IBM has announced a new framework for securing blockchain systems running in its cloud services, a move it believes will help financial firms and businesses satisfy regulatory and security concerns that could inhibit the use of the emerging technology.
At issue, IBM said, is that some cloud environments leave open vulnerabilities that could allow tampering or unauthorized access to permissioned blockchain-based systems, a risk that the company suggested may be limiting or discouraging certain use cases in sectors where data standards are more complex.
In interview, Jerry Cuomo, vice president of blockchain at IBM, said that the new framework is about "upping the pace" of blockchain adoption by eliminating such concerns and easing usability for developers.
Cuomo framed existing public blockchains as secure, yet ill-suited for businesses given the existence of strict data protection requirements, stating:
IBM said that it believes the new framework will help organizations create "secure cloud environments" for permissioned blockchains that exceed security and compliance requirements for industries that could benefit from the technology.
These include governments or healthcare providers that want to leverage blockchain-based systems given that they must adhere to standards such as the Federal Information Processing Standards (FIPS 140-2) and the Health Insurance Portability and Accountability Act (HIPAA).
Elsewhere, IBM said it made improvements to its cloud service that will now allow networks to be deployed in minutes, with upgrades made to its documentation and dashboards.
IBM has also made the code it donated to the Hyperledger project available on code repository linking service Docker Hub, and released the beta version of its blockchain offerings for its cloud platform Bluemix.
Amid the development push, major financial firms are getting involved. BNY Mellon is working with the company on the design and development of blockchain-based applications as part of its IBM Garage offerings, physical venues in which IBM provides its subject matter expertise.
The role of cloud
The emphasis on cloud comes at a time when many institutions are wondering whether to deploy blockchain-based networks on premise or in a cloud environment.
However, Cuomo argued that the cloud offers benefits given that the use of the cloud in tandem with blockchain leads to an architecture that is similar to how the Web works.
"Everything on the Web is public but permissioned, and we see blockchain being no different. The thought is there’s a set of rules that govern the network, and that the group that establishes the network, what the rules and the roles are and what the security is," he said.
The cloud, he argued, will become important as the nature of blockchain networks becomes more expansive. For example, he noted that a blockchain that manages vehicle ownership may need to provide access to auto manufacturers, dealers, leasing companies and even scrapyards at the end of the car’s lifecycle.
"The leasing company will have a set of restrictions but everyone in the blockchain network may agree that the DMV can come in as an auditor. This permissioned ledger allows for companies that need to worry about data protection and data access," Cuomo explained.
Cuomo also addressed the role of a trusted cloud provider in the operation of blockchain services, given that, in many respects, blockchains were designed to eliminate the need for centralized or trusted parties.
"At a casual glance, cloud can be viewed as an anti-pattern," Cuomo said. "I’m not sure a better word but when you look at these standards that we’ve described, you can say this is a way to get the best out of cloud you can get the assurances that we can."
Security in the cloud
Cuomo noted that the cloud is a particular focus for IBM business partners, many of whom he said are eager to move ahead with the production of blockchain systems.
"We’ve been working with for a better part of a year [with some clients], and they’re looking for the next step in their blockchain journey," Cuomo continued. "The top questions are around security, especially in the cloud environment. A set of standards must be present when you’re running a blockchain in a cloud."
In particular, IBM encourages its customers to ask five questions when evaluating whether a cloud environment is right for the deployment of blockchain solutions.
These include whether there is secure key management; assurance protection to prevent data leaks; an auditable operations environment; the use of “optimized accelerators” to guard against reduced processor performance and whether the environment supports host administrators.
"Without this level of iron-clad secure clouds, blockchain will remain just an experimental technology," the company stated.
For IBM, the move to the cloud is also strategic as company sees this, as well as its IBM Garage consulting services, as a way to monetize its work in blockchain.
However, Cuomo said the firm looks at its cloud offering as beneficial to developers, who he said will be able to provide the ideal environment where institutions can experiment.
"There’s no better cost performance, meaning the time it takes me to vet my idea. Dedicated cloud makes a lot of sense, it gives you more efficiencies. I think what cloud does is it brings some level of order to the environment, while also delivering speed," he said.
The statements are notable given that IBM has already donated the code for the IBM Open Blockchain (OBC) to the Linux Foundation, which is overseeing the development of the Hyperledger Project, an open-source blockchain initiative currently underway.
OBC is one of three code bases, alongside contributions by startups Blockstream and Digital Asset Holdings, that have been merged for use in the project.
Still, Cuomo sought to position IBM as a company that was fundamentally interested in the future success of the open-source technology on which it is building, dubbing the company “the world’s first blockchain business”.
Cuomo pointed to IBM’s recent test of “shadowchains”, or blockchain systems that run alongside existing legacy systems, as an example of its belief the technology not only can solve real business problems, but is already doing so.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.