Industry Perspectives

RSA's CTO: Bullish on Security, Bearish on Blockchain

Jun 13, 2018 | by Paul Roberts |

There’s no question that distributed ledger technology, known as “blockchain”, is a hot topic. Originally conceived as a means of securing transactions using cryptographic currencies like Bitcoin, blockchain has been embraced by a wide range of academics, technologists and assorted boosters as the future of trust and identity online.

So great is the hype surrounding blockchain, in fact, that companies have turned to it as a kind of magic elixir. Kodak -once among the most esteemed companies in the U.S. - name dropped the technology and saw their stock price jump.

But RSA Chief Technology Officer Dr. Zulfikar Ramzan notes that the hype around blockchain’s potential shouldn’t obscure the reality of the technology and its limitations. In a video conversation I had with Zulfikar on the sidelines of the 2018 RSA Conference, he said that blockchain is well suited to its original purpose: securing crypto currency transactions, where decentralization, privacy and immutability are top concerns. However, that combination of priorities isn’t common to other context.

And that means blockchain’s success in securing Bitcoin and other online currencies doesn’t make it a good fit for solving other technology problems, Ramzan said.

For example, blockchain transactions are notoriously slow. The distributed nature of the blockchain means it can take anywhere from minutes to days to settle and clear a Bitcoin transaction. That’s not a good fit for - say - e-commerce, Ramzan notes.

“If you buy a book online, you’re not going to wait for four days to validate the transaction,” Ramzan noted. “And if something goes wrong, you’re going to want to call the vendor,” something blockchain’s premium on anonymity makes difficult, Ramzan notes.  

“People think we can use (blockchain) for all these other applications, but I see it as we have this brand new hammer and everyone is looking around for different kinds of nails,” Ramzan told me.  “It’s useful for cryptocurrencies, but it’s not clear to me how useful it is for real world applications.” And, while it may be possible to fit the square peg of blockchain into some round holes, it becomes difficult to justify doing so when other applications and technologies are better suited.

It’s that “silver bullet” lesson that the security industry often finds itself having to re-learn. “Not every problem can be made better with a single tool,” Ramzan told me.

Which isn’t to say Ramzan is bearish on the information security industry as a whole. To the contrary.

“We’re seeing more and more companies take a risk-oriented approach,” he said. “They’re talking about third party risk and addressing that. The other thing that’s exciting is orchestration and automation,” he said. “We’ve seen a lot of companies spend a lot of money on cybersecurity technologies over a long period of time. Now they’re ready to reap the reward of those investments...But they have to be able to prove the return on investment to the people who gave them those dollars,” he said.

Check out our full conversation!