Reading time: 4 minutes
Digital financial instruments such as Bitcoin are emerging as incremental elements of individual and institutional investor portfolios. Digital assets like cryptocurrency introduce a new layer of complexity with regards to information security.
Traditionally, information security in financial institutions has focused on protecting customer information, preventing cyber-attacks and fighting fraud.
When digital assets are involved, companies must consider a new set of security issues and procedures.
This stems from the fact that the form and structure of digital assets, and how they are stored and traded, are materially different from traditional financial instruments.
We invite you to continue reading and understand the evolution of information security for digital and cryptographic assets.
A new architecture with new security requirements
Bitcoin introduced a new system architecture for transferring value in a digitally native form. This was done through the innovative application of distributed systems, new models of economic incentives and the application of cryptography.
The application of cryptography has introduced an incremental layer of complexity in relation to an enterprise’s information security requirements. Companies need to understand the new architecture and develop new processes and systems to meet these requirements.
Furthermore, digital assets are, in many ways, like cash, a bearer instrument. This means that value is irreversibly transferred at the time of physical exchange. Financial instruments, such as stocks and bonds, are usually delivered and stored in bearer form.
That is no longer the case today. Bitcoin’s innovation was to create, for the first time, a digital bearer asset. With this new asset class comes a new risk of irreversible transfer as access and speed increase in the digital arena.
Strong security is vital as cryptocurrency transactions are irreversible
Transactions with digital instruments are managed and effected through software wallets. These wallets perform a variety of functions, including communicating and posting transactions on the network’s Blockchain and securely managing authorization for transactions in a designated account via a cryptographically protected private key.
Wallets also have a publicly visible key to complement the private key. The private key is used to hash or generate the public key. Public keys are a bit like a bank’s routing and account number.
They provide an address for transactions, but do not have authorization rights with respect to transactions through account balances. These transactions can only be conducted using an account’s private key.
Anyone who has the private key can transact on a designated account. As these are digital bearer assets, once a transaction is executed, it cannot be reversed.
Therefore, control of the private key is of paramount importance from a security point of view. There is a saying in the blockchain community: “If you don’t own the private keys, you don’t really own the assets”.
Options to mitigate cryptocurrency security risk
Financial institutions will want to maintain sophisticated offline storage procedures and means, including an approach known as “cold storage”.
Cold storage refers to storing the private key in a manner that is disconnected from the Internet, as compared to hot storing a private key on a computer connected to the Internet.
An example of cold storage could be as simple as a private key being written on a piece of paper. It is important to note that the blockchain does not recognize the difference between a hot and cold wallet.
Cold storage also allows for several layers of enhanced security. These enhancements can include incremental encryption, high-level physical security, and protection from environmental damage. Transactions can also require multiple signatures, which can provide yet another layer of enhanced security.
These strategies are simply layers of self-imposed controls that the owner places between themselves and access to their private keys.
As financial institutions enter the world of digital securities, they must be aware that the form and structure of the financial instrument is materially different from existing assets and requires a new approach to securities.
If an attacker, from the inside or outside, accesses the private key and steals the funds, it is highly likely that the funds will be lost forever. Never before has a string of letters and numbers been so enticing for a hacker to steal.
The tradeoff between security and convenience of the cryptocurrency world
The more controls that are put in place to access private keys, the more difficult it becomes to conduct day-to-day business. But, if few controls are implemented and the assets are ready to be picked by hackers and thieves.
Therefore, there is no one-size-fits-all solution for managing private keys and protecting digital securities. An institution should consider the following issues to properly determine security and process needs:
- Where are you getting your digital assets?
- What is the ideal storage strategy? Owned directly or by a third party?
- If you’re going to hold your assets directly, what’s your strategy to help ensure they don’t get stolen?
- If you are going to use a third party, what guarantees will you receive to help ensure they have the proper security controls in place?
Answering these questions and working with a security partner who understands this new asset class will help determine the unique management solution needed to effectively protect assets without impeding the flow of business.
Did you like this content? We have much more! Follow and share the Lux Capital page to stay up to date with the most relevant content. We are on all social media too: Facebook, Instagram and LinkedIn.