Blockchain Data Security and ‘BYOID’: Hacker’s Nightmare
New data breaches seem to happen every day. Consumers are frustrated by lack of control over their information once it is shared. Enterprises work tirelessly to avoid becoming the next victim of a breach that thrusts them into the news for all the wrong reasons, especially when many breaches occur due to the security lapses of their vendors.
To give both consumers and companies more control over the information they share and store, blockchain-based technology has made possible the concept of “Bring Your Own Identity” or BYOID. It allows the consumer or employee to keep of their identity information within their own device, with their ID verified using the blockchain as an immutable ledger that’s incapable of being compromised.
Blockchain Technology for Identity Management
The blockchain is typically associated with the technology behind bitcoin and other forms of cryptocurrency; however, as an immutable digital ledger on which exchanges are recorded chronologically and publicly, it can be programmed to record any valuable information, including records of an authenticated identity. The blockchain database is not stored in any single location, meaning its records are truly public and easily verifiable. No centralized version of this information exists for a hacker to corrupt.
BYOID for Consumers
For consumers, BYOID allows them to keep personally identifiable information (PII) on their own devices, such as a smart phone, and use the blockchain to validate their information for a third party, such as a bank. This form of identity management is simple and seamless for the end user, as the technology can be easily integrated into existing phone apps using a software development kit (SDK). Setting up a consumer’s ID is as easy as taking photos of their identification documents, like a driver’s license or passport, in much the same way as electronically depositing a check. Once the user’s identity is verified, signed and encrypted, users can share this information with other users or services using either a QR code or Bluetooth exchange.
Using this method allows data to stay with the user, which gives them the most control over their information and eliminates the necessity for large databases of private PII, a critical target for hackers.
BYOID for Enterprises
For enterprises, there are two ways to incorporate BYOID into their current systems: incorporating blockchain-based identity management into their consumer-facing products and incorporating it into their employee identity management. Allowing consumers to own their data relieves a vulnerable pain point for companies, and incorporating a blockchain-based identity management system (IMS) SDK into existing apps will also allow for a seamless experience for their customers.
Another vulnerability for enterprises is the usernames and passwords of employees, often stored in large databases. By using blockchain-based IMSs, identity management is inverted to be controlled by each user and then shared with the workplace. Because their identities are verified using the blockchain, employees are no longer required to authenticate themselves using usernames and passwords, which can be easily compromised by hackers. It also eliminates the need for large databases storing user credentials – such as usernames and passwords – that are valuable targets for hackers.
Similar to the process for consumers, all identification information is encrypted and stored on employee mobile devices. After employees choose to share their information with their employer, the blockchain acts as an immutable ledger to verify the information and grant access to only authenticated, authorized employees.
For many enterprises, it’s not just employees who could benefit from blockchain-based IMSs. Some breaches can be traced to vendors that don’t have the same level of security as the organization they serve. Solutions that can be extended to partners, sales channels, contractors and customers who need to access the company’s systems should be included in enterprise IMS offerings.
By putting identities and the PII that comes with them back in the hands of consumers and employees through the secure authentication of blockchain-based IMSs, hackers face a now nearly impossible task. This technology eliminates the need for databases full of consumer information or employee usernames and passwords that, once obtained by hackers, are used for ransom or disseminating on the dark web. It also gives consumers peace of mind knowing with whom their personal information is safeguarded and that it all is stored on their trusted mobile devices.
Armin Ebrahimi is founder and CEO of ShoCard, a digital identity verification system.