The impact of crypto-currency risks on the use of blockchain for cloud security and privacy

A great many cloud users face a difficult challenge in respect of the forthcoming EU General Data Protection Regulation, which comes into effect on 25th May, 2018. While all computer systems are continuously under attack, those who operate conventional distributed network systems stand a far greater chance of being able to demonstrate compliance than those who use cloud based systems. The main reason for this discrepancy between the two approaches is down to the as yet unsolved cloud forensic problem, meaning many cloud users will be completely unable to demonstrate compliance with the new regulation, thus exposing themselves to potentially massive fines after 25th May. We consider the possible use of a crypto-currency based mechanism to address the as yet unsolved cloud forensic problem. Crypto-currencies are becoming a global phenomenon, gaining more attention from media, venture capitalists, financial and government institutions. We focus on the operational risk and the market risk related to crypto-currencies, especially the dominating Bitcoin. Operational risk encompasses the actions that undermine the technological infrastructure and security assumptions of crypto-currencies. We discuss how blockchain technology could improve the efficiency of financial infrastructures, as well as the inevitable vulnerabilities of operational risk of software, open-source governance, and code maintenance. We summarise the literature findings on the co-movement of crypto-currencies with different currencies, indices, and commodities, to show the role of crypto-currency as a commodity, currency, or a speculative investment under portfolio diversification theory. Particularly now that we have seen successful attacks on crypto-currencies in action, it is important to understand where these weaknesses lie, and to endeavour to find out to what extent the use of such technology might expose companies using this technology for GDPR compliance. In the light of the robustness of this approach, we consider whether the underlying blockchain technology could, in turn, be practically applied to addressing the cloud forensic problem. This paper looks at the pros and cons of the blockchain/bitcoin approach, seeking to identify weaknesses, potential benefits offered versus the additional resource costs/latency involved, and considers whether such an approach might be used to secure cloud forensic trails.