You might be familiar with public blockchains — the underlying technology powering cryptocurrencies like Bitcoin — but not yet sure how private, enterprise blockchain could work for your company. You’re in good company: Blockchain is a whole new world, and innovators are just starting to identify the wide-reaching applications and possibilities for businesses.
At its core, blockchain is a ledger of transactions that is decentralized, secure and immutable. With the introduction of decentralized applications and smart contracts, the possibilities for blockchain have expanded far beyond cryptocurrencies. Blockchain technology can enable any ecosystem of participants — enterprises, machines or individuals — to securely exchange and distribute goods, services, data and currency with assurances of transparency, accuracy, and security. These assurances enable myriad uses cases in supply chain digitization, smart cities and intelligent infrastructure, and manufacturing 3.0.
Today, however, many enterprise blockchains are running in the cloud and often in a single datacenter. This goes against the philosophy that blockchains should be fully decentralized and opens up security risks associated with managing data in a single location. Cisco believes the next generation of enterprise blockchain systems should be fully decentralized and offer hybrid deployment models, where blockchain nodes can be on-premise behind firewall systems or use public cloud nodes or some combination of the two.
In addition, business leaders need to think holistically about end-to-end security. A common misconception is that the distributed nature of blockchains makes them inherently secure, and in many ways, they are. However, without the correct design measures, they can be prone to multiple threats, for example through the exploitation of infrastructure-level vulnerabilities. Our approach involves end-to-end security architecture, leveraging analytics that spans the infrastructure layer through to the application layer.
Finally, when evaluating any new enterprise blockchain technology, it is important to consider the ease of adoption. This includes the ease of deploying and managing the network, developing applications with best-in-class tools, and integrating with existing enterprise systems. Our blockchain framework includes interfaces that expose the necessary functionality to perform these objectives, simplifying the process of connecting to existing systems, such as ERP and supply chain management systems.
Cisco is building a comprehensive foundation for enterprise blockchain technology that brings together our strengths in network automation, distributed systems architecture as well as capabilities around security, identity, and cryptography. If you’d like to learn more visit us at: cisco.com/go/blockchain
How are private blockchains different from a distributed database?
Immutability is a key difference, in theory. This article dispels the myth of absolute immutability, but enforcing the idea of immutability under realistic conditions. Having said that, a private-scale blockchain is probably more susceptible to a "51% attack" than a global-scale blockchain because there are less nodes.
https://www.multichain.com/blog/2017/05/blockchain-immutability-myth/
It is more susceptible, that is why you need permissions for private permissioned or permissioned (consortium) deployments. It's also why infrastructure security is a factor. I'm excited to see CSCO jumping into the space, hopefully they'll have support for Ethereum; permissioned and permissionless.
Hi Joshua,
Terrific question. There is a fundamental difference between a distributed system and a decentralized system, with different use-cases.
A distributed database scales to large datasets by spreading the data (data sharding) over several database nodes. However, those distributed database nodes are all run by a single organization, and are all part of the same logical database cluster in which all nodes trust each other. Distributed databases offer performance and scalability in centrally managed environments – when owned by a single enterprise.
Decentralized systems, such as blockchains, offer consensus between external business parties based on cryptographic methods that enforce data immutability. In dApps, the various databases, services and subsystems are not owned by a single enterprise, and they need to not trust each other. The blockchain consensus mechanisms ensure that each node has exactly the same dataset, used as a “single source of truth”, enabling multiple enterprises to collaborate on a common shared data platform without the need for any intermediary. In supply chain, for example, we have multiple enterprises with a need to exchange information and transact with each other, which can be made more on a shared, yet decentralized platform (reconciliation errors and data delays disappear). In supply chain, blochain node are owned and operated by each enterprise participant. Data ownership is shared and decentralized across each participant in the supply chain.
Distributed: Data is "split up” across nodes for performance and scalability. All nodes are centrally managed by a single enterprise "single ownership of data”.
Decentralized: Each node may hold a complete copy of the data or ledger – data is not necessarily split up. Each node is managed by different enterprises with different boards and different stakeholders – “data ownership is shared across all participants.”
Which blockchain technology is Cisco actively pursuing? Are there any approaches that combines blockchain and IoT?
Thank you Tristan for such as terrific question.
We elaborate on this topic in our blockchain white paper: “cisco.com/go/blockchain”, titled “Blockchain by Cisco” – page 12, section 4 Security and Analytics.
Unlike public blockchains, private blockchains are established among permissioned “known” enterprise consortium partners. For example, across a set of enterprises participating in a supply chain. Each enterprise hosts or manages a blockchain node. Nodes are typically not exposed to the public internet and are located behind each enterprises' firewall (often within the highly secure enterprise demilitarized zone DMZ).
Thus, a 51% attack actually requires:
1. The respective enterprises within the consortium to collude against each other, using their respective nodes, at an enormous scale. Let’s say we have 10 enterprises participating in a supply chain. We would need six out of the ten enterprises to agree to “band together” to collude against the remaining four in order for a 51% attack to occur.
2. A massive scale external assault.
A 51% attack could occur, in theory, without collusion, if six out of the ten nodes were compromised simultaneously by external bad actors. Penetrating one enterprise's defenses to take control of a node is difficult enough, let alone penetrating six enterprises simultaneously (especially if they are using Cisco security).
Lastly, if there were such a high degree of collusion or external attack, the blockchain network would exhibit clear telltale patterns or signatures within the traffic and transaction patterns.
In our whitepaper, we define the BAF – Blockchain Application Firewall (similar in concept to a web application firewall), which uses Cisco’s expertise in analytics and machine learning to detect for any unusual traffic signatures or signs of collusion in the event of such a scenario.
You can download our whitepaper at Cisco.com/go/blockchain.