challenges to implementing enterprise blockchain applications,
This weeks reading discussed some of the challenges to implementing enterprise blockchain applications, along with a discussion of best practices.
Choose one of the best practices presented in the paper assigned as this weeks reading that you find most interesting (and clearly state which best practice you have chosen).
Explain why you chose this best practice as the most interesting.
Describe how implementing your chosen best practice (from the assigned research paper) will increase the probability of implementation success.
Im interested to read what YOU learned from this weeks reading. Do NOT submit a research paper. Tell me what you think.
Think of three questions youd like to ask other students and add these to the end of your thread.
The questions must be taken from material you read in Chapter 12, and each question should start a discussion topic.
Youre not trying to test each other, but you are trying to start a discussion.
Finally, go to three other students threads and post comments, answering at least one of their questions.
For EACH comment you post, use the 3CQ approach (described above.)
When someone asks you a question, answer it!
Exploring Preliminary Challenges and Emerging Best Practices
in the Use of Enterprise Blockchains Applications
Mary Lacity
Blockchain Center of Excellence
University of Arkansas
[emailprotected]
Shaji Khan
College of Business Administration
University of Missouri-Saint Louis
[emailprotected]
Abstract
Enterprise blockchain applications can allow
trading partners to transact directly without relying
on trusted third parties and promise to: eliminate the
need for reconciliations, instantly track and trace
assets through a supply chain, provide unbeatable
data provenance, settle transactions quickly and
cheaply, and enable an information security model
that is fault tolerant, resilient, and available. Many of
these promised benefits seemingly address the
challenges of non-blockchain based inter-
organizational systems. However, this research
indicates that blockchain based inter-organizational
applications pose significant challenges of their own.
Based on interview and participant observation data,
we identified five challenges: (1) competing
blockchain standards, (2) adjusting to different
shared governance models, (3) intellectual property
concerns (4) industrial espionage risks, and (5)
regulatory uncertainty. We also identified emerging
practices stakeholders are using to address those
challenges when considering enterprise blockchain
applications.
1. Introduction
Use of blockchain technologies in the
interorganizational enterprise applications context
has garnered tremendous attention in the industry.
Reports and opinions predict that blockchain based
enterprise applications will revolutionize business
and reshape the economy [3, 9, 12, 26]. Enterprises
are interested in blockchain technologies because
they promise a significant amount of business value
by providing the ability to transact directly with
trading partners without the use of trusted third
parties, eliminating the need for reconciliations,
instantly tracking and tracing assets, providing data
provenance, settling transactions quickly and cheaply
and enabling a resilient information security posture.
Put simply, blockchain based applications promise to
solve many types of issues (e.g., those related to
technical aspects, governance, transparency,
efficiency, transaction costs, provenance, information
security, and so on.) surrounding existing
interorganizational systems [9, 10].
Despite the explosion of interest, our prior research
found that there were very few enterprise blockchains
applications in production in 2017-2018
notwithstanding the billions of dollars in blockchain
investments worldwide [12], the thousands of proofs-
of-concepts across all industries, and the high-profile
groups like R3, Hyperledger Project and Enterprise
Ethereum Alliance working to facilitate enterprise
adoption. A 4th quarter 2017 study of 200 blockchain
projects by HfS, a research and consulting firm,
corroborates our findings. HfS found that 90 to 95
percent of enterprises were still conceptualizing
blockchains, conducting proof-of-concepts or piloting
applications. Only 5 to 10 percent of pilots were
progressing to production [8]. Whats taking so
long?
Indeed, while generally sharing the optimism,
some have expressed concerns about the hype
surrounding blockchain applications in business
contexts [9] suggesting that significant issues must be
overcome before the promise of blockchain
technologies is realized. Others have argued that
many of the issues surrounding existing
interorganizational systems, such as interoperability
concerns, will manifest within the blockchain
contexts as well [23]. Yet others have compared
blockchain technologies to the proverbial hammer
looking for the nails, arguing that many of the
potential business applications blockchain is being
tested for, do not need blockchains and existing
institutions, applications etc. may be just enough [7].
