The Cloud Security Alliance (CSA) has published a report on blockchain or distributed ledger technology (DLT) that highlights risk and security considerations. The report specifically focuses on Hyperledger Fabric security.
The CSA is a group that represents a diverse group of firms in the cloud services realm. Board members include representatives from Microsoft, DTCC, Sallie Mae, and more.
Dr. Frederick Wamala, the CSA’s lead author in crafting the document, said:
“There is no shortage of guidance on how to design, configure, and deploy Hyperledger Fabric, but too few documents take a systematic approach to Fabric security that recognizes that durable security always starts with requirements. Configuration-led fabric guidance, for instance, rarely explains why high assurance security controls are needed to obtain authorization to operate blockchain solutions in critical sectors. We wanted to close the information gap by highlighting the steps that should be considered when designing these types of blockchain solutions.”The goal of the document is to encourage businesses to “take a holistic view of blockchain/DLT network security.”
The report provides guidance in helping:
- Business and government leaders understand the true risk balance of using blockchain and the resultant security, financial, regulatory, reputational, business, and consumer risks
- Chief Information Security Officers and enterprise security architects assess the risk of introducing DLT components into a corporate network while maintaining compliance
- Regulators and internal risk managers evaluate the potential risks associated with financial crime, consumer exposure, and espionage and devise appropriate policies in response
- Individuals gain high-level knowledge about blockchain security and reduce their exposure to fraudulent activity and unsuitable products
The report notes the rising frequency of hacks, attacks, scams, and other nefarious activities targeting blockchain-powered platforms. The authors say that DLT platforms are “attractive to advanced Threat Actors, such as nation state-sponsored groups, criminal organizations, etc., because blockchain networks host large codebases, many networked nodes, and valuable data flows.”
if you are interested in the report, it is available here.