The success of blockchain technology in securing cryptocurrencies doesn’t make the technology a good fit for securing the Internet of Things, RSA Security Chief Technology Officer Zulfikar Ramzan says. Check out our exclusive conversation with Zully about IoT, blockchain and the state of the information security industry.
I had the opportunity to work with RSA Security* during the recent RSA Conference in San Francisco and, as part of that, got access to some of that company’s amazing security minds for interviews and a few “on the show floor” videos. That included this conversation I had with RSA Chief Technology Officer Dr. Zulfikar Ramzan about the state of the industry and – of course, of course – the hype surrounding blockchain, the distributed ledger technology that girds Bitcoin and other crypto currencies.
As you know if you’ve been reading your Security Ledger, blockchain is often talked about as a kind of magic elixir that soothes the Internet of Things’ many security pains. Among them: identity, authentication, data integrity. The way that block chain bypasses central “authorities” (like CAs) and taps distributed populations of devices to verify the integrity of transactions is certainly promising. But blockchain has its limitations, as well, as we’ve noted before.
I asked Zully about this and he said that the potential of blockchain shouldn’t obscure the reality of the technology and its limitations. Blockchain, he told me is well suited to its original purpose: securing crypto currency transactions, where decentralization, privacy and immutability are top concerns. However, that combination of priorities isn’t common to other contexts. And that suggests that blockchain’s success in securing Bitcoin and other online currencies doesn’t make it a good fit for solving other technology problems, Ramzan said.
[ Listen to this: Podcast Episode 92: Uncle Sam Ices Tech Acquisitions and RSA Conference 2018 ]
For example, blockchain transactions are notoriously slow. The distributed nature of the blockchain means it can take anywhere from minutes to days to settle and clear a Bitcoin transaction. That’s not a good fit for – say – e-commerce, Ramzan notes.
“If you buy a book online, you’re not going to wait for four days to validate the transaction,” Ramzan noted. “And if something goes wrong, you’re going to want to call the vendor,” something blockchain’s premium on anonymity makes difficult, Ramzan notes.
“People think we can use (blockchain) for all these other applications, but I see it as we have this brand new hammer and everyone is looking around for different kinds of nails,” Ramzan told me. “It’s useful for cryptocurrencies, but it’s not clear to me how useful it is for real world applications.” And, while it may be possible to fit the square peg of blockchain into some round holes, it becomes difficult to justify doing so when other applications and technologies are better suited.
(*) Disclosure: Security Ledger’s coverage of RSA Conference was sponsored by the following organizations: RSA Security (a division of Dell), LookingGlass Cyber Solutions, Qualys Inc., Pulse Secure Inc., DigiCert Inc., and Keysite Technologies. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.