Web3.0 is here. Will it break security best practices?

Progression in web development can often be defined by how developers utilize emerging infrastructure to solve the problems and shortcomings of the previous era. With the rise of blockchain technology, Web3.0 is shaping up to tackle the data privacy woes that riddle the internet of today.

But what does a new online infrastructure built around user anonymity and activity encryption mean for your business continuity – and how can you adapt your security practice?

How did we get here?

The internet as we know it today is an evolution of roughly three decades’ worth of innovations in accessibility – both for users and businesses.

With Web1.0 in the ‘90s, users could browse static HTML pages, with interactivity largely limited to reading and sharing the webpage. Most businesses needed to host websites and files on their own on-premises servers – an expensive barrier to entry for organizations trying to establish their presence in the online world.

Then came Web2.0 and the emergence of cloud infrastructure. Online data no longer needed to be stored on-prem and, as a result, more organizations and people could create, access, and share content than ever before. With the cloud, Web2.0 was more affordable and ubiquitous than its predecessor. User-generated content took the internet by storm, as seen by the ascension and market dominance of platforms such as Facebook, Twitter, YouTube, and TikTok.

Web2.0 has a data privacy problem

Web2.0’s emphasis on interactivity and engagement inadvertently created a new marketplace for user data. “The businesses behind the internet’s most trafficked websites have found ways to sell users’ posts, keep records of what users engage with, and control what users could interact with and how,” said Mark Roma, SHI Program Director of Web Development.

This brokering of user data means that because these companies and platforms are under constant cybersecurity threats, so is the data of practically all their users. The need for user privacy and safety led to the creation of laws like GDPR. However, the drive for data protection hasn’t ended there.

While Web2.0 solved the limitations of its predecessor, Web3.0 takes on the ramifications of what Web2.0 has become. With the emergence of blockchain technology, Web3.0 will seemingly make the internet more democratized and accessible, while enabling user data to be more private and secure than ever before. The blockchain will potentially shift user experiences away from big platforms, serving direct peer-to-peer or business-to-user interactions.

Because of this, businesses need to prepare for the paradigm shift blockchain and Web3.0 will bring to content consumption, data access, and storage.

The building blocks of blockchain technology

Back in the days of Napster and LimeWire, users could download content (albeit illegally) via a network of computers that all simultaneously shared the same files. The recipient downloaded piecemeal data from thousands of computers at once, so no single machine bore the whole burden of hosting the file.

Similarly, the blockchain is a network of peer-owned machines, all sharing data with users across their network. It relies on a public ‘contract’ which is essentially a program that tells the machines on the network what to do (what files to share, what programs to execute, etc.). A virtual machine then processes those ‘contracts’ – what happens beyond that VM is encrypted, so the entire story of what data is being shared and who is sharing it is completely hidden from view.

Roma has already observed products and services capitalizing on users’ heightened concerns over their data privacy and ownership. “One paradigm I’ve seen allows users to block advertisements from big companies and then anonymously sell their data to buyers of their choosing,” said Roma. “They get rewarded a nominal fee for selling information such as which websites they visit, how long they stay on the page, which products they’re interested in, etc.”

Therein lies the appeal of blockchain technology and Web3.0 – users’ data and activity can be more easily encrypted, and users can regain control of what happens with their information.

Is there such a thing as too secure?

In the now-famous story published last year by The New York Times, cryptocurrency investor Stefan Thomas lost 7,002 Bitcoin – worth roughly $220 million as of January ’21 – in perhaps the most frustrating way possible. He forgot the password to the encrypted hard drive that contained the keys to his digital currency wallet. To make matters worse, the encryption software only allowed 10 guesses before it made the data inaccessible forever.

Blockchain applications, as Roma states, “make data inaccessible to anyone outside the ‘handshake’ of the virtual contract.” For organizations, this presents a business continuity challenge. If businesses don’t have processes in place to safeguard data accessed and stored in a blockchain environment, you risk losing that data forever if a machine is lost, team members change jobs, or encrypted keys are forgotten.

Without a proper change management and continuity plan, data stored on the blockchain might actually be too secure.

How can you prepare?

While data on the blockchain will be better protected from prying eyes, a single wrong step could result in the loss of mission-critical data. As more organizations adopt this emerging technology, make sure your teams are ready to adapt to future changes along with your new software and practices.

When these changes happen, you’ll likely find that adoption won’t occur organically across all your teams. You’ll need a formal Adoption & Change Management (ACM) strategy to connect your teams to new technology while mitigating adoption risks and security gaps.

Read SHI’s recent ACM ebook for expert guidance on supporting technology change and creating an effective ACM strategy. To learn how SHI can further help your organization prepare for the future, speak to an ACM expert today.