From our work with telcos on building a global blockchain network, we have identified a few areas to think about regarding risk in implementations:
1. Understanding what data is shared, and what is kept private (to a telco, or to specific partners)
- In blockchain networks, some data is shared by all and some is private, it is important to map which data will be viewable by who and understand how that fits into your privacy and security policies. This is sometimes a simple "Whats on the shared ledger?" question, and sometimes may be more nuanced (eg. when using zero-knowledge proofs, or storing hashed data).
2. Controlling encryption keys
- As blockchain systems tend to depend on certificates and private keys, its important to understand how keys are stored and protected. This is not different than SSL keys or other encryption keys.
3. Protecting the Telco's DBs and network
- Some data is stored privately, and in this sense (as mentioned above) there are the same security considerations as any other internal system with a database - backup, recovery, user accounts, network segmentations, etc.
- Effective blockchain networks bring together many distinct parties into as single shared network, with sometimes competitors and companies who don't know each other collaborating. Its important to understand the way the network will be run both from a technology/consensus perspective (eg. validators/sealers/notaries, choosing the DLT technology, upgrading, etc), and from an organization perspective (eg. dealing with bad actors, who can join).
5. Adoption / Interoperability and Lock-in
- Blockchain networks create the most value, when they have wide adoption. It is important to understand how the network will achieve wide adoption across partners who (as mentioned above) may be tough to get to align. An aspect to explore is how interoperable the specific implementation in, and what freedoms participants have in running, implementing and integrating. If the network is beholden to a single powerful entity, this may create negative centralization effects (such as centralization of risk, higher costs, less adoption, lack of innovation and flexibility, etc).
Beyond these, it is always important to explore the technical characteristics such as performance, scalability, agility, flexibility, features and operational model - but these are true for any new technology or implementation.
We at Clear are building software that uses blockchain technology to make the the wholesale trading and settlement process frictionless using automation, guaranteed smart contracts and cutting edge tech (and some cool math), and have been carefully considering the above risks in design and implementation.
There are also companies (such as TBCASoft mentioned above) doing this for things like mobile payments, some carriers working on blockchain-as-a-service for enterprise customers and many more.
As with any new technology, it looks like there will be a smart and careful learning process for risks and for benefits, however the trend we see is that there are robust solutions today, and we are working with leading carriers today on implementing a robust, global implementations.
I would be happy to discuss further if this is interesting to you.
Sent: Jun 13, 2019 09:35
From: suzanne powell
Subject: blockchain risks and telco
I have been hearing how blockchain is well suited for Telecoms companies but what are the risks? Are there any?