How Secure is Blockchain? - On24

2 downloads 169 Views 1MB Size Report
Jun 6, 2017 - Discuss the cloud and associated security aspects ... Microsoft cloud services have the largest ... Blockc
How Secure is Blockchain? June 6th, 2017

Before we get started... • This is a 60 minute webcast • For better viewing experience, close all other applications

• For better sound quality, please use headphones • You can enlarge slides by clicking on the box in the upper right hand corner of the slides

2

A few reminders To download slides and marketing information, click on Resources Use the Q&A box on the upper left to ask questions during the webcast If you experience technical issues, click on the yellow question mark Help icon

3

Here with you today Grainne McNamara

Tim O’Donnell

Principal PwC

Managing Director PwC

Daragh Morrissey

A. Michael Smith

Worldwide Director for Blockchain Microsoft

Partner PwC

Michael Glaros Senior Program Manager Microsoft

4

Objectives 1

Overview blockchain and the opportunity it presents Discuss the cloud and associated security aspects

2

5

3

Examine the new complexities that blockchain implementation adds to the cloud environment

4

Review best practices for blockchain implementation

Evaluate what this technology means for risk assurance

5

Blockchain can enable profound business and operational transformation What is Blockchain? A blockchain is a decentralized ledger of all transactions in a network. Using blockchain technology, participants in the network can confirm transactions without the need for a trusted third party intermediary

6

Blockchain interest and adoption is growing…

Blockchain is moving out of the lab… …55% of Global FinTech Survey respondents are planning to adopt blockchain as part of a production system or process by 2018

77% of respondents are planning to adopt blockchain as part of a production system or process by 2020

7

…however, there are a number of hurdles to adoption

Blockchain Maturity

Customer Adoption

Security Concerns

Fragmented Field

Interoperability

Legal and Regulatory Compliance

8

Microsoft cloud services have the largest compliance portfolio in the industry

9

There are many layers to consider in a secure implementation

10

First build the foundation, then secure the pillars

11

Take into account blockchain specific security concerns in addition to traditional security concerns • • • •

Traditional Security Concerns

Blockchain Specific Security Concerns

Key Management Weak Cryptography Data Privacy and Confidentiality Vulnerabilities in Code

• Consensus Hijack • Sidechains • Distributed Denial of Service (DDoS) Attacks • Wallet Management • Scalability • Smart Contract Management • Interoperability • Governance Controls • Lack of Anti-fraud/Anti-money Laundering Capabilities

12

Assess the entire technology architecture of a blockchain initiative Technology Architecture

1 Services and Applications

2 Blockchain Platform

3 Technology Infrastructure

Security Challenges Services and Applications – Design and Implementation • API and code security • Malicious transactions (smart contracts, wallet management) • End-point / application vulnerabilities (fraud, identity management) • Vulnerability management and defences against malware

Blockchain Technology • Code flaws and bugs • Design risks (consensus hijack, interoperability, sidechains) • Distributed denial of service (DDoS) attacks • Governance and access management (in permissioned blockchains)

Development, Infrastructure, and Operations • Infrastructure and network security • Disaster recovery • Incident response

4

Data

Dependent upon the method of implementation, personal and/or sensitive data may be stored and accessed from one or more layers of the technology architecture, presenting additional security considerations such as: • Data privacy and confidentiality (e.g., encryption at-rest and intransit) • Transactions security and storage • Weak cryptography • Key management and protection

13

The goal is to strike the right balance between innovation and security

14

Presenter Bios Grainne McNamara, PwC| T: +1 (646) 471-5347 | E: [email protected] Grainne is part of the PwC Capital Markets team, specializing in effectively delivering large transformation programs at top tier banks. She has over 20 years of experience in running front-to-back programs across divisions at firms such as Goldman Sachs and Morgan Stanley. She has designed and managed large scale implementations through the entire lifecycle. She is an expert at running multidisciplinary teams and in making large programs deliver what the business needs for the transformation, with particular focus on managing the risk and the costs involved with any large transformation. Grainne is responsible for PwC’s efforts in blockchain solutions in financial services.

Daragh Morrissey, Microsoft| T: +1 (425) 553-5584| E: [email protected] Daragh Morrissey is the Worldwide Director for Blockchain @ Microsoft Financial Services. He is an IASA Certified Architect Professional and has extensive experience in Financial Services and presented at Microsoft and Fintech events. In his current role at Microsoft, he is building Blockchain offerings with Microsoft Engineering, partners, and customers.

Michael Glaros, Microsoft| T: +1 (425) 706-2557| E: [email protected] Michael Glaros is a Senior Program Manager with Microsoft Azure's BaaS engineering team where his duties include helping to accelerate blockchain application development for both customers and system integrator partners. Michael's duties include building a risk-aware culture that balances the needs of customers, regulators, auditors, and internal stakeholders; supporting compliance certifications by providing assurance of service team adherence to the risk management program; and integrating the Cloud+Enterprise risk program with Microsoft's Corporate Enterprise Risk Management framework.

Tim O’Donnell, PwC | T: +1 (646) 471-8501 | E: [email protected] Tim has over 26 years of financial services experience – 5 years in money center bank payments operations, 14 years with a technology solution provider to the international banking and capital markets industry, and 7 years in a consulting role around the topic of banking product and operations strategies. He has experience working within banks, such as JPMC and Bank of America. Tim has also had success in bringing innovative payments, reconciliation, data warehousing and investigations solutions to market with companies such as Microbank Software (now part of SunGard) and First Data.

A. Michael Smith, PwC | T: +1 (646) 471-9580 | E: [email protected] A. Michael Smith has over 25 years of experience in IT auditing, cybersecurity, privacy, and regulatory requirements in the IT space. He is responsible for PwC's IT internal auditing services practice in the U.S. for financial services companies, and has led projects in all financial services sectors. His primary area of focus is designing strategies for deploying technology audit in large financial services organizations. Prior to joining PwC, Smith was the global director of technology audit for the Bank of New York Mellon.

15

PwC + Microsoft We have a strategic 360 relationship with Microsoft

www.pwc.com/us/microsoft [email protected] 16

Thank You

©2017 PwC. All rights reserved. PwC refers to the US member firm or one of its subsidiaries or affiliates, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.