IBM is coming to the crypto custody space.
Later this month, Shuttle Holdings, a New York investment firm, will launch the beta version of a custody solution for digital assets built on IBM’s private cloud and encryption technologies. The companies won’t be storing cryptocurrencies and tokens themselves, but offering tools for others to do so.
Potential users include banks, brokers, custodians, funds, family offices and high net worth investors who want to do self-custody, as well as exchanges, Brad Chun, Shuttle’s chief investment officer, told CoinDesk.
IBM showcased the solution at its “Think 2019” conference last month in San Francisco, where Nataraj Nagaratnam, the tech giant’s CTO and director of cloud security, called storage of crypto a prime use case for Big Blue’s cloud.
“What better example than taking a financial technology that is changing the world. Look at digital assets; how do you secure the data? … [This is] top of mind for a lot of people in the financial industry,” Nagaratnam said, before welcoming Chun onstage.
When contacted by CoinDesk, IBM referred most questions to Chun. But Rohit Badlaney, director of IBM’s “Z As a Service” cloud solution, talked up IBM’s involvement in the forthcoming Digital Asset Custody Service (DACS).
“For DACS, the on-premise pervasive encryption capabilities offered by IBM LinuxONE was a key differentiator in choosing IBM as the most secure platform for their offering,” Bedlaney told CoinDesk through a spokeswoman.
The move suggests IBM is wading deeper into the digital asset space, after developing the Hyperledger Fabric private blockchain for enterprises and more recently getting involved with cryptocurrency through its work with the Stellar Foundation.
While crypto custody was once the preserve of wallet providers and crypto exchanges, the promise of institutional investment entering the digital assets space has prompted a race to come up with safe, industrial-grade solutions that are also familiar in terms of usage to these large players.
Not cold storage
The custody service that Shuttle and IBM are offering differs greatly from the cold storage solutions used by most crypto custodians, where the private keys are held in a device not connected to a network.
While these air-gapped arrangements have traditionally been thought of as the best way to reduce attack vectors, “from a technology standpoint, it sounds a little oxymoronic,” Chun in his presentation.
Enterprises, he noted, want to be able to connect to their customers and to have data and assets held in a readily available, yet secure setting. (Getting assets out of cold storage can be something of a headache.)
Instead, Chun said IBM Cloud has created some interesting features that enabled Shuttle to build a system that is “just as secure, if not more secure” than a simplistic cold storage wallet solution.
As such, the solution is built on a hardware security module (HSM), a kind of lockbox that safeguards and manages digital keys in a tamper-proof environment.
He later elaborated to CoinDesk:
“There are always trade-offs between security and efficiency, but we do not utilize a traditional cold storage system. Instead, we keep keys at rest encrypted in multiple layers as data blobs so that an organization can store these backups using their pre-existing disaster recovery and backup processes and media.”
During his presentation, Chun said this combination of availability and security means the IBM Cloud solution is better equipped for a digital asset-laden future.
“Once we have this critical layer that’s highly available and secure, then all businesses can start custodying digital assets – not just cryptocurrencies; we mentioned real estate, we mentioned identity,” he said.
As far as what flavor of HSM Shuttle uses, Chun told CoinDesk the solution was HSM-agnostic.
“We focus on the entire solution, not just the HSM. If the HSM offering from Gemalto is better than what we are using, I would be happy to talk to them and incorporate them into our plans. IBM has an HSM we are using but we can easily switch it based on customer needs and demands,” he said.
Cold storage vs. HSMs
Stepping back, opinions differ over HSMs versus traditional cold storage and the putative trade-offs between security and efficiency, in relation to managing crypto assets.
With cold storage solutions, a human has to be involved to access the assets, which can take anywhere from an hour or two to as long as 48 hours. HSMs, by contrast, rely on a purely electronic process and are therefore much faster.
Other high-profile HSM initiatives include the Komainu partnership between hardware wallet provider Ledger, Gemalto and Japanese bank Nomura, slated for launch in early Q2. Demetrios Skalkotos, global head of Ledger Vault, pointed out that Komainu uniquely has been granted access to integrate its software directly into the Gemalto HSM blueprint.
“Only banks and governments have that to my knowledge,” he said.
Trustology, backed by ethereum design studio Consensys, is also making strides with an HSM crypto custody solution. Alex Batlin, the CEO of Trustology, said people like the sound of cold storage because it’s offline, but it’s really just replacing a network with a human, who can still be influenced to behave in nefarious ways.
“All cold storage does is give you a false sense of security and also very high latency for instruction execution,” Batlin said.
However, Mike Belshe, CEO of crypto custody pioneer BitGo, has argued that the latency and human involvement are a small price to pay for the security afforded by cold storage. He told CoinDesk last year:
“If you put the keys online, or if you put the keys so close to being online that you can move money within 15 minutes, that means you don’t have very tight control on it. The customers we talk to appreciate this point of view.”
IBM image from Construct 2017 via CoinDesk archives.