Open Information and Computer Integrated Technologies

This article examines the issues of ensuring data confidentiality in corporate information systems of software companies and substantiates the feasibility of using blockchain technology as a basis for building decentralized access control models. A review of classical approaches based on the Bell–LaPadula, Brewer–Nash, and Clark–Wilson models is conducted, and their limitations in multi-user environments with highly dynamic changes in rights and roles are demonstrated. A generalized architecture for ensuring confidentiality and decentralized access management in corporate information systems is proposed, integrating three key components: a permissioned blockchain for guaranteed auditing and record immutability, access tokenization for flexible and context-aware authorization management, and distributed cryptographic key storage (multi-signature and Shamir’s Secret Sharing) to minimize internal threats and abuse. It is shown that the use of smart contracts for formalizing and automatically enforcing access policies enables automated granting and revocation of rights as well as transparent real-time transaction logging. Practical areas of implementation are outlined, including electronic document management, financial operations, compliance and auditing, software copyright management, and identity and personal data protection in accordance with GDPR requirements. Technological and legal challenges, such as scalability and latency, energy consumption of certain consensus algorithms, conflicts with the “right to be forgotten,” and integration with ERP/CRM systems, are analyzed. The study concludes that integrating blockchain with modern cryptographic tools creates a comprehensive trust ecosystem that enhances data confidentiality and resilience of corporate systems to cyberattacks and provides a foundation for further research into hybrid models involving artificial intelligence and cloud computing.

confidentiality; corporate systems; blockchain; cryptography; software companies; information security

Kuner, C., Bygrave, L. A. and Docksey, C. (2020). The EU General Data Protection Regulation (GDPR): A Commentary. Oxford: Oxford University Press (Updated 2021).

Solove, D. J. (2022/2023). The Limitations of Privacy Rights. Notre Dame Law Review.

Agencia Española de Protección de Datos (AEPD) (2019). A Guide to Privacy by Design.

European Parliamentary Research Service (2019). Blockchain and the General Data Protection Regulation (GDPR): Reconciling Two Conflicting Positions? Study.

Pylypchuk, V. H. and Bryzhko, V.M. (2017). Reform and development of the personal data protection system in Ukraine. Information and Law.

Holovatskyi, N. T. (2024). Pravove rehuliuvannia zakhystu personalnykh danykh: GDPR ta dosvid Ukrainy. Visnyk Yurydychnoho Fakultetu UzhNU.

Vrublevska-Misiuna, K. M. (2022). Mizhnarodno-pravovi standarty zakhystu personalnykh danykh ta yikh implementatsiia v Ukraini. Visnyk Yurydychnoho Fakultetu UzhNU.

ENISA (2019). Cybersecurity Culture Guidelines: Behavioural Aspects of Cybersecurity.

ENISA (2018). Cyber Security Culture in Organisations.

Baranov, O. A. (2018). Internet rechei (IoT) i blokchein. Informatsiia i Pravo, 1(24).

Chukut, S. A. (2018). Blokchein chy systema elektronnoho dokumentoobihu: pravovi aspekty vprovadzhennia. Investytsii: Praktyka ta Dosvid.

ENISA and ISMS Forum (2021). Data Protection Engineering (including GDPR Pseudonymisation Guidelines).

Gartner (2024). Trends in Network Security and Data Protection. Available at: https://www.gartner.com/en/newsroom/press-releases/2024-02-22-gartneridentifies-top