When designing a blockchain solution, consider these key questions:
- What is the governance model for participating organizations or members?
- What data will be captured in each block?
- What are the relevant regulatory requirements, and how can they be met?
- How are the details of identity managed? Are block payloads encrypted? How are the keys managed and revoked?
- What is the disaster recovery plan for the blockchain participants?
- What is the minimal security posture for blockchain clients for participation?
- What is the logic for resolving blockchain block collisions?
When establishing a private blockchain, ensure that it's deployed in a secure, resilient infrastructure. Poor underlying technology choices for business needs and processes can lead to data security risks through their vulnerabilities.
Consider business and governance risks. Business risks include financial implications, reputational factors and compliance risks. Governance risks emanate primarily from blockchain solutions' decentralized nature, and they require strong controls on decision criteria, governing policies, identity and access management.
Blockchain security is about understanding blockchain network risks and managing them. The plan to implement security to these controls makes up a blockchain security model. Create a blockchain security model to ensure that all measures are in place to adequately secure your blockchain solutions.
To implement a blockchain solution security model, administrators must develop a risk model that can address all business, governance, technology and process risks. Next, they must evaluate the threats to the blockchain solution and create a threat model. Then, administrators must define the security controls that mitigate the risks and threats based on the following three categories:
- Enforce security controls that are unique to blockchain
- Apply conventional security controls
- Enforce business controls for blockchain
IBM Blockchain services and consulting can help you design and activate a blockchain network that addresses governance, business value and technology needs while assuring privacy, trust and security.