Cloud Security Alliance Provides C-level Executives With Best Practices for Deploying Smart Contracts Within an Organization
May 20, 2022The Cloud Security Alliance (CSA) released Best Practices for Smart Contract Security Hyperledger Fabric. Drafted by the CSA Blockchain/Distributed Ledger Working Group, the report aims at providing C-level executives and other stakeholders with an overview of the benefits, challenges, and opportunities for deploying smart contracts within an organization.
Specifically, the paper provides an overview of the hyperledger smart contract ecosystem, the why’s, when’s, and how’s of threat modeling when working with smart contracts, an overview of common vulnerabilities, and guidance on best security practices. It also includes an Accord Project hyperledger fabric and trade finance use case.
“Smart contracts offer some of the highest level of encryption currently available, meaning users can be confident in the security and authenticity of their transactions,” said Hillary Baron, research analyst and program manager, Cloud Security Alliance. “Increasing numbers of enterprises are taking advantage of the myriad benefits smart contracts afford, however, as these contracts become more detailed and robust, the more surface area is exposed to risk. It’s imperative, therefore, that practitioners deploying legal smart contracts should understand the risks associated with their execution.”
Smart contracts, essentially business logic running on a blockchain, can be as simple as a data update or as complex as executing a contract with attached conditions, and can be divided into two types, namely those that:
- install business logic on validators in the network before the network is launched
- deploy business logic as a transaction committed to the blockchain and then called by subsequent transactions. With these on-chain smart contracts, the code that defines the business logic becomes part of the ledger.
After reading the paper, stakeholders, including C-level executives interested in learning more about the corporate benefits of smart contracts and technologists responsible for deploying hyperledger-based smart contract solutions, will have a deeper understanding of the many legal, regulatory, and security considerations that must be considered when using any smart contract.
The Blockchain/Distributed Ledger Working Group works to produce useful content to educate different industries on blockchain and its proper use, as well as define blockchain security and compliance requirements based upon different industries and use cases. Individuals interested in becoming involved in Blockchain/Distributed Ledger future research and initiatives are invited to join the working group.