Unfortunately, little is empirically known on just
what challenges organizations are facing so as to
shed light on the potential of blockchain technologies
Proceedings of the 52nd Hawaii International Conference on System Sciences | 2019
URI: https://hdl.handle.net/10125/59904
ISBN: 978-0-9981331-2-6
(CC BY-NC-ND 4.0)
Page 4665
mailto:[emailprotected]
mailto:[emailprotected]
in the enterprise context. Theres even less empirical
basis to determine what organizations are doing to
address those challenges as they explore and develop
blockchain applications.
This paper addresses this gap and contributes to the
practice and research of interorganizational systems
by empirically exploring the preliminary challenges
organizations are facing in adoption of blockchain
technologies and by identifying emerging best
practices for addressing those challenges. We draw
on data from a broader multi-year, mixed-method
research program to specifically addresses the
following questions:
What challenges to adoption of enterprise
blockchain applications do enterprises face?
What practices are enterprises using to address
those challenges?
Understanding these challenges and organizational
practices to address them is important both from a
practice perspective and from a theoretical
perspective. To the extent organizations see potential
for business value, we believe that a better
understanding of challenges and best practices is
crucial for any real progress. On the other hand, if
indeed, there are significant issues that cannot be
overcome in feasible ways then it is also important to
take note. From a theory perspective, senior
Information Systems (IS) scholars have often
reminded us to pay attention to the Information
Technology (IT) artifacts due to the crucial role they
play in shaping organizations and societies [14, 22].
To the extent, one considers the very nature of
blockchain technologies as fundamentally different
than previous generations of technological
innovations and to the extent that one appreciates the
truly transformative and upending potential of
blockchain technologies [24], it becomes imperative
to better understand and study blockchains evolution
into the context of business applications.
The rest of this paper is organized as follows. To
orient readers new to blockchain technologies,
section 2 provides some background and overview of
a blockchain application as an inter-organizational
trading system. Section 3 briefly describes our
research methods. Section 4 presents the findings
related to five challenges and five emerging practices
for addressing them. Section 4 provides discussion,
limitations, and directions for future research.
2. Background
A blockchain application is a distributed, peer-to-
peer system for validating, time-stamping, and
permanently storing transactions on a distributed
ledger that uses cryptography to
authenticate digital asset ownership and asset
authenticity and consensus algorithms to add
validated transactions to the ledger and to ensure the
ongoing integrity of the ledgers complete history
[10]. Blockchain technologies are commonly
associated with cryptocurrencies operating with a
permissionless1 model. While enterprises are
interested in the underlying technologies that drive
these blockchains, they require more control in the
form of permissioned2 blockchain applications.
Moreover, a majority of potential enterprise use-cases
of blockchain technologies revolve around inter-
organizational systems.
In other words, by their very nature, enterprise
blockchain applications involve a network of
stakeholders (business networks, business-
government-quasi-government networks, etc.) where
1 Permissionless blockchain applications like
Bitcoin, Ethereum, and Stellar do not restrict
accessanyone with access to the Internet may
participate.
2 Permissioned blockchain applications restrict
access to pre-authorized users and will likely be built
on protocols designed for enterprise adoption, such as
Hyperledger Fabric, R3 Corda, Chain, Multichain,
and Quorum discussed in this paper.
the nature of the transactions as well as the standards
and inter-organizational frameworks within which
those transactions would be executed, need to be
coordinated among the diverse stakeholders. Further,
the technological standards and regulatory
underpinnings must also be delineated.
2.1 A Blockchain Application as an Inter-
organizational Trading System
A distributed blockchain application performs the
vital functions of trusted third-parties (TTPs) by
using computer algorithms and cryptography instead
of relying on institutions to mitigate counter-party
risks. Enterprises are interested in permissioned
blockchain applications, which restrict access to
authorized users and the rights or roles of those
authorized users (see Figure 1).
Permissioned blockchains rely upon a front-end
gatekeeper to enforce the rights of access. Unlike a
trusted-third party that sits in the middle of
transactions, the gatekeeper is like a security guard
that checks a badge before allowing entry. It has no
Page 4666
ability to alter the ledger or to stop smart contracts
from executing.3
Transactions on the shared ledger are immutable,
thus every party can be confident they are dealing
with the same data. With one version of the truth
transparent to all parties, there are no reconciliations,
enabling faster settlement times and lower transaction
costs.
