As Bruce Schneier, security expert, notes “the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.”
That one of the worlds most secure protocols, which has led to billions of dollars of investment is regularly subject to hacks and breaches is very surprising.
Many blockchain advocates and developers falsely assume that the security of the blockchain protocol extends outwards and encompasses all aspects of an application or platform. Nothing could be further from the truth.
While Blockchain has intrinsic meta security – through distribution, its main weak point manifests at the client level – where transactions are executed and where crypto currencies and traded and stored. Invariably these actions occur online and that is often where problems lie.
There is a lot of misleading information is all over when it comes to cryptocurrency and Blockchain technologies.
The same applies for example to those cloud providers i.e. aws, gcloud, azure, rackspace, heroku, digitalocean and so on. Many assume that their cloud provider – such as Amazon Web Services (AWS), Microsoft Azure or Google Cloud – are responsible for their security. This assumption is wrong. They are simply facilitators in terms of IT infrastructure.
One has to distinguish between managed and unmanaged services. AWS are responsible for the global security of the entire cloud infrastructure, but they make it very clear that their clients are still individually responsible for securing their own data. So what does this mean?
AWS clearly states that it will address “security OF the cloud” – compute, storage, database, networking, and global infrastructure. Amazon is responsible for the physical security and the hosts servers, so called hypervisors, but they are not responsible for your network or your own server instance.
Who is responsible for security? Often IT teams incorrectly assume that because they have a trusted third party in charge of their infrastructure, that vendor will also manage security. Like the small businesses who assume that their web developer is on top of security, large business often assume that the public cloud is secure and that this is managed by their vendor.
Most security comes down to traditional security, configurations, human error, not being aware of what is going on security-wise and no matter what sophisticated blockchain system you build these weaknesses will be always efficient in terms of breach and intrusions.