The difference between a data integrity attack and the large-scale confidentiality breaches so often in the news is that an integrity attack doesn’t steal data, it manipulates and changes mission critical data in-place, tricking the systems and business processes that rely on that data into making mistakes — usually in the attacker’s favor.
With a confidentiality breach, the situation is usually discovered or made public quickly. Data integrity attacks, on the other hand, can fly under the radar for a long time and are far more deadly because they undermine the confidence an organization has in its own decision making. Such an attack can create catastrophic failure, such as the Saudi Aramco attack that wiped out the entire data infrastructure of the world’s largest company. And these attacks will continue.
Blockchains Ensure Data Integrity
The best tool for assuring data integrity is a blockchain. Blockchain-enabled data integrity will open the door to the next great commercial technological disruption because it allows for frictionless, trusted communication not only within a given organization, but among different corporate entities and even across industries. Blockchains can liberate trading partners who are currently mired in a tangle of bilateral API connections or who are beholden to a central data clearinghouse.
In a blockchain, time-stamped entries are made into an immutable, linear log of events that is replicated across the network. Each discrete entry, in addition to being time-stamped, is irreversible and has a strong identity attached. So it is irrefutable who made the entry, when, and with what authorization. Time-stamped entries are approved by a distributed group of validator machines according to an agreed-upon set of standards-based constraints. That is to say, a blockchain has rules.
Once an entry is made and confirmed according to the rules in the validation process, the entry is replicated and stored by every node in the network, eliminating single points of failure and ensuring data resilience and availability.
In summary, blockchain-secured data has provable integrity because the data is attributed to an irrefutable identity, is validated by all participants, is always available and most important, can never be changed.
Take insurance, for example. Insurance claims involve at minimum the claimant, the insurer and the banks moving funds. Within those primary players’ organizations, multiple smaller parties also touch or view the claim data. Each party has their own set of data, stored in a separate silo. Each party has to conform their claim data to the standard required by the other parties. And each party has to authenticate, submit, verify and reconcile the data. Even after payment is complete, there must be reconciliation. If there are errors, the process restarts.
Now imagine these claims are instead managed on a blockchain network. Each party has user rights, including the ability to update the status of a single claim document shared by all parties. Each user now has the same view of the claim data and can act according to this trusted set of information. All of the blockchain activity has strict chronology and is tied to user identity, and this log is immutable because of how these events are validated, recorded and shared. By reducing reconciliation cycles and irrevocably recording all activity, blockchains introduce increased efficiency to claims processing. Multiply that efficiency times the millions of insurance claims filed annually, and it becomes clear how billions of dollars in value can be realized.
Blockchain Integrity Enables Business Automation
Because the promises of data integrity and security are so strong, systems can be built to share blockchain-enforced data among organizations who may not trust each other. And once an ecosystem has shared data that everyone can trust in, new automation opportunities emerge.
Smart contracts on blockchains allow parties to create automated processes across companies and industries. Cross-industry workflows involving data moving around among multiple parties in an ecosystem are prime opportunities for these applications. Now an entire new class of applications that couldn’t exist before can be created. (In my next article in The Distributed Ledger, I’ll explore how smart contracts can achieve cross-industry workflow automation.)
The implications of blockchain-based data integrity are enormous and applicable to every industry, because every industry uses data. Revamping health care records, expediting financial transactions, tracking carbon impact data, streamlining supply chain applications and confirming provenance of luxury goods are just a few examples.
For the first time, it is now possible to build a global repository of data within industries that each party can trust reliably. Gone are the silos and separate, differing views of the world. Every company now has the same data, shared transparently—the same view of the world. There is one canonical log of events, only one truth, and everyone agrees on it.