Copied


Operational Security Pillars for Blockchain Apps: A Guide

Darius Baruo   May 22, 2024 02:36 0 Min Read


With the rise in digital assets, security breaches, and hacking incidents, operational security has become a critical concern for businesses in the blockchain space. According to a blog post by Fireblocks, there are four primary operational security pillars that businesses should consider when building blockchain applications.

1. Building Your Team with Trust

Firstly, it is fundamental to build a trustworthy team. The team should be carefully selected, with thorough background checks and reference validation. The team members should have well-defined roles and access controls to prevent insider threats. Implementing multi-factor authentication or hybrid security keys for off-chain activities is also recommended.

2. System Design: Map and Monitor All External Infrastructure Dependencies

The second pillar emphasizes the importance of mapping and monitoring all external infrastructure dependencies. These could include components of your tech stack developed outside your core team. From a security perspective, key management is among the most critical systems to implement. The blog post recommends working with a proven and audited vendor with in-depth expertise in this area.

3. Continuous Improvement: Build with Security in Mind

The third pillar encourages continuously improving security measures, especially during the MVP and production phases. This could involve testing the team and code, defining key invariants for modules and methods, and documenting them. Once the product is in production, it's essential to maintain security vigilance. This might involve developing a bug bounty program, ensuring operational security for CI/CD when patch-gapping for open-source software, and testing and documenting invariants for all code commits and releases.

4. Red Teaming and Incident Preparedness

The fourth pillar involves red teaming and incident preparedness. Even with perfect execution of the first three pillars, breaches can still occur. Therefore, businesses should have a well-planned incident response plan in place. This involves thinking like a hacker, identifying potential security gaps, documenting them, and creating a suitable plan to address these issues if they arise.

The blog post concludes by emphasizing that building an effective security posture takes time, effort, and practice. Adhering to these four security pillars can significantly protect businesses, investors, and customers from both internal and external threats.


Read More