaction end to end, giving you greater confidence, as well as new efficiencies and opportunities.
With its ability to create more transparency and security while also saving businesses time and money, the technology is impacting a variety of sectors:
- Real-time IoT operating systems
- Smart contracts
- Cryptocurrency exchange
On the surface, blockchain seems to be a system immune to fraud or deception, however, they are not, by themselves 100% secure. This is particularly true when it comes to authenticating and managing the identity of blockchain users and devices. Blockchains are only one part of an entire system—what happens before the consensus and after data is retrieved has nothing to do with DLTs.
Confidentiality, Integrity, Availability
DigiCert, a leading provider of PKI, and Thales, a leader in data protection, have a decade-long partnership helping their clients authenticate and encrypt communications, systems, emails, documents, websites, and servers. They’ve also been co-members of Hyperledger, launched by the Linux Foundation in 2015. A number of their industry partners, including IBM, Oracle, financial service providers, and others, use Hyperledger Fabric.
Hyperledger Fabric is an open, proven, enterprise-grade, distributed ledger platform. With its ability to create more transparency and fairness while also saving businesses time and money, the technology is impacting various sectors in ways that range from how contracts are enforced to making government work more efficiently. Both DigiCert and Thales wanted to support the demands of their industries on Hyperledger Fabric, so a collaboration was only a matter of time.
In a newly published case study out now, Sol Cates, Principal Technologist in the CTO Office at Thales said, “Yet even with this cutting edge, novel technology, cybersecurity still boils down to the good old problems of Public Key Infrastructure (PKI) and the three rules of security: confidentiality, integrity, and availability. “No matter how amazing your system is, if you forego the basic tenets of security as you integrate blockchain, you are inviting breaches.”
PKI authenticates the identity of users and devices. It includes a Certificate Authority (CA), which verifies an identity and issues a trusted certificate. It also provides the management of key pairs—the public and private keys that allow secure digital transactions. Public key cryptography is the fundamental security foundation used by blockchain. The process of securely generating, using, and storing cryptographic keys is essential to maintain the security of the blockchain network.
DigiCert, focusing on PKI, operates at the highest level of compliance for publicly trusted certificates. DigiCert PKI solutions enable organizations to comply efficiently with their security policies and protect the essential digital certificates and keys.
Thales Luna Network HSMs are designed to store the private keys used by blockchain members to sign all transactions in a FIPS 140-2 Level 3 dedicated cryptographic processor. Keys are stored throughout their lifecycle, ensuring cryptographic keys cannot be accessed, modified, or used by unauthorized devices or people. In addition to being available on-premises, Thales Luna HSMs are available in the cloud as Luna Cloud HSM Services on Thales Data Protection on Demand, and together provide a seamless solution for on-premises, hybrid and multicloud deployments.
In the simplest of terms, DigiCert secures devices with keys, and Thales secures those keys. And together, they serve to secure solutions using Hyperledger Fabric. When both are incorporated into the blockchain, the integrity of the blockchain is heavily assured and protected.
Read the Case Study: Thales and DigiCert Team Up to Increase Cybersecurity for Hyperledger Fabric
With all of the uncertainty about blockchain, the abundance of standards and protocols, and moving from a centralized to a decentralized platform, getting started with blockchain is challenging and intimidating at best. Avoid joining the myriad of blockchain organizations that are failing at implementing blockchain technology.
Read how Thales and DigiCert have teamed up to keep your blockchain transactions secure.