Atlantic.Net Blog

Blockchain Security & Compliance: Is This the Future?

The technology that pushed Bitcoin and other cryptocurrencies into the public eye is a distributed ledger, better known as blockchain. This approach gives any entity that uses it an ongoing and dynamic transaction log. Over time, data is shared and compared to various other nodes, all of which continually have an up-to-date database copy. Auditing controls the adding of transactions to the database. By distributing transactions in this manner, you are able to remove single points of failure (SPOFs); prevent the controlling of the ledger from a single position; and verify all your transactions, with no need to utilize an independent service. All transactions are public, making it much less likely that the ledger is gamed to meet the needs of a nefarious party.

To sum up blockchain’s potential, Blockchain Revolution authors Don & Alex Tapscott call the technology “an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.”

Ameer Rosic uses a spreadsheet as a model to explain how blockchain works – a spreadsheet with thousands of copies throughout a network, with routine updates to reflect any changes.

Why self-sovereign ID is on the rise

The means that has traditionally been used to protect secure account access is a username and password. These login credentials represent a key area of risk for companies – but one they have taken as a given to do business online. There are more complex and robust developments for data protection that will minimize your chance of an attack, but username/password as security is still the established standard.

Implementing blockchain for verification of the identities of users is one way to fundamentally improve your defenses against a successful breach.

Incorruptible, non manipulable, and focused on only giving authorized users access, self-sovereign identification (enabled by blockchain) is a much more powerful way to keep the data at your organization safe.

Blockchain has its own strong attributes in terms of safeguarding information; and self-sovereign ID expands on its possibilities. The concept of self-sovereign ID is best understood in contrast to the model that has generally been used for establishment of identity. Part of the reason the original method is problematic is the premise of an identity provider (IDP); via an IDP, you get an identifier (such as a username or email address) that can then be combined with a password of your choosing for access.

We are accustomed to this usernames and passwords model, through which we each have dozens of sets of login credentials for all the services we use. However, it is a top-down approach. As Computerworld explains, “online identity has traditionally been viewed through the lens of an organization and its needs, not the individual and his or her needs.”

Self-sovereign ID means that an individual is placed in control of her own online identity. Different scenarios require different aspects of your identifying attributes. Today, disparate components of your identity are spread across many different infrastructures of independent providers. As Financial Services Club chair Chris Skinner notes, self-sovereign ID gives you each segment of your personal data within a “wallet” or “box,” allowing you to reveal what you want based on the intended recipient.

As an enhancement to the security benefits of blockchain, self-sovereign ID will revolutionize verification. Its scope in 2016 was estimated at $8.7 billion; by 2021, the market will increase to $9.7 billion, according to a projection from market researcher Smithers Pira.

Why P2P offers a new normal

One key descriptor of blockchain is that it is achieved via peer-to-peer (P2P) connections. P2P describes a network that grants identical privileges to all users; there is no hierarchical structure of roles and responsibilities. Power or authority is decentralized within blockchain, just like the ledger is.

To look at this aspect in action, think of a situation in which you have a product that has value – such as a song. If you wanted to charge for it, you would need to reset access so that only people who have paid can listen. The verification process is usually handled by a third party. Blockchain promises to create a new normal in which authorization can occur in the absence of an outside party. The P2P characteristic makes it possible for you to deliver a product straight to the listener, and collect payment directly from them – just as if you are performing this transaction in person.

Why blockchain is increasing in HIPAA systems

Healthcare is one of the most important fields for data protection because of the strict parameters within federal law (the Health Insurance Portability and Accountability Act of 1996, or HIPAA, and the Health Information for Economic and Clinical Health Act of 2009, or HITECH). Beyond the need to achieve HIPAA compliance, health organizations are often targeted by hackers; and the costs of data breaches extend far beyond fines to many other costs, such as forensics, legal costs, and notifications to your impacted patients.

Interoperability, a key and necessary positive for medical data to integrate seamlessly, has only exacerbated the security issue with health records.

To allow for interoperability of electronic protected health information (ePHI) while keeping everything completely protected, blockchain within a HIPAA compliant cloud database is one option that is increasingly interesting to healthcare organizations.

Getting to the point that blockchain is safeguarding patient records will require major modifications to the way that healthcare ecosystems are structured. However, it is a method that is already being implemented by many organizations to allow for this form of integration, as indicated by Dhawal Thakur of MarketandMarkets.

Blockchain “on time” for the May 2018 GDPR launch

The European Union has released a new set of security specifications for the treatment of private information, called the General Data Protection Regulation (GDPR). This new law will cover all sensitive personal data of people in European countries, regardless whether the service that is handling the information is within the EU or not.

The GDPR provides transparency to citizens; therefore, anyone is able to know what data is being processed, stored, or transferred, along with an explanation for any such data treatment. Plus, individuals in the EU have the right to a free digital list of all information that is being used.

The advent of the GDPR is evidence that any company, at least any that is doing business internationally, must be increasingly concerned with security and compliance.

This new set of rules for selling to European customers may sound like a headache from a business perspective; however, its appearance has benefits. A report from digital identity company Valid frames the issue of the GDPR as an opportunity for differentiation, suggesting that companies that work to bolster their security and privacy practices, doing more than what’s required for compliance, will impress their customers and better retain them through a better establishment of trust.

Your secure infrastructure

Security is paramount in today’s online world, and all organizations want to use the most advanced technologies for a proactive stance toward the threat landscape. Be certain that your hosting service is properly meeting your needs by using security best practices – as indicated by compliance with PCI DSS, HIPAA, HITECH, and SSAE 18 SOC 1 & SOC 2. See our HIPAA server hosting solutions.

Get a $250 Credit and Access to Our Free Tier!

Free Tier includes:
G3.2GB Cloud VPS a Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year