Organization B
(Node 2)
Organization A
(Node 1)
Ledger X
Organization C
(Node 3)
Ledger X
Regulator
(Node 4)
Ledger X
Permissioned Blockchain
Trading System
Ledger X
E 1 2 3E 1 2
E 1 3 E 1 2 3
Observe only
Gatekeeper
E
Public States:
Every member of the permissioned
blockchain network may access the
public state transactions
Private States:
Only parties to a particular Smart
Contract can access the private state
transactions
1 2 3
Figure 1. Permissioned blockchain trading system
with three trading partners, one regulator and no
TTP. Organization A is party to smart contracts 1
and 3 but cannot observe smart contract 2;
Organization B is party to smart contracts 1, 2, and
3; Organization C is party to smart contracts 1 and 2
but cannot observe smart contract 3; The regulator
in this example is granted observation only access
to all transactions.
Use of cryptography-based identity and
authentication in conjunction with immutability
further enhances assurances of authorized access and
data integrity. Permissioned blockchains can also use
3 This is true provided that the organization that
serves as the gatekeeper operates fewer than 50
percent of the nodes; If a gatekeeper does operate 50
percent or more of the nodes, there is little point in
using a blockchain except under specific
circumstances, such as an intra-organizational
blockchain across divisions and if concerns about
organizational control are not an issue for the
particular application.
smart contracts4 to nuance roles within a blockchain
application. Particular parties may play different roles
within different smart contracts, such as observe,
transact, validate, and add transactions to the ledger.
For example, a permissioned blockchain may use
smart contracts to create multiple, separate mini-
ledgers as depicted in Figure 1.
Blockchain applications also promise heightened
availability (a key security objective). Blockchain
applications still function properly even if a high
percentage of nodes are faultyor even malicious
enabling resiliency and 100 percent availability. In
theory, the only way to break a blockchain
application is to commandeer more than 50 percent
of the nodes before any of the other nodes notice.
In summary, the potential relative advantages of
blockchain applications compared to trading systems
that rely on TTPs are:
The ability to transact directly
No need for reconciliations
Instant tract and trace of assets
Reliable data provenance
Control over ones own identity
Faster settlement times
Lower transaction costs
Reduced threat of opportunism because
agreements execute automatically
Heightened security that is fault tolerant,
redundant, and available
Despite the immense promised value, our research
and industry reports suggest that adoption is still in
nascent stages [8]. This slow pace has been attributed
to technology immaturity and significant challenges
that must be overcome. This paper focuses on
identifying those challenges and emerging practices
organizations are using to address them.
3. Research Methods
As mentioned above, this paper draws on a broader
multi-year, mixed-method research program on use
of blockchain technologies in enterprise contexts. In
2017, the lead author joined the Center for
Information Systems Research, Massachusetts
Institute of Technology as a Visiting Scholar to lead a
research project on how enterprises were exploring
blockchains. The research team included Jeanne
Ross, Principal Research Scientist, and Kate
Moloney, Research Specialist. In this paper, we
report findings based on analyses of interview and
4 A smart contract is a piece of software that stores
and then executes the terms of an agreement between
parties.
Page 4667
participant observation data drawn from this broader
research program.
3.1 Interviews
During interviews, we asked managers about their
blockchain adoption journeys, their participation in
blockchain ecosystems, and the practices and lessons
they have learned so far. We asked research
participants the following questions:
How is the organization building blockchain
capabilities? What strategies are being considered?
Which applications are deemed to be the most
promising, are already under development, or have
been deployed?
What challenges do organizations need to
overcome to deploy blockchain applications into
production? What are the key project and change
management practices? How well have expectations
been met so far? What are the preliminary outcomes
and lessons learned?
