Technically Speaking

The Official Bigstep Blog

 

Blockchain Apps on Bare Metal Servers Part 1: Big Data and Security

Blockchain applications are becoming more and more popular both in the public and in the private sector. However, most people still put an equal sign between blockchain and bitcoin. But are cryptocurrencies the only use case for blockchain? Is that why the massive hype about it emerged in recent years?

There’s actually more to blockchain than cryptocurrency mining. It wouldn’t be fair to dismiss the entire technology and consider it only in regards to mining. Enterprises are increasingly using blockchain for digital transformation of their key business processes, since this technology can both ensure data security and quality, and provide an innovative way of handling different types of transactions.

In this article, I will discuss the security aspects of applications that also use blockchain and how can you use big data to make this technology even more powerful. Throughout this article we are discussing applications that use blockchain among other technologies.

Blockchain – Not Only Crypto Mining

Blockchain can be viewed as a specific type of database, since the data is stored in blocks that are chained together. Blockchain records information in such a way that makes cheating and hacking very difficult, near impossible. Instead of a central authority that decides how this data is stored, each block is connected to the others in an advanced decentralized system and each contains a group of information or transactions. Advanced cryptography helps with making sure no fake blocks are added to the blockchain.

To change the way the system works, or the data stored within it, all nodes in the network need to agree and they need to spend computing power to rebuild the entire chain. The decentralized network’s computing power would need to agree on all changes made. This is also why the blockchain is considered to be so secure; effecting changes anywhere in the chain except at the top of the chain is very compute intensive, since each block is added in chronological order, with no possibility of resetting their timeframe.

The technology is said to be able to immutably record any number of data points; this could mean anything from financial transactions, product inventories, votes in an election, state identifications, shipping logistics, business contracts, food safety, stock trades, supply chain processes, art trade, and many more. Its use cases span far more than just cryptocurrency mining. However, in order to benefit from the technology’s usability, blockchain applications must follow certain data and security aspects that we’ll discuss below.

It must be mentioned that there are applications that are built 100% on the blockchain, and applications that due to cost and/or size of data choose a combined approach and are built mostly in the cloud with a blockchain component. In this article we cover the later.

Are Blockchain Applications Free from Hackers?

Misconception: Inherent blockchain security is enough.

Truth: Well, it’s not.

Blockchain is a technology that protects the owner of the data against unauthorized (and stealthy) data altering but not against unauthorized data access.

Blockchain is tamper proof due to data being structured in blocks replicated in different locations. Each transaction, has its unique code and a cryptographic hash key derived from encrypting all prior transactions. A user cannot change the record of transactions due to the need to re-hash all prior blocks which would mean both expending a high amount of compute power and getting all the other nodes to agree to the change. However if all nodes or a majority (51% of nodes) are under the control of the same company then the technology is no more tamper proof than a traditional database.

If the nodes are not under the control of the same company and are let’s say distributed on crowd-sourced nodes then there is power in numbers and a hacker cannot hack all nodes (assuming there is no zero day exploit).

However, being tamper proof doesn’t mean it’s read proof. If the nodes are under the control of the same company then only that company can read the data but if the data is on crowd-sourced nodes then hackers have direct access to the data through the very nature of the technology. The data itself might be encrypted but no encryption is unbeatable with enough computing power.

There are additional ways in which data can be compromised: zero day exploits, phishing, stolen keys, key logging, routing attacks, Sybil attacks, and 51% attacks. You are never 100% secure.

Securing your Blockchain Environment and Tech Stack

Security and privacy are key to IT stability. When building a blockchain application, it’s best to think ahead of the security layers throughout the tech stack. Managing permissions and governance throughout the network should also be top of mind.

Since blockchain technology in itself is slow, and the cost of putting your whole app on the blockchain is too big, most companies choose a combined approach: keeping all the large data, such as documents, graphic content, videos, etc. in a cloud, but using the blockchain technology to store the transactions, the most important data, and the metadata of the application assets. This way, your data and metadata are secure and immutable, and you have a lot of storage space to host your assets in a suitable infrastructure.

You’ll need to take into account both the security layers unique to the blockchain technology, but also the more traditional security options of your hosting infrastructure.

The security layers unique to the blockchain technology are:

  • Smart contract security
  • Implementation of an identity and access management system
  • Security and privacy of data
  • Key management
  • Private and secure communication
  • Transaction endorsement

The infrastructure security aspects:

  • Type of hosting and their inherent security
  • Encryption
  • Access to hardware and network

For the infrastructure layer you could use the public cloud to host your blockchain app, and many do, but do public cloud offerings have effective security controls in place? And moreover, is your team proficient enough to secure your public cloud deployments correctly?

Having all your data online, in the cloud, brings about a significant disadvantage regarding security. Hacking, privacy breaches, and cyberattacks are common risks in the cloud.

Blockchain Apps on Bare Metal Servers

However, there is another option to host your application and be certain of a high level security.

As compared to the public cloud, bare metal servers come with inherent hardware security. They are single-tenant machines, where only you have access to the server. You have your own IP, and you can decide who else can have access. In short, managing permissions is all up to you. For high levels of security, bare metal servers are the undisputable option for creating your blockchain app, due to:

  • Single-tenancy
  • No hypervisor, no risk
  • Being in control of the hardware and network yourself
  • Encryption options (disk, network traffic, application, databases)
  • ISO-certifications

Conclusion

Each blockchain solution has its own requirements. At Bigstep, we strive to accommodate our clients’ needs in order for you to get the best out of the technology and reach your goals. Alongside you, we can build the right infrastructure for your unique needs.

We help IT professionals and data scientists host and manage large-scale, fast-moving, most demanding workloads such as big data, high-traffic websites, and micro-services based applications, and we can also accommodate your blockchain app.

Bigstep is not about a transaction. It's about being your partner in growth.

Got a question? Need advice? We're just one click away.
Sharing is caring:TwitterFacebookLinkedinPinterestEmail

Readers also enjoyed:

"I Thought You Would Secure That S3 Bucket"

As a Romanian Real Estate company recently found out the hard way, diving head first into the cloud can have some devastating consequences, at least from…

Blockchain Apps on Bare Metal Servers Part 2: Stability, Resiliency, and High Availability

In part one of this series, we’ve discussed blockchain security. To achieve the full potential of your application and of the blockchain technology, and…

Leave a Reply

Your email address will not be published.

* Required fields to post your comments.
Please review our Privacy Notice in order to understand how we process your personal data and what are your rights in this respect.