COMMENT
network from known cybercriminal
scans. It instantly recognises and blocks
traffic in real time from known attack
sources to protect networks from new
and future threats. Thunder TPS’s
on-premise protection also integrates
with Verisign’s cloud-based DDoS
Protection Services to deliver cloud-
bursting capabilities that offload attack
mitigation to the cloud. The Verisign
service is backed by global points of
presence and multiple terabits per
second of global capacity. It ensures
your network won’t collapse under the
weight of a high-volume attack. And for
an additional layer of defence, A10’s
DDoS Security Incident Response Team
(DSIRT) puts a team of DDoS fighting
experts at your fingertips 24/7 to
provide assistance in mitigating attacks
in real time, as they’re happening.
A strong DDoS defence solution, like
A10 Thunder TPS, can help protect
against threats now and threats that
could spring up in the future. So if
Reaper starts launching DDoS attacks,
or researchers uncover the next big
botnet, you’re covered, and you won’t
have to fear the Reaper. n
Could the blockchain enforce
PoPI in South Africa?
Blockchain’s traceability feature may go hand
in hand with PoPI enforcement, explains Vishal
Barapatre, CTO at In2IT Technologies.
T
he Protection of Personal
Information (PoPI) Act is looming
on our horizon. South African
organisations are busily preparing for
it despite there still being much debate
about what the real impact will be and
whether or not it will be truly effective.
However, one thing is certain, a legislation
that protects personal information is
necessary, and any technology which
could support PoPI within the business
should be seriously considered.
One technology that seems purpose-
built for protecting information is the
blockchain. Although one of the selling
points of blockchain technology is its
inherent transparency, it certainly has
effective security measures.
The blockchain and
PoPI compliancy
With the implementation of PoPI,
organisations will need to be more
sensitive around the privacy of their
customers’ information. To do so, they
will have to be more organised around
the storage, use and dissemination
of this data so as not to overstep the
bounds of PoPI, and to take care of their
customers’ privacy. There needs to be a
level of ‘proof’ of where the data is kept,
how it is used and who has access to it
at any given time.
24
INTELLIGENTCIO
The blockchain is a shared digital
transactional ledger that securely
records and regularly reconciles
transactions of virtually anything of
value. Therefore, blockchain provides
accurate traceability and in turn,
promotes accountability.
There is also the security factor, which
appeals to compliancy requirements of
PoPI. The blockchain offers unparalleled
security features, given its multi-
verification nature and tamper-proof
mechanism of protecting already
verified data. If current trends are
anything to go by, the blockchain will
only get more secure.
Any concerns?
The question around transparency
still exists. Surely a platform that
specifically highlights transparency as a
benefit automatically precludes it from
being suitable for an act which stresses
the protection of a person’s privacy?
Not necessarily . . .
A blockchain can be programmed with
certain predefined rules, or permissible
actions, around what may be done
with any piece of personal information,
based on the type of information
it is. Although the information may
be visible to anyone with access to
Vishal Barapatre, Chief Technical
Officer, In2IT Technologies
the blockchain on which it sits, these
parameters automatically create alerts
when certain data is accessed, used,
or disseminated in any way that falls
outside their bounds.
Granted, there is still the risk that the
data may be accessed by unauthorised
individuals, but the organisation will be
alerted and can take immediate action.
The blockchain provides verifiable proof
of who accessed the data illegally, for
what reason, and what was done with
the data. It can then be raised with the
PoPI regulator, if required, or can take
internal action, as desired (or as required
by policy and/or law).
The only real grey area with using
the blockchain for complying with
data storage, is that there will exist a
permanent, unerasable record of the data,
indefinitely. PoPI does define that an
organisation must honour an individual’s
request for their data to be removed once
it is no longer in use. The immutability
of the blockchain could prove a problem,
nevertheless an organisation still retains
control of who may or may not access
the data, and could exercise that control
to ensure that the data remains all but
invisible for its lifespan. n
www.intelligentcio.com