Blockchain is much more than just cryptocurrency, Adam Tervort
There’s an interesting dichotomy in blockchain and blockchain-based apps. Most of us know about blockchain’s importance to cryptocurrency, but that may not be the most interesting use in the long run. Establishing the fidelity of data across business and government networks may be the biggest blockchain breakthrough.
Blockchains are being used for innovative cryptocurrency and cryptocurrency-related projects and that continues to be the main citation of blockchain technology in media. There are also many noteworthy things companies are experimenting with on existing cryptocurrency blockchains to facilitate critical, if pedestrian, tasks like file storage.
At SpiderOak, we decided that blockchain was a technology we could leverage to solve some specific problems. We didn’t start out wanting to use blockchain, but it turned out to be the most efficient solution in the development of CrossClave, our new business tool for secure collaboration.
We started by developing an underlying platform to secure the movement of data between endpoints. There are lots of ways to do this. The correct way, of course, is through the use of encryption-key distribution—a problem that we spend a lot of time thinking about. It’s one of the areas we feel we’ve done some really innovative work in. For everything from chat to file storage to voice chat, we knew we wanted end-to-end encryption, which of course requires effective key distribution.
The last piece to making this platform secure is policy and user management. This is where blockchain plays an important role. In CrossClave, policy and user management actions are recorded on private blockchains and are committed through use of our custom policy language.
We decided to do this is because blockchain has unique properties: it is an immutable record of the actions that have been taken on the system. This is crucial for auditing and analysis. We wanted CrossClave customers to be able to see exactly what actions were taken, by which users, at what time, and we want to make sure that this record is tamper proof. This is crucial for stopping inside threats, as well as to determining where malicious actions originated.
One of the ways that we’ve seen in the past that malicious actors were able to cover their tracks is by editing log files. Hackers steal something that they’re not supposed to access, and after they’re done, they edit the log files to conceal what they’ve done.
This is not a foolproof way to get away with intruding into a system, but it does give hackers room to run. It is a technique used repeatedly in major corporate hacks of the last decade, including in the seminal 2014 North Korean hack of Sony Pictures.
The indelible nature of blockchain is the basis for the auditing features that we’ve built with CrossClave. We’re able to ensure that things that happen within the system are properly logged and can therefore be audited. Administrators run a tool to crawl the blockchain and write which actions were taken by whom and when. Unlike blockchain ledgers for cryptocurrency, which are public, this ledger is private and encrypted.
The second thing that blockchain gives us is an effective way to handle metadata in a complex system. Part of the need for this is driven by the different roles for users, who need to do different things in different projects. For example, Alice was added to a team, Alice then created a space and added Bob to the space, after which Alice made Bob an admin of the space. These actions all get added into the blockchain. There is a clear chain of custody, an essential tool for enterprises.
This chain can be useful in many organizations, but is particularly useful for those with legal or regulatory reasons to track information and roles. Record keeping that used to require immense effort and expense is now easy.
Cryptocurrency and apps based on distributed ledgers have done the world a huge favor by giving us a new perspective on decentralization and technologies like blockchain. Just because cryptocurrency was the first thing built on blockchain doesn’t mean it’s the last word in how this technology can be used. Even if we’re never going to offer “SpiderCoin,” we know that blockchain is a big part of our future. We’re excited for the innovations that come from the cryptocurrency world as they give us new tools in our tool chest to make great software.
Adam is the Vice President for Customer Success at SpiderOak, a secure communications and space cybersecurity company.