As of this writing, confidential interviews were
conducted with 38 key informants in 30
organizations. In order to minimize the potential for
bias, we selected highly knowledgeable interview
participants representing diverse perspectives,
industries, and organizational characteristics [4]. We
interviewed blockchain innovation leaders in large
US national or global firms, including leaders from
six global financial services firms, three global
manufacturers, and two US healthcare providers. We
have permission to specifically cite BNP Paribas, JP
Morgan, Moog, and State Street as examples. We
also interviewed blockchain heads in professional
services firms, service providers, startups and
nonprofit organizations. We conducted interviews in
19 such organizations, of which we have permission
to cite Axiom, Blockchain of Things, Capgemini,
Center for Supply Chain Studies, Cognizant, KPMG,
LO3 Energy, and Stellar.
3.2 Participant Observation
The lead author also participated in the Center for
Supply Chain Studies project to define blockchain
standards for tracing pharmaceuticals through the
United States (U.S.) supply chain. The project
examined ways the pharmaceutical industry can
comply with the U.S. Drug Supply Chain Security
Act (DSCSA) of 2013. The law requires that by year
2023 all parties in the U.S. supply chain must trace
certain classes of pharmaceuticals from source to
destination. Bob Celeste, Chief Executive Officer
(CEO) and Founder of the Center for Supply Chain
Studies, led the group of about 50 participants who
represented pharmaceutical manufacturers,
wholesalers, distributors, and retail and hospital
pharmacies. The lead author was a participant in the
event and took extensive notes aimed at capturing the
key aspects of the issues and discussions. When
possible, the lead author asked clarifying questions to
other participants. This experience helped the lead
author to better understand the perceived benefits,
challenges, and concerns that supply chain partners
have about shared blockchain applications.
3.3 Data Analysis
Interview and participant observation data were
analyzed in an inductive and iterative fashion to help
themes emerge and coalesce into 1) the major
challenges in applying blockchain technologies for
enterprise applications, and 2) the best practices
indicated by the participants to help address those
challenges. All interviews were recorded and
transcribed into over 500 pages of text. Notes from
participation observation were also analyzed. We
followed a two-stage process. During the first stage
of data analysis, we attempted to identify themes
pertaining to organizational actions in exploring
enterprise blockchain applications. The lead author
read each interview and participant observation notes
and coded the data to extract themes. Five major
themes emerged from this process. When possible,
details about specific blockchain technologies or
consortia were compiled and written to supplement
discussion of major themes by using those
technologies or consortia as paradigmatic of the
underlying theme. For example, when discussing a
diversity of blockchain standards, we researched and
presented four such major standards to highlight the
issue.
During the second stage, we focused our attention
on what participants identified as important best
practices aimed at addressing each emergent
challenge identified during the first-stage of analysis.
When a particular best practice emerged, we explored
the industry literature and our interview and
participant observation data to identify instances of
the emergent best practices or specific organizations
employing them, to serve as exemplars in our
research findings.
After the initial themes pertaining to challenges
and best practices emerged, we next created written
summaries (aimed at a practitioner audience). The
summary write-ups were then sent to each participant
who was quoted and the participant was requested to
review their excerpt for accuracy. Participants made
suggested revisions to improve clarity and precision.
Separately, the lead author wrote a case study based
Page 4668
on participant observation data. This case study was
then reviewed and edited based on input from the
CEO of the case study site, Center for Supply Chain
Studies. Each participant was asked whether they
preferred to remain anonymous or to be identified.
Fifteen participants granted permission to use their
names and titles.
4. Findings
Our analyses revealed five major challenges that
participants believe must be overcome before broader
adoptions of blockchain technologies in enterprise
contexts. Specifically, participants identified (1)
competing blockchain standards, (2) adjusting to
shared governance models, (3) intellectual property
concerns (4) industrial espionage risks, and (5)
regulatory uncertainty. We next explore each
challenge and the emerging practices to address
them.
4.1 Competing Blockchain Standards: The
Race is Afoot
Our data suggest that a variety of different
underlying blockchain standards are taking shape
during the initial exploration of the use-cases as well
as technological bases of blockchains. It appears that
an assortment of industry alliances and consortia are
competing in the standards arena.
