As part of the 2019 Thales Data Threat Report, intelligence company IDC surveyed 1,200 executives in November 2018, of which 100 were from U.S. Federal Government departments. It found that 47% of government respondents are already using blockchain with another 40% planning to do so. But the most shocking discovery was the appallingly low usage of encryption to secure most databases.
When it comes to storing sensitive or regulated data on blockchains, more than 30% of government users said they did so, scoring slightly higher than enterprise counterparts.
It also revealed the top security concerns about blockchain. The risks include the potential for user account credentials to be compromised, improper use of public ledger controls resulting in exposure of private data, insider risk and the compromise of an exchange provider. In the diagram below, responses from all 1,200 people surveyed are compared including enterprise executives in healthcare, retail and financial services.
IDC highlighted that given the relative newness of blockchain technology, respondents are likely not as familiar with the security issues.
Outside of blockchain, the report noted that in the past most government spending on security focused on protecting the perimeter backed up by device-level defenses within the firewall. But with the increasing use of cloud solutions, the emphasis is now more equally spread between network, data and application security.
Given the greater emphasis on data security, one might expect pervasive use of encryption. But the most shocking revelation is the low use of encryption (unrelated to blockchain), both within government and enterprises. The highest usage was to encrypt data on PCs, but even then it is only 35% for government and just over 30% globally. Database encryption was particularly low within the government at just over 20% and enterprises closer to 30%.
Apart from the survey, Thales has been working with Accenture on an aerospace supply chain blockchain. And its newly acquired subsidiary Gemalto is heavily involved in blockchain including for identity.