Safety Without Silos: Why Businesses Will Learn to Love Public Ethereum

safety-break-scaled
9 July 2019

John Wolpert leads Web3Studio, a unit of ConsenSys. Before joining ConsenSys in 2017, he served as the global product executive for IBM Blockchain and co-founder of Hyperledger.


In 2015, the Ethereum public mainnet launched, followed by a raft of private blockchain offerings targeting the enterprise. This opened the floodgates on companies prioritizing collaboration, funding long-overdue digitization efforts, and extending business processes across corporate borders.

Today, a new epoch of system integration is underway. However, efforts to make blockchain technology enterprise-friendly split the community into two camps: public networks versus private networks. The dichotomy was wrong-headed from the start, making it easy to believe that public blockchain networks shouldn’t be used in confidential business operations and that private networks were safe and secure.

The first belief is wrong, and the second is dangerous.

It’s true that the consensus mechanism of a private blockchain can make it difficult to tamper with information, assuming that the companies maintaining the ledger don’t share a common motive to alter records. But such private blockchain networks are not particularly secure against data breaches, because they must protect many identical copies, each controlled by a different company. That’s a hacker’s dream. This can be managed, and the risk can be worth it, but to say that private blockchains are secure is specious.

Hacking notwithstanding, not everyone in a consortium should know about every transaction or agreement between others operating in that network, even among a tight group of permissioned partners. Private platforms like Hyperledger Fabric try to compartmentalize information inside a permissioned network, but it’s not what blockchain technology was designed to do.

Consequently, they add an immense amount of complexity, and complexity is the enemy of security. The good news is that there is a way to use blockchain technology that reduces system integration complexity, increases security, and improves both resilience and interoperability. And this approach doesn’t require companies to replace internal systems or build “consortium blockchains” that recreate the same old information silos that already plague the business.

Enterprise blockchain must face the following conundrum: on the one hand, we want information transparency across business networks to improve outcomes like food safety and reduce fraud, but on the other hand, we need compartmentalization of information to ensure privacy and encourage companies to participate.

A Common Challenge

This puzzle appears in every kind of business. Advertising. Finance. Manufacturing.

Consider a case from the automotive industry. Say a car part fails and causes a crash. It turns out that the part was made by a machine that happened to malfunction during only one production run. The run made just 50 parts, twenty of which were sent to the maker of the crashed car and the remainder to another car company. It would be great if the investigator of the crash could instantly access the data from the machine that made the parts, know the information had not been altered, and trace the 50 bad parts to each installed car.

That’s a 50-car recall, not a million-car recall. But there’s a problem. The parts manufacturer will not put its internal machine telemetry in a database controlled or viewable by anyone else, certainly not one accessible to competitors. And even if one car maker set up a database and convinced suppliers to use it, the other car maker wouldn’t use it.

A third party that everyone trusts to store their data, manage workflows, and compartmentalize information could handle this scenario. The problem is that it gives someone a lot of power to soak the firms for fees. And inevitably more than one such provider pops up, usually generating incompatible factions that foil standardization.

We could put the whole thing on a blockchain, but then everyone would see all the data, or at least everyone would be executing the code that embodies business agreements between the different companies. And that can give away sensitive strategies, tactics and relationships to other network participants to exploit, even if the information itself is encrypted.

In the end, what makes sense is letting each party manage their own private systems with their own private data, running their own protected functions – but integrating them in such a way that allows them to coordinate where appropriate, quickly track down problems, and ensure everyone is playing by the rules.

To integrate different systems this way requires a common frame of reference. We need a way to pass messages between functions running on separate systems, so that they can work together without having to expose the underlying data or business logic indiscriminately. Using a common frame of reference isn’t a new idea. Publishing messages to a common bulletin board, a magic message bus, is a classic pattern for making system integration more manageable and resilient.

You can buy expensive middleware to do the job right now. And you can pay a system integrator a king’s ransom every time you need to connect one company or department to another with it.

What’s new is the notion of using the Ethereum mainnet as a global integration hub serving systems that work together without revealing private data or confidential business logic, even to partners. One might be tempted to use a private blockchain network for this. But as Paul Brody, global leader of blockchain for Ernst & Young, explains, this is a bad idea for real business:

“One day you get a call from a very large buyer saying, ‘Would you like to join my private blockchain?’ You say, ‘Okay.’ And then you get the same call from your wholesaler, your suppliers, your shipper, your insurance company and maybe even your bank…or several of each of these! Suddenly you are spending all your time – and a lot of money – juggling dozens of blockchains. When the next partner calls, you say, ‘Just fax me the order.'”

Brody asserts that this is why the enterprise blockchain consortium approach doesn’t scale organizationally, and his argument makes a lot of sense. It looks like the same siloed mess we’ve lived with for decades.

But by using a mainnet like Ethereum 2.0, we will be able to treat business integrations more like workgroups and channels on Slack: easy to create, combine and recombine. Your SAP inventory management system, your supplier’s JD Edwards ERP system, and your fancy fintech partner’s blockchain thingamajig can work together in a consistent, repeatable manner without having to set up new infrastructure to accommodate each set of partners.

Who’s Working on It

Venerable firms like Microsoft and Ernst & Young, and projects like Chainlink and the Enterprise Ethereum Alliance’s Trusted Compute working group, are already ahead of this.

The recently released Trusted Compute specification will, for example, allow an automobile safety inspector to query a parts manufacturer, spot a problem with a production run, and be confident the answer is based on authentic information generated by systems free from tampering – without forcing the company to expose their internal data.

The Nightfall project, developed by Ernst & Young, uses the mainnet to post cryptographic proofs for system integration and compliance. The fact that a 150-year-old accounting firm like EY is using the public mainnet this way speaks volumes. And it puts the lie to the notion that you can’t use the mainnet in business. What company could be more cautious about managing private, confidential information than one of the Big Four accounting firms?

In 2015, the enterprise had no real interest in blockchain. Then suddenly, it decided to use private versions of it for jobs that often were a better fit for traditional systems. Now, with the benefit of almost five years of experience, smart businesses are discovering that the real job is putting an end to a half-century of brittle, balkanized and bespoke system integration.

And the right tool for that job is the mainnet.

Barrier breaking via Shutterstock