Risk and control considerations for blockchain technology
By CohnReznick, a member of Nexia International.
Over the past few years, we have seen disruptive technologies profoundly change how business is done and services are delivered. Among the latest disruptive technologies is blockchain. No matter whom you talk to, what conferences you attend, or which internet sites you visit, blockchain is at the forefront of almost every conversation and on the minds of many executives.
Cryptocurrencies, perhaps the best-known application of blockchain, are gaining in popularity. Meanwhile, other applications and initiatives that use the underlying blockchain technology are currently being designed, built, and prototyped. Organizations in many industry verticals are enthusiastic about blockchain and believe that there could be numerous adoptions, applications, and uses of the technology to enhance efficiencies, effectiveness, and, in some instances, remove roadblocks to improve sharing of data, streamline operations, and enhance the quality of data and services.
But as blockchain goes mainstream, many unanswered questions remain, along with risks that may not have been fully considered. Some of the questions and risks concern implementation of the technology within an existing IT environment and challenges around data security and privacy.
To begin, let’s define the technology. Blockchain is a type of distributed ledger that enables records to be stored and sorted into blocks. It’s a type of a database, but unlike a centralized or decentralized database stored on one or many servers, blockchain is installed on individual IT assets of the users of the database. The best way to understand blockchain technology is to imagine a collaborative spreadsheet (database) that is currently open in 10 locations by 10 different people. Each IT asset has an identical copy of the database and is updated in real time as transactions are executed. Every time a user in the chain updates the spreadsheet, the change is reflected on each of the other nine open versions of the spreadsheet, thereby preserving the integrity of data across the chain. No transaction can be erased or changed, a feature that is called immutability, and every transaction is anonymous. Simply put, blockchain is a network of many separate instances of the same database that ensures data integrity across all instances. This protects data against malfunction, natural disaster, and/or malicious activity.
There are three different types of blockchains: permissionless, public permissioned, and private permissioned.
Download the publication here.
For further information on any of the matters discussed in this publication please contact CohnReznick’s experts:
Principal, Technology Risk and Compliance Leader
Principal, Cybersecurity and Privacy Leader
Or visit CohnReznick’s Cybersecurity page here.