Many companies have moved beyond simple experimentation into proof-of-concept and use-case development. A small but rapidly growing number have even started to move blockchain solutions into production.
As more organizations look to achieve value from blockchain, it has become apparent that they need a consistent framework for assessing security and technology risk of blockchain solutions across their full life cycle, from design to production deployment.
The reality is there is no one-size-fits all approach for leveraging blockchain. While they might have the same general functions, different blockchain platforms may also have different security and technology risks. To this end, companies should not make assumptions as to what a blockchain is capable of doing, or how safely and securely it can complete a specific task. Organizations need to evaluate the various solutions across their life cycle to make sure it fits their needs and risk appetite.
Understanding the two types of blockchains
Implementing blockchain? Get it right the first time
Although every blockchain implementation is unique, they will typically incorporate the following characteristics or some combination thereof:
Immutable digital ledger: An unmodifiable and persistent record of transactional activity using well-known, trusted, and tested cryptographic principles.
Consensus mechanism: Mechanisms whereby independent participants have an agreed upon method as to how transactions are executed and added to the blockchain without relying on intermediaries.
Identity and ownership: While identity may not always tie to a real-world identity, blockchain typically relies on these concepts via cryptographic principles to prove the ability to interact with the blockchain and demonstrate ownership.
While these characteristics offer exciting possibilities, the challenge is that they also bring with them their own specific risks. For example, with blockchain’s immutability, data on a blockchain cannot be deleted. In a use case where customer information is included in a blockchain transaction, blockchain participants may find themselves in breach of privacy regulations (e.g. as General Data Protection Regulation (GDPR) Article 17) if they cannot comply with a request of a customer enacting their ‘right to be forgotten’.
KPMG’s blockchain assessment solution is designed to help organizations understand and assess the full scope of security and technology risks associated with blockchain initiatives they undertake or applications they are working to implement. The solution is designed to span the life cycle of security and technology risks pertaining to blockchain.
The solution also allows you to evaluate the level of maturity of controls related to in-use blockchain solutions. By evaluating the maturity level of existing risk controls, organizations can determine where they are well protected and where they need to establish stronger controls.
The excerpt was taken from the publication entitled Realizing blockchain’s potential.
© 2020 R.G. Manabat & Co., a Philippine partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.