Digital solutions offer many benefits, but also present new risks as organizations become more open and agile. For example, Blockchain technology is transforming and disrupting industries across the board. However, there is a constant requirement for organizations to define their blockchain security strategy in order to safeguard blockchain eco-system and therefore their business reputation. In an exclusive interaction with CXOToday, Suhas Desai, Vice President, Digital Security Services, Aujas Network,explains why ignoring security risks in an organization’s Blockchain strategy can put one’s business reputation at stake. He also throws light on how enterprises can guard their turf in the world of data deluge, Internet of Things, cloud migrations and other emerging technology practices.
CXOToday: What are the top security concerns today for any organization?
Suhas Desai: With the advent of digital transformation and free flow of data, organizations need to have a strong security architecture to protect critical business data, identity and access of data. One of the prominent trends today is cloud migration of data across government organizations and highly regulated industries. Sensitive data is now everywhere, no longer in just the data center of the enterprise, but spread out in the data centers of Amazon, Microsoft, Google, and others. Another change that is happening is the use of mobile platforms and BYOD. Estimates are that by 2020, mobile devices will account for 42 percent of the computing done in the global workforce. For all the advantages of cloud and mobile computing, there is also increased cost for data breaches.
Companies need to take a strategic approach to security to understand who is touching critical business data and why. A well defined data privacy framework is the key to better security and to protect against critical business data and IP loss. To deliver this, organizations need to better understand modern user practices, to create a policy of dos and don’ts built around the users and a focus on both enablement and security in equal measure. Organizations also need to have a good degree of visibility over users’ behavior and intent. Identifying anomaly in normal user behavior will help quickly identify potential breaches and stop them before they happen.
CXOToday: Can you comment on the current state of blockchain adoption globally as well as in India? Where do you see maximum traction?
Suhas Desai: There has been an increasing demand for blockchain technology across industries such as health care, finance, automotive, government, and retail sectors and the market is expected to reach $9.6bn by 2024. More and more organizations in India as well as other countries are now exploring possible uses of blockchain technology. In India, majority of the banking companies are implementing blockchain technology in order to accelerate process and minimize roadblocks to approving new loans. Through blockchain technology, issues with ownership and land titles can be solved easily by digitizing and authenticating complex records in India. Some of the key security concerns for adopting blockchain technologies are:
– Replay attacks in parallel fork chains
– Transaction tampering which allows alteration of data for blocks without the approval of other nodes in the chain
– Weak permissioned network in organizations leading to Denial of Service (DoS).
CXOToday: Ignoring security risks in an organization’s Blockchain can put one’s business reputation at stake. Could you explain in what ways and how can companies guard their turf?
Suhas Desai: There is a constant requirement for organizations to define their blockchain security strategy in order to safeguard blockchain eco-system and therefore their business reputation. The 4 key principles to ensure security in private blockchains are:
– Developing Strategic Blockchain design – Exploring the feasibility and developing distributed hyper-ledger technology will help organizations to develop a design that is customized for each domain and firm. It also helps in identifying the scalability and transparency of security.
– Endorsing policies- In a private blockchain network, the number of confirmation requirements for validating transaction must be authorized from trusted and authenticated business participant entities. Organizations must also focus on strengthening techniques such as profiling, monitoring and detecting regular behavioral patterns based on transaction history.
– Cryptography management – A detailed process on cryptography must be developed and aligned based on the customization that is required for implementing blockchain and integrating it with the concerned domain.
– Limiting Access Rights – It is always advisable to identify and gauge all the blocks or transactions in private blockchain that is restricted only to participants based on their access rights.
CXOToday: What are some of the blockchain security projects you’re working on?
Suhas Desai: We empower industries with blockchain technologies and are already working with more than 20 banks and financial services providers in order to secure their blockchain infrastructure and delivery process. At present, our focus is on security governance and security controls implementation project with one of the leading banks.
CXOToday: Could you tell us about your SaaS based IOT platform for registered device management and how is it helping in government Digital India efforts?
Suhas Desai: Aujas IOT platform is precisely designed to manage devices effectively. It primarily helps to ensure secure biometrics authentication in all the initiatives undertaken by Digital India. The SaaS platform that we have built primarily manages every device that is registered under a unique ID resulting in prevention and protection of the device from any alien invasion.
CXOToday: With many new age companies working in the area of advanced security technologies, what makes Aujas different from competition?
Suhas Desai: We primarily help organizations and businesses manage information risks by protecting software, data, identities and people and also strengthen intelligence frameworks and security governance. In this competitive market, most of the organizations focus on 15-20 security solutions that do not include IoT device management and API security. However, in the face of transforming threat landscape, organisations require particular services that majorly focus on API security and the like.
We, at Aujas offer niche services in IOT devices management through SaaS platform, Blockchain Security and API Security plugins engineering. In the era of Industry 4.0 Aujas also ensures to provide its customers with the new age security solutions.
CXOToday: What are your security roadmap with Blockchain and other advanced technologies?
Suhas Desai: In our 10 year history of protecting identities, governments and communities, our primary aim has been to offer a holistic approach to our customers that focuses on fundamental business issues and how they interrelate with risk mitigation strategy, compliance, governance, and other key strategic information problems. As far as blockchain is concerned, we have developed a solution methodology to help secure Blockchain lifecycle and online transactions and also codify digital relationships with transactions taking place in every possible sector.
We are currently building full-fledged security governance and security engineering controls for blockchain eco-system’s components. For Aujas, India is a very crucial market and we are definitely planning to continue to invest here in the coming years of our existence.