The way we go about investing in blockchain is
really multifaceted since nobody knows today which
players will prevailyou cannot put all your eggs in
one basket, so we have a very diversified approach
with whom we work on the blockchain. Jacques
Levet, Head of Transaction Banking, EMEA at BNP
Paribas
Blockchain standards are needed to specify rights
of access and the rules for how transactions in a
blockchain application will authenticate asset
ownership and asset authenticity, how transactions
will be structured, addressed, transmitted, routed,
validated, sequenced, secured, and added to the
permanent record. Standards will serve as the
blueprints to ensure the integrity of records. As of
year-end 2017, participants reported that many
different groups are working on standards, but no one
standard had emerged. Therefore, most of the
research participants pursue the following practice:
Practice 1. Participate broadly in blockchain
workgroups
As the following quote attests, most of our
interviewees are participating in a number of
blockchain working groups to define standards
because they are not sure which working group will
ultimately prevail:
So, from a strategy point of view, it’s early days.
We’re probably in the situation that all the other big
financial institutions are at the moment. Nobody’s
really backing one [consortium]. We’re all trying to
get to know as much about it as possible and see
where it takes us. All we know is that it’s going to be
extremely disruptive. IT Consultant and
Architect for an Africa-based bank
Working groups, including consortia and non-
profits, are defining blockchain standards and
developing code bases and proof-of-concepts for
business applications. As of August 2017, Deloitte
identified 40 major consortia, of which 26 were
focused on financial services, 10 were cross-sector,
and three were in healthcare [6].
According to some of our research participants,
large working groups may be the best bet for creating
a de facto protocol in the long-run, but some are slow
to agree upon standards. The value of smaller-sized
working groups is that players can move faster; the
downside risks are lack of wider adoption or eventual
obsolescence if a new standard or platform emerges
in the industry. Data suggests, many global firms
mitigate the risk of backing the wrong horse by
participating in both large and small working groups.
Enterprises in our study most commonly belonged
to generic blockchain consortia, such as the
Hyperledger Project and Enterprise Ethereum
Alliance, as well as industry-focused consortia, such
R3, B3i, and the Center for Supply Chain Studies (as
mentioned above). For example, BNP Paribas
participated in both large and small consortia and had
invested in several FinTechs to influence, learn, and
contribute to blockchain initiatives. A large
consortium like R3 was very valuable because it
brings many financial institutions into the
conversation. Jacques Levet said, R3 is very useful
because it’s a way to organize discussions between
the banks. Banks have historically not been very
good at doing that on their own, so having a third
party who organizes that is quite useful. BNP
Paribas also joined two smaller consortia, with the
goal that the banks will define standards and create a
Request for Proposal (RFP) for FinTechs to develop
the specified blockchain application [11].
While the main tasks of these working groups are
to identify blockchain standards, build code bases,
and/or proof-of-concepts, participants are also
struggling with challenges about adjusting to
different shared governance models, industrial
espionage risks, adequate protection of joint
intellectual property (IP) and regulatory uncertainty.
Page 4669
4.2 Adjusting to Shared Governance Models
Business agreements are the hardest things. We
need to have rules of entry and play that protect
consumers and protect the overall ecosystem. Getting
people to play ball, that’s the real tough thing.
Innovation Director for a US healthcare company
If the government had one iota how much fraud
and abuse they could stop especially in
pharmaceuticals, how they can purge the opioid
thing, they would mandate blockchains tomorrow. It
would be a mandated, you must participate on this
within two years. Head of Innovation for a US
healthcare company
Both permissionless and permissioned blockchain
applications rely upon shared governance models. No
one entity should be able to unilaterally make
decisions about changing the rules, upgrading the
code base, or altering the immutable records or smart
contracts.5 Our participants identified several
potential types of shared governance models at the
level of a blockchain application, including
democratic, representative, or regulatory. Each of
these models have trade-offs.
Practice 2. Carefully consider the trade-offs
of shared governance models
With a democratic shared governance model, each
participating member has an equal vote in
deliberations. The members debate, deliberate and
ultimately vote on proposed upgrades or fixes to
address unexpected events like breaches or
unintentional consequences from poorly crafted smart
contracts. Open source communities that govern
Bitcoin and Etherum are examples of democratic
governance models. In those blockchain applications,
miners vote on major decisions. The benefits of a
democratic governance model are openness, which
minimizes the threat of corruption, and power
decentralization. The downsides are minority voices
are muffled and decision-making can take a long
time. When enough members disagree with the
majority vote, hard forks in the blockchain can occur.
Hard forks at Ethereum and Bitcoin are two
prominent examples. Ethereum split into Ethereum
and Ethereum Classic in June 2016 when the
Ethereum community could not agree on how to
handle an attack on a poorly worded smart contract;
Bitcoin split into Bitcoin and Bitcoin Cash in August
2017 when the community could not agree on the
5 The only exceptions are under the circumstances
in which an enterprise or a group of colluding
enterprises operate at least 50 percent of the nodes.
proposed increase in block size. Their stories are
important reminders of the implications of
democratic governance. Specifically, an enterprise
must be willing to defer to the communitys will and
live with the consequences of its majority rule.
With a representative shared governance model,
decision makers are elected or appointed to their
roles. For example, a blockchain application in a
pharmaceutical supply chain might have
representatives from manufacturers, distributors,
retail pharmacies and independent physicians who
govern the application. This model will be able to
make decisions quicker than a democratic one, but
cabals may form where representatives collude. For
example, manufacturers might vote as a group
against the will of the retail pharmacies.
The governance might be relegated to a regulatory
body. For example, participants in the Center for
Supply Chain Studies envisioned that a regulatory
body could allow any licensed pharmacies to
participate in the shared blockchain application. In
another context, one participant was helping a
government with a blockchain application for
passport control. The Passport Control Office would
regulate and govern the application. The benefits are
guaranteed regulatory compliance, but the model is
centralized in that it places trust in one institution.
Overall, participants expressed concerns for any
shared governance model. An enterprise may have a
weighted vote in deliberations in proportion to their
stake, but it will not be able to control them. This is a
major mind-shift for many participants in our study.
4.3 Intellectual Property Concerns
Our industry is behind some other industries in
our management of shared IP and our ability to
collaborate and cooperate. We all jumped in to
explore a use case and did some joint design thinking
with two or three traditional competitors without
thinking about who owns the intellectual capital that
comes out the tail end of that workshop.
Innovation Lead for a global bank
Participants in our research expressed concerns
about their working groups intellectual property
rights. For example, a participant in the Center for
Supply Chain Studies asked, How do we protect the
intellectual property weve built as a team? The
following practice emerged:
Practice 3. Be sure to understand the working
groups IP policy
Some consortia like the Hyperledger Project have
visible IP policies, while others like R3 do not. For
Page 4670
example, Hyperledgers charter includes a clearly
worded IP clause that in part reads:
Members agree that all new inbound code
contributions to HLP (Hyperledger Project) shall be
made under the Apache License, Version 2.0. All
contributions shall be accompanied by a Developer
Certificate of Origin sign-off that is submitted
through a Governing Board and LF-approved
contribution process. Such contribution process will
include steps to also bind non-Member Contributors
and, if not self-employed, their employer, to the
licenses expressly granted in the Apache License,
Version 2.0 with respect to such contribution
Subject to available Project funds, HLP may
engage The Linux Foundation to determine the
availability of, and register, trademarks, service
marks, and certification marks, which shall be owned
by the LF [27].
R3s IP policies were not available to the public as
of May 2017. An article by the Business Insider
reported, Details about R3s share structure are not
being disclosed, neither are details about the division
of the intellectual property built atop the open-source
Corda platform. However, Rutter (R3s CEO) did
explain that while Corda itself is being open-sourced,
the results of experiments conducted with partners
within the R3 lab would be guarded more closely
[2].
According to participants, some consortia required
members to sign non-disclosure agreements, but only
one reported that their working group required
participants to sign IP agreements. One interviewee
from a large bank explained, If you do highlight the
need for some agreement [on shared IP], getting to
common ground on what that agreement needs to
look like and who should own the IP, it’s sometimes
weeks or even months in lead time. We as an industry
need to work faster on those kind of repeatable
processes.
4.4 Industrial Espionage Risks
The issue is that some companies are afraid that
information that’s being collected for the blockchain
will be used for other purposes. So, let’s say I’m a
pharmacy. If I verified all the products I have on
hand, I’m announcing my inventory. Companies are
concerned that this added intelligence could be used
for other purposes such as contract negotiations,
etc. Bob Celeste, CEO and Founder
