Network Automation & EOS
The Requirement
Executing changes for clients security devices is not as simple as connecting to a device, working out what needs to happen then just rolling with it and making whatever change is required. Enterprise clients who process credit/debit card transactions and potentially store this data must adhere to the PCI/DSS compliance model ( Payment Card Industry Data Security Standard) along with the underlying infrastructure. Without going into details on what these requirements are, we can say they are strict, specifically for firewall/ and IDS/IPS changes.
The provider of the servers and infrastructure must be able to produce on request full change log history that includes:
- What was changed?
- Who made the change?
- Case Number for tracking.
- Time and date changed?
The above is not an exhaustive list but works for our discussion. Most of the time, databases housed on locally or on remote NAS drives with firewalling allow specific access from permitted devices store this data. Security is an art as much as it is a science, you will never be able to stop all attacks as those in the security industry know too well, many zero-day exploits have caused carnage among major companies. Then we have the threat from within, disgruntled employees leaving backdoors in the various systems so they can gain remote access at a later date modifying data to get retribution.
A Potential Solution
So I think I have set the scene, so why and how does this link to EOS. Let's say an organization wanted to store these change logs on a privately hosted EOS network within an isolated intranet. A smart contract could create these entries and then make them immutable as they are now transactions on a blockchain. Creating logs in this fashion makes nearly impossible for an attacker to change the data as they would need to rewrite the entire chain for the efforts to take hold.
EOS is an open source project which means this solution is viable and extremely practical, I would love to sit down with a compliance officer and when he asks the Question
How do you limit access to change logs within your organization so they cannot be modified?
If I had EOS running and storing my data within my group, I could respond with
I'm sorry, do you not understand how blockchains work sir, these entries are immutable, so I would love for you to tell me how it would be possible for anyone to change them.
I could then stand up and moonwalk out the door (not that I can moonwalk, but I would give it my best attempt for sure)
I am under no illusion that EOS is impenetrable, but please let me fantasize if only for a moment.
Summary
Why EOS and not Ethereum?, is the rebuttal I am expecting.
Well, that is an easy answer to give. Currently, Ethreum could not handle the transactions per second needed to scale to larger Managed services providers needs. Think about incorporating ticketing system access, CMDB's, and verifications; it is just not able to withstand load. Also, the ability to upgrade EOS without the need for hard forking is a deal clincher here, continuity and reliability is paramount with this kind of data.
EOS is not quite there yet in my opinion, but it is close, and the roadmap outlined by Blockone includes features that would only extend the functionality (IPFS integration).
In later posts, I will list all the applications that we would need to make this idea a reality and see if it would hold up to my theory. I hope so; these PCI 'interrogations' are not fun for sure.