How blockchain technology is changing the security landscape in the banking sector
Blockchain, the technology that is used in the popular cryptocurrency 'Bitcoin', is revolutionary in many ways. It addresses multiple challenges associated with digital transactions, such as double spending and currency reproduction. Employing blockchain also reduces the cost of online transactions while simultaneously increasing authenticity and security. The upshot is that the need for payment processors, custodians, and reconciliation bodies is eliminated. These benefits are amongst the prime reasons why the technology is being extensively deployed within the banking sector.
But, quite interestingly, the merits of blockchain technology are not limited to securing digital transactions alone. The IT infrastructure that is used to process digital transactions also benefits immensely from blockchain deployment, which offers multiple cybersecurity advantages to banking applications. Here's a look at how this happens:
A blockchain is a series of blocks that records data (financial, in this case) in hash functions with timestamp and the link to the previous block. These blocks are anonymously stored with other stakeholders within a network. This eliminates centralised points of vulnerability which cybercriminals can exploit. Moreover, previous blocks cannot be overwritten in a blockchain and all transactional data is verified with every relevant stakeholder, making data manipulation is extremely impracticable.
Blockchain technology is being used to protect sensitive records and to authenticate the identity of a user. Keyless Security Infrastructure (KSI) stores data hashes on blockchains and runs a hashing algorithm for their verification. Public Key Infrastructure (PKI), an encryption approach which is particularly vulnerable to man-in-the-middle and DDoS attacks, is therefore deleted out of the equation. Any data manipulation can be easily spotted as the original hash is available on other nodes linked to the system, enabling banks to go beyond asymmetric encryption and caching in public keys.
Simple logins and centralized IT infrastructure are also some of the biggest vulnerabilities that banks face. End-user protection becomes an especially daunting task, given that - despite comprehensive cybersecurity - weak passwords often give cyber attackers an opportunity to penetrate the network infrastructure. The deployment of blockchains enables authentication of users and devices without password protection; the decentralisation of the network helps in generating consensus between different parties for verification through blockchain-based SSL certificates. The distributed and decentralized nature of the network that verifies the integrity of the transactions and associated account balances makes a successful attack mathematically impossible."
This delinks the human factor from the security of banking operations and provides strong authentication. It also facilitates speedy identification of the point-of-attack in case of a network security incident.
Certain block-less distributed ledgers are additionally enhancing structural security of IoT devices. Devices in such network environments can recognise and interact with each other in a peer-to-peer manner, without the need for a third-party authority. Complemented with two-factor authentication, this offers unprecedented security to the network infrastructure and makes it impossible to forge digital security certificates.
Blockchain technology can also play a pivotal role in securing internal communications, which are prone to data leaks and cyberespionages. End-to-end encryption fails to cover the metadata - something which can lead to leakage of sensitive information. In blockchain-based systems, the metadata used for communications is scattered in the distributed ledger and cannot be collected at one centralised point.
Blockchain has emerged as one of the most disruptive technologies and has minimized the prevailing security issues in financial transactions. As other viable implementations for the technology are being explored, blockchains are coming to fore as top-contenders for solving an array of cybersecurity challenges and providing end-to-end security to banking institutions.
Though blockchain has several advantages over other systems, there are still a few challenges in terms of compliance, regulations and enforcement that will need to be addressed. For example, regulatory issues demand clarity over jurisdictions and how to comply with KYC (Know your customer) and AML (anti - money laundering) laws. But, the increasingly growing demand and acceptance by enterprises would help overcome these challenges sooner than anticipated.
Sunil Gupta, President and Chief Operating officer at Paladion.
ServiceNow pumps millions into EU service compliance
ServiceNow, the digital workflow company, has announced a multimillion euro investment to help EU customers meet compliance requirements.
The legal, technical and organisational safeguards will help companies to comply with the the Schrems II judgment and European Data Protection Board (EDPB) Recommendations issued in June 2021.
ServiceNow’s investment means all EU-hosted data will be exclusively handled within the EU, and the cloud-hosted digital workflow provider claims its solution will come “without impact on current delivery and service”.
ServiceNow upgrade: free of charge
There will be no cost for current customers to opt in to the data compliance solution, even though ServiceNow is investing an unspecified multimillion euro sum and hiring more than 80 new staff across the bloc.
Mark Cockerill, vice president legal, EMEA and global head of privacy at ServiceNow, said: “With any regulation change, cloud services companies have a choice. They can adopt a ‘wait and see’ approach or get proactive and help customers and partners innovate. At ServiceNow we are on the front foot, continually investing in our customers, allowing them to operate with the highest level of choice and control over their EU data.
ServiceNow upgrade: ‘peace of mind’
“Our new EU-centric service delivery model will give our current customers and partners peace of mind. For customers and partners operating in highly regulated industries, or in the public sector, or those that have yet to make the switch to the cloud, this model gives them certainty and simplicity when selecting the cloud service that best suits their needs.”
Carla Arend, lead analyst, cloud in europe for IDC, said, “The Schrems II ruling has led European organizations to revisit their cloud-related data protection policies and processes when it comes to international data transfers through cloud services.
“Contractual, privacy, and security safeguards and the assurance that data will be kept and handled in the EU help European organizations to comply with European data protection laws while taking advantage of global cloud platforms. Vendors, such as ServiceNow, that invest to support their customers in response to this ruling are providing essential choice to their customers.”