A framework for controlling the blockchain

Representative image

We must reconcile with reality. People in general are skeptical of technological changes, be they in their professional or personal life. What is sometimes lacking is the vision, to see how these new technologies that are resisting could make their lives a little easier. Today, technological innovations can destroy entire industries or others. Blockchain is one of these technologies that is anchored to the modernization of the digital infrastructure, thus contributing to the reorganization of data and resources. Through the industries, blockchain solutions have become the word of order to solve complex problems because of the blockchain that is decentralized, distributed, traceable, immutable, validated and verifiable. To this end, according to the Blockchain Enterprise Survey, almost 65% of large companies – defined as those employing at least 10,000 employees – are actively engaged in the distribution of the blockchain. As mentioned, although blockchain solutions are helping to solve problems in all sectors, what we are not equipped with are the risks interconnected with these solutions.

Blockchain-based smart contracts are expected to reduce the cost of transactions in all sectors, thereby attracting businesses and governments. The potential application of the blockchain is not only limited to finance, it extends to a variety of sectors, to make an agricultural supply chain more efficient. Today, companies from all over the world, from large to small in every sector, spend significant time and resources in blockchain solutions. Governments around the world are also leveraging the blockchain and the many benefits it has to offer.

That blockchain technology presents great opportunities for different sectors is quite evident; however, it is not an infallible technology. Even at a nascent stage in the distribution of blockchain, many organizations in all sectors are unaware of the growing threats that may affect its security. Recent incidents such as Parity Hack, Enigma Hack, Incident Decentralized Organization (DAO) and Bitfinex infringement have made it clear that hackers can exploit this technology.

For example, in the health sector, blockchain technology can be used to simplify the sharing of electronic medical records between patients and healthcare professionals. Here, unencrypted personal health information (PHI) published in global transactions can put sensitive information at risk, leading to regulatory and legal concerns. In addition, access to the medical records requires the patient's private key and, because the patient is the sole owner of the key, his loss implies the loss of access to all medical data. Furthermore, the irrevocability of blockchain technology makes it difficult to implement the "right to be forgotten", so a patient would not be able to have the right to cancel his PHI. This scenario requires an audit framework including: key generation and deactivation, maintenance and governance, registration and auditing of key usage, management infrastructure, traceability and version control and management of hash algorithms.

Read also | Third-party apps: RBI allows card networks to offer tokenization services

Furthermore, there are risks related to commercially sensitive data transactions on the blockchain platform. For example, on a public blockchain in the supply chain, any member of the public can obtain a complete copy of the entire transaction history and use it without restrictions. In the case of a private blockchain, the information is shared among all the participating nodes, but if the competitors are present on the same blockchain, they may be able to discover the commercial confidentiality information stored in the blockchain platform, thus putting sensitive data at risk. The lack of a governance model for the blockchain, therefore, can lead to unresolved disputes about incorrect transactions or cross-border transaction flows.

Other concerns remain with regard to ownership, governance, dispute resolution, security and privacy around smart contracts and blockchain-based platforms themselves. Risks are magnified due to the absence of a central regulator or a governing body to deal with disputes when they arise. Traditional audit models do not take into account many of the risks associated with blockchain-enabled processes, and therefore the need to understand the specific set of unique risks and the development of an evolved auditing approach specific to blockchain-enabled solutions. .

In summary, since blockchain continues to create significant momentum and reality begins, organizations can no longer turn a blind eye to security and risk management. While business executives are at the forefront of blockchain use, they simultaneously need to reexamine processes and functions that have remained static for decades. Taking advantage of an effective audit framework could provide a solution to exploit and mitigate a series of unique risks that blockchain brings to the table.

(The author is a partner, IT Advisory, KPMG in India)