It’s no denying that we live in a world where data has become more valuable than gold. This shift in the perception of the value placed on data by individuals and organizations is perfectly illustrated by the current enterprise landscape which has evolved to a point where it requires to collect and store vast amounts of data.
Security represents a top priority for any company which operates with a database system, regardless of the field of activity. In traditional systems, once a database admin or an internal attacker gains access to the database, the data becomes compromised as it can become subject to illicit practices such as internal fraud or ransomware.
These types of scenarios can represent a real threat in a data-driven society which can amount to substantial losses and even irreparable damages. Current backup and security mechanisms rely on outdated practices such as database snapshots to reconstruct the database in case of breaches and corruption. The problem is that snapshots aren’t efficient from a storage perspective because they are basically a copy of the database that needs to be stored in a separate secure environment. As new data accumulates, new space needs to be allocated for new versions of the database, which means that older snapshots are discarded and lost.
Data integrity and immutability
Each year, companies spend billions of dollars on cybersecurity solutions to secure their data from external tampering. Besides cybersecurity measures, companies and enterprises rely on third-party auditing firms to guarantee that data is correct and resolve any eventual disputes. Although an efficient line of defense, auditing firms charge a significant fee for their services, but more importantly there is the question of who verifies the auditor. In the end, companies are still required to place their trust in an external party to whom they must give access to their data.
At its core, data integrity is directly related to the readability and trustworthiness of database records. In legacy systems, ensuring data integrity entails constant maintenance and frequent backups to guarantee the accuracy and consistency of data during its life-cycle.
Blockchain provides a viable alternative to this model. By combining cryptography with hashing algorithms, blockchain ensures data immutability, a feature that brings unprecedented levels of trust to the data owned by enterprises. In turn, immutability provides data integrity which drastically simplifies audit processes, while providing proof to stakeholders that the information has not been altered.
In an enterprise context, data immutability significantly reduces overhead, streamlines operations and unlocks new value:
· Data integrity is assured by blockchain’s architecture and data storing mechanism. Once data has been introduced in a blockchain network, it cannot be altered without compromising the entire data chain. Any data discrepancies are automatically detected by the system, which allows companies to pinpoint in real-time any tampering attempts.
· Streamlined auditing – as an append-only structure, blockchain provides an indisputable record history of all the data that has been introduced in the network.
· Enhanced efficiency – data immutability enables information traceability and record history which can unlock new business momentum and new opportunities in analytics
· Ideal settlement ecosystem – data traceability, immutability, integrity, and a complete record history can reduce costly business-related disputes from months and even years, to a couple of days
For more than a decade since the technology has entered the market, it has firmly positioned itself in the limelight, gaining significant support and following. Even so, there is still much confusion over what is blockchain, and how it differs from technologies that preceded it. Blockchain is a distributed incorruptible ledger of economic transactions that can be programmed to record not only financial transactions but virtually any type of data that has value. A type of distributed ledger technology (DLT), blockchain is a digitized, distributed database that records all the information introduced in a decentralized peer to peer network.
The created database is then replicated and shared among the network participants. This means that all members have access to the information, which provides a highly transparent environment. As an exercise in imagination, when talking about blockchain, one should envision an ordered list of blocks, where each block is identified by its cryptographic hash. Every block is arranged in such a way that it references the block that came before it, which leads to the creation of a chain of blocks (hence its name).
When a new block is created and appended to the blockchain, all the information contained by the new block will be available to every member of the network. Once recorded, the data in any given block cannot be altered retroactively without the alteration of all subsequent blocks, which requires the collusion of the network majority.
Benefits of data immutability and data integrity
Tamper resistant data ecosystem
Currently, cybersecurity trends tend to focus mainly on preventing external attackers from accessing, destroying, or corrupting sensitive data. But often than not, an equally devastating type of cybersecurity risks, namely of the internal kind, do not receive the attention they deserve. Internal data leaks are the most common type of data breaches, that usually stems from employees. Although there are occurrences when an employee goes rogue and wilfully sabotages the company, most of the time it is purely accidental. Regardless if it was intentional or unintentional, the damages to reputation and profits are the same. In order to mitigate internal data leaks, companies employ strict internal policies, and data access mechanisms to restrict access.
Due to the sum of its beneficial characteristics, and its unique design choice, blockchain emerges as an anti-tamper technology, capable of demonstrating through complex algorithms that the data stored has not been modified by a malicious actor. Blockchain achieves tamper resistance due to its data storing mechanisms and extensive use of cryptography and hashing functions. Hashing is a process through which data input is passed through a hashing function to obtain a hash digest, also referred to as checksum, a string of characters that acts as a unique identifier. In the world of data security, hashing brings a number of major benefits.
Firstly, each input gives a unique hash digest. Even if only one byte is different between two seemingly identical files, the resulting outputs will be completely different. For example, if we take the input “Data” and pass it through the SHA – 256 hashing function (the most popular hashing function in the blockchain world) we will receive the following hash digest, an alphanumeric string of 64 characters: cec3a9b89b2e391393d0f68e4bc12a9fa6cf358b3cdf79496dc442d52b8dd528. If we take the same hash function and pass the input “data”, the hash digest will be drastically different: 3a6eb0790f39ac87c94f3856b2dd2c5d110e6811602261a9a923d3bb23adc8b7.
Secondly, it’s impossible to reverse engineer a hash digest, which means that you can’t determine the original input from the hash digest.
Blockchain is considered to be an anti-tamper technology due to its clever use of hashing. When new data is added to a blockchain, it first gets verified by the system, timestamped and embedded into a data container referred to as a block of transactions, which is cryptographically secured through a hashing function that incorporates the hash of the previous block in the new block to seal them together. This process is repeated for every new data insert to produce an interdependent chain of blocks, where the smallest change in a block will render all of the following blocks obsolete, as their hashes will no longer match.
In an environment of ever-expanding security threats, businesses and enterprises have witnessed an exponential increase in the volume and reliance on sensitive data. Giving this context, data-centered security tools and measures have become a primordial interest for companies seeking to safeguard their data as it transits over different networks, servers, and applications. In a race to provide a haven for company data, trade secrets, as well as customer and employee sensitive data, native database auditing tools, and database activity monitoring mechanisms have become a standard in the enterprise sector.
As the name implies, native database auditing tools are already integrated by default in database systems but have proven to be substandard in ensuring the protection of large scale databases, as they degrade performance and fall short in meeting compliance and security requirements.
Database activity monitoring encompasses the mechanisms and policies that are used to observe, detect and alert in real-time, any fraudulent attempts on manipulating the data in a system, or other undesirable internal or external activities while determining the efficiency of security tools and data policies.
There are a plethora of database activity monitoring tools on the market, but in general, all of them perform the same functions and are usually graded based on their ability to:
· independently monitor and audit all database activity without hindering the overall performance of the system
· secure and store database activity logs in a separate environment, outside the monitored database
· collect and compare database activities from multiple database management systems
· monitor and audit the activity of database administrators to prevent manipulation of data records or logs
By integrating itself between an existing application server and a database system, Modex BCDB can enhance database activity monitoring procedures by providing in-depth tracking of user and database admin activities, record versioning and complex access control mechanisms. Since blockchain records and timestamps any modification made on the data, it provides a highly transparent environment not only for data but also for the user and database administrator activity logs. This feature significantly enhances audit procedures as it offers network beneficiaries a bird’s eye view over system activity.
Facilitating data traceability and record history
In a traditional database system, users can perform the standard CRUD operations (create, read, update, delete), four basic functions of persistent storage that constitute the backbone for interacting with any database. Both relational and non-relational database systems are designed to rely on the CRUD operations to enable basic interactivity. The problem with this approach is that database administrators or users with sufficient clearance can access and modify data entries. This is also available for malicious actors who manage to exploit a security vulnerability and gain access to the database which can lead to numerous problems such as data breaches, corruption and even complete loss of data.
Modex BCDB enables companies to strengthen their database security and enhance audit and reporting operations by facilitating information traceability and record history. Blockchain differs from traditional databases because it is an append-only structure, which means that delete and update operations cannot be performed on existing data.
As such, clients can configure the Modex BCDB system to store all the previous versions of the information in a separate table to simply reporting and audit operations. By default, the database will display the latest version of the information, but by accessing the record history, users can interact with older versions of the data and perform various operations including integrity checks and data analysis.
Due to blockchain’s design, data traceability is available without configuring record history. This is because each data insert in a database has its hash stored in the blockchain network. Even a small modification to an input can drastically change the hash of the information. By comparing the two hashes, an admin can easily determine that the information has been tampered with. But because it is impossible to determine the initial input from the hash digest, they will not know exactly how the information was modified in the database.
About Modex BCDB
Modex BCDB is a new take on blockchain technology which removes the need to invest resources in blockchain training, facilitating fast adoption of the technology in businesses. The solution proposed by Modex is a middleware that fuses a blockchain with a database to create a structure that is easy to use and understand by developers with no prior knowledge in blockchain development. As a result, any developer who knows to work with a database system can operate with our solution, without needing to change their programming style or learn blockchain.
Through our blockchain component Modex BCDB can transform with minimal changes any type of database into a decentralized database that holds the same valuable characteristics inherent to blockchain technology: transparency, increased security, data immutability, and integrity.
Every enterprise is reserved and unwilling to make changes to its database, and for good reason, as data loss or data corruption constitute major risks. Modex BCDB doesn’t work by deleting the existing database, or data entries. The database is maintained intact throughout the process, data integrity is ensured by calculating the metadata of the records and storing it on the blockchain. Moreover, the system does not restrict access to the blockchain or the database, so when a developer needs to make a reporting or ETL transformations, they can always perform warehouse analytics by accessing the database directly.
This is because Modex BCDB has been purposely designed to be agnostic. With our solution, clients can set up a network, regardless of the type of database employed. In a consortium, each company can maintain what type of database they prefer (Oracle, Microsoft, IBM, Mongo DB, Elasticsearch), and connect them through a blockchain-powered network to ensure cohesion, availability while protecting corporate interests.