Enterprises in financial services, education, and health care see the tremendous potential behind the blockchain technology -- the one powering Bitcoin and other digital currencies -- but have been held back because of regulatory and data security concerns. IBM took the first step toward making blockchain ready for business with a new framework and service offerings for IBM Cloud.
Blockchain isn’t just for Bitcoins and other digital currencies, as its public ledger system can be used to record any kind of transaction. The ledgers are stored concurrently in multiple locations and the entries are cryptographically signed to prevent anyone from modifying them. Blockchain provides an auditable trail of all the transactions and removes the need for a trusted middleman to oversee them. Consider the benefits for real estate, financial, contracts, and even health care.
But blockchain, as it stands, doesn’t meet regulatory and data security requirements. For example, enterprises have to know everyone involved in the transaction, something that can’t be done with the semi-anonymous nature of public blockchains. IBM’s new framework and blockchain-based cloud services address the specific requirements, such as offering a permissions-based blockchain network with defined user roles.
"Clients tell us that one of the inhibitors of the adoption of blockchain is the concern about security," said Jerry Cuomo, vice president of blockchain at IBM. "While there is a sense of urgency to pioneer blockchain for business, most organizations need help to define the ideal cloud environment that enables blockchain networks to run securely in the cloud."
Many organizations have blockchain experiments, but they can’t move into full-scale production environments so long as the cloud environment is not optimized for blockchain. If one instance within the cloud environment is not secure, the blockchain network running in that environment is at risk for tampering, breached confidentiality or data leakage.
The transaction keys used to sign ledger entries need to be securely managed, and there has to be proper role-based management tools to control who has access to the ledgers as well as their level of visibility over the network. There has to be a way to audit all transaction logs, and a way to restrict host administrators from accessing the ledgers. And finally, blockchain relies on cryptography to sign and protect individual entries, which can negatively impact overall processor performance if the cloud environment is not properly optimized.
IBM has taken elements of Linux Foundation’s open source Hyperledger Project, has tested the code and certified the framework as secure, and is making all of it available in a dedicated environment within IBM Cloud.
The cloud services have been optimized for cloud-based blockchain networks by providing an auditable operating environment with comprehensive log data, necessary for forensics and compliance. Cryptographic keys are secured in tamper-resistant storage. The modules also detect and respond to unauthorized attempts to access the keys. Members in a blockchain network do not share any aspect of the operating environment, such as memory, disk drives, or hardware to prevent data or memory leakage.
IBM’s framework considers industry standards such as Federal Information Processing Standards (FIPS 140-2), Evaluation Assurance Levels (EAL), Sarbanes-Oxley (SOX) Act, Health Insurance Portability and Accountability Act (HIPAA), Gramm Leach Bliley Act, Federal Information Security Management Act (FISMA), and the European Union Protection Directive so that government, financial services, and health care organizations can securely build and use blockchain networks.
The company is also expanding blockchain services on the Bluemix app development platform to give organizations the necessary tools to quickly get started developing and testing blockchain applications. Organizations don’t need to be experts in how blockchain technology works since IBM will take care of running them, freeing up developers to focus on developing their own applications.
IBM Blockchain on Bluemix gives developers access to the very latest Linux Hyperledger code. IBM Blockchain for Hyperledger is also available on DockerHub, letting organizations run a signed, certified distribution of the blockchain project on different cloud servers and devices.
Organizations also are not sure how to set up secure blockchain networks. IBM takes care of that. It will allow production blockchain networks to be deployed in minutes, running signed, certified, and tested Docker images with dashboards and analytics as well as support. IBM will also provide support and consulting services for anyone looking for help with blockchain.
IBM has made other big moves in blockchain recently. As one of the founding members of the Linux Foundation’s Hyperledger Project, an open source initiative to standardize blockchain tools, the company donated 44,000 lines of code to the project. It has also invested in several startups building blockchain-based services.
Big Blue isn’t the only company looking at ways to enhance its cloud offerings with blockchain-based services. Microsoft has been quietly adding multiple blockchain-as-a-service offerings to the Azure marketplace. Microsoft has a partnership with a consortium of more than 40 banks, including the likes of Goldman Sachs, Citigroup, and Morgan Stanley, granting them open access to Azure and dedicated staff from Microsoft to build blockchain applications. The company has also worked with Ripple, a cryptographic ledger software vendor, and other startups to develop new blockchain applications.
IBM will expand its work on blockchain through new IBM Garages in New York, Tokyo, Singapore, and London, which are focused research labs and will help clients design and develop blockchain networks. BNY Mellon, a global financial institution based in New York, is one such customer.
"With this new initiative, IBM is providing an environment that will allow companies like us to collaborate more easily and more securely and in a more standardized way, which is critical to advancing meaningful use cases for blockchain," said Suresh Kumar, CIO of BNY Mellon.