IBM Destination Z - Group home

Blockchain as a Service on mainframes

By Trevor Eddolls posted Wed December 09, 2020 03:18 AM


It wasn’t so long ago that blockchain was simply a way of transferring bitcoin cryptocurrency. These days, many people associate bitcoins with paying ransoms when your IT infrastructure has been hacked! But blockchain is much more than that. Wikipedia says that a blockchain is a growing list of records, called blocks, that are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree).

And if you don’t know what a Merkle tree is, Wikipedia tells us that it’s a tree in which every leaf node is labelled with the cryptographic hash of a data block, and every non-leaf node is labelled with the cryptographic hash of the labels of its child nodes. Good to know!

The important thing about blockchains is that they are very secure. It’s impossible (if anything can be impossible in the world of zeros and ones) to change the data in a block because any hacker would also need to change all the subsequent blocks.

Blockchains can be used as a way of storing any kind of secure data, but initially it was used as a distributed ledger. This tended to be managed by a peer-to-peer network collectively adhering to a protocol for inter-node communication and validating new blocks. The thing about storing data on a peer-to-peer network is that it eliminates the risks that typically come with data being held centrally It has no central point of failure. Every node in a decentralized system has a copy of the blockchain. Data quality is maintained by massive database replication and computational trust.

So, why would you want to have blockchain on a mainframe? IBM tells us that mainframes will protect digital asset transactions. The mainframe can protect data at rest or in flight and run 19 billion encrypted transactions a day. Mainframes provide high performance at scale because it can exploit 190 cores and 40TB memory, and achieve up to 99.99999% availability. In addition, there are the benefits from open-source collaboration, which can accelerate real-time exchanges, even in regulated environments.

If you’re running blockchains on a mainframe then it’s almost certainly a private (or permissioned) blockchain rather than a public blockchain – like those used for bitcoin transactions. So, mainframe blockchain users probably aren’t sharing their data with the rest of the world. What they are getting are all the usual advantages of using a mainframe – reliability, availability, and serviceability – for their own internal use.

Blockchain as a Service (BaaS) is based on the idea of Software as a Service (SaaS). Consumers of the service can use cloud-based solutions to build, host, and operate their own blockchains, while the cloud-based service provider keeps the infrastructure agile and operational.

So, why is the US Defense Information Systems Agency (DISA) interested in this? DISA are the people who produce STIGs These Security Technical Implementation Guides “are the configuration standards for DoD (Department of Defense) and IA-enabled (information assurance) devices/systems. The STIGs contain technical guidance to ‘lock down’ information systems/software that might otherwise be vulnerable to a malicious computer attack.” So, for them, security is very important, and blockchain provides excellent security. DISA has announced that it’s looking for help to develop a blockchain-as-a-service (BaaS) offering on mainframes for its mission partners.

DISA is looking at BaaS to improve business processes across its networks by reducing the amount of manual work needed to track data and assets across silos. It will also improve data accuracy and make the information available quickly as a strategic asset. DISA also suggest that using BaaS would allow information to be selectively “shared among participants, enabling everyone to gain insights, accelerate informed decision-making, reduce the friction and cost in data exchanges, and add new network members and data processes/workflows with relative ease”.

At the moment, DISA just wants to find out what’s currently available that it could use. They do have certain criteria that needs to be met. So, obviously, it must run on Linux s390 architecture. In addition, the system must support FIPS 140-2 Level 4-compliant encrypted sessions and role-based access controls, containerization, and deployment in an air-gapped environment.

If DISA is looking at blockchain on a mainframe, this is going to impact contributors to DISA. It also signposts the best way to approach the problem of security of data for other organizations for whom data security is so important, such as financial institutions and healthcare organizations.

IBM Ponemon’s Cost of a Data Breach report 2020 highlighted healthcare organizations having the highest costs associated with a data breach. This average that a healthcare breach costs an organization is US$7.1 million. The second costliest industry is the energy industry, where security breaches cost firms US$6.39 million on average. For financial institutions, the cost of a breach averages at US$5.9 million. Clearly, anything that makes their data more secure must be worth