IBM Puts Its Twist on Blockchain With New Security Framework

IBM launches new secure blockchain services for financial services, government and health care on IBM Cloud.

Cloud security

Once again, IBM has taken an emerging technology and put its own special twist on it to make the technology work for Big Blue and its enterprise customer base. This time it's the blockchain distributed ledger technology that IBM has optimized.

IBM has been able to tap into emerging technologies and quickly adapt them to the IBM way. The company has done this with a host of technologies such as Apache Spark, Hadoop, Cloud Foundry, Java, Linux, the Internet of things (IOT) and more.

A blockchain is essentially a distributed database that enables users to design a digital ledger of transactions and share it amongst a distributed network of computers. Blockchain is the technical foundation of Bitcoin and other cryptocurrencies, largely because it provides a transparent, secure and simple way to transact business. The core components of blockchain are a network of computers, a network protocol and a consensus mechanism.

IBM refers to blockchain as an operating system for interactions. "It has the potential to vastly reduce the cost and complexity of getting things done," reads a description of blockchain on IBM's Bluemix site. "The distributed ledger makes it easier to create cost-efficient business networks where virtually anything of value can be tracked and traded, without requiring a central point of control."

However, because blockchain is an emerging technology, no standards have been established on the requirements to securely operate blockchain networks in the cloud, IBM said. To help speed the adoption of blockchain for business, IBM announced a new framework for securely operating blockchain networks, as well as new services on the IBM Cloud that meet existing regulatory and security requirements.

Although, blockchain networks are built on the notion of decentralized control, some cloud environments leave back doors open to vulnerabilities that allow tampering and unauthorized access, IBM said. The company tasked its security experts, cryptographers, hardware engineers and researchers to create new cloud services for trusted blockchain networks.

"When it comes to blockchain for the enterprise world, our research has shown that permissioned blockchains are the only way to go," said Jerry Cuomo, vice president of Blockchain at IBM, in a blog post.

Moreover, in contrast to their permissionless counterparts, permissioned blockchains are the only systems that can enforce policies that can constrain both access to data and participation in the network, based on identity, Cuomo said. "This design enables participating companies to comply with data protection regulations. Permissioned blockchains are also more effective at controlling the consistency of the data that gets appended to the blockchain, allowing for more granular decision processes to be built on top of them."

IBM's new blockchain cloud services provide an auditable operating environment with log data to support forensics and compliance. The services also enable users to store crypto keys and monitor unauthorized attempts to enter the system. Plus, the new IBM Cloud services provide protected environments to prevent leaks through shared memory or hardware.

IBM's new blockchain solutions and initiatives are an interesting example of how the company can move, more or less unilaterally, to innovate in emerging technologies, said Charles King, principal analyst at Pund-IT.