In my last blog post, I introduced ACT-IAC’s Blockchain Playbook for the U.S. federal government, drafted by a collaborative team of industry and government leaders. As part of the team helping to draft portions of the playbook, I came to realize the importance of a sharing mindset to the success of blockchain initiatives.
Whenever a group of individuals chooses—or are required—to share, they benefit from establishing a governance model that clearly articulates the framework under which the collective will operate and be managed.
As an analogy, consider a homeowner’s association (HOA), responsible for managing a neighborhood.
If the HOA members fail to agree, property values and quality of life within the community may be at risk. Similarly, for organizations sharing data on a blockchain, failure to establish an effective governance model is likely to prevent the blockchain initiative from ever getting off the ground.
When considering a blockchain initiative, all participants must understand this new sharing paradigm and adopt a new way of governing. When no one entity controls the system or the data, the rules around sharing and modifying take on a very different character.
Traditional governance models around data sharing and systems tend to be hierarchical in nature with one participant acting as the data owner, with others who may provide information to and gather data from the owner, but who do not control how the owner operates. While the other participants may be sharing data they are not, in fact, sharing ownership.
From an IT perspective, traditional governance models typically encapsulate:
1. Risk management
2. Change management
3. Release management
4. Security management
5. IT service management
6. Stakeholder management
For comparison: My own HOA
As a homeowner within a managed community, I am a participating member of my HOA, which governs how the community is operated and controlled. For example, my HOA dictates aspects of how my house façade should look. I need to obtain HOA approval to make any significant changes to the exterior. However, I have control and governance over the design of the interior (within statutes and my spouse’s approval, of course). By agreeing to buy a home within that HOA, I have agreed to operate under its policies and have granted certain authority to the HOA’s governance board. I operate under the assumption, of course, that each of my neighbors within the community has agreed to the same.
The blockchain governance model has many similarities to the HOA model, as no one individual homeowner maintains dominion or control over the others. Changes to the way the HOA operates and the policies put in place must be approved, with authority given to a governance board.
Similarly, when considering blockchain, all participants within the blockchain network must abide by the authority given to a governance board. And just like an HOA, each participating member in the blockchain network should—and will—have a voting right on that board.
Continuing with this HOA analogy, consider how each of the components of a traditional, hierarchical IT project governance model would be different in a blockchain environment.
1. Risk management—If I start a lawn-care company and wish to leave my trailer of sharp-bladed tools parked in front of my house, I must consider not only the risk to my own property but also how it might affect my neighbors, an interaction governed by the association. When sharing on the blockchain, we can no longer just consider the risk to one business associated with sharing specific data on the blockchain. Rather, we must consider all data sitting on the blockchain and the corresponding risks posed by the data to every participating member on the network, which could span organizational and even geographic boundaries.
2. Change management—If my neighbor chooses to paint his home exterior bright purple, my home resale value might be affected. The HOA can develop rules about acceptable exterior colors for the sake of protecting all of us from living next door to an eyesore. Likewise, any change to either the smart contract or the operations of the blockchain affects more than one organization. The impact will be felt by every participating member of the network. Therefore, changes must be agreed upon and approved by every participating member.
3. Release management—Should I choose to sell my home, the HOA must approve the sale, verifying that I am in compliance with its regulations and have met all financial obligations to the association. Failure of the HOA to do so would be detrimental to my fellow HOA members. On the blockchain, each new release that moves into production must be approved and controlled by a governance board that verifies that the new release will not have a negative impact on the network.
4. Security management—If there is a burglary within my HOA-governed community, it affects us all. We have the right to voice our concerns to the HOA and recommend new policies or bylaws regarding how the community as a whole and my own property are protected. In order to secure a blockchain network, one must consider the highest security standard, the most secure entity in the network. The highest security standards apply to all, and all must agree to that standard, with each agreeing to increase their own security posture to meet the blockchain’s standards.
5. Stakeholder management—In the HOA, each household is a stakeholder in the management of the association. Similarly, a blockchain is a network of participating organizations and each member is a stakeholder who must be managed accordingly. Like each family in the HOA, each blockchain participant has its own charter, mission and priorities, and these may not necessarily be the same as their neighbor’s.
You probably noticed the one omission in the above list. IT service management is a little different and doesn’t really fit the HOA analogy. Of all the things that we have discussed so far, IT service management is one of the easiest to handle because the failure of one participant in the network will not impact the operations off the network as this is a distributed ledger. Multiple participants have copies of the same ledger.
In addition to these traditional governance components that need to be re-envisioned for a blockchain network, we must remember that changes to the business rules governing the network also have to be managed. This includes the algorithms that govern the rules upon which the blockchain operates. For example, a change to a smart contract will essentially break the blockchain network, requiring the network to fork. In such a circumstance, a new blockchain would need to be created, and a parent-child relationship established with its own required governance model.
With blockchain, these changes must be agreed upon by all participants in the network.
So, when considering embarking on a blockchain initiative, think first of governance before focusing on other decisions. If participants cannot agree upon a governance model, technology decisions and discussions around which data to share on the blockchain will be moot.
About this author
Venkat, an administrative director in CGI Federal’s Security, Administrative, Judicial, and Enforcement division, has more than 25 years of IT experience as both a government leader and a consultant. Prior to joining CGI, he served as deputy director of the operations and engineering division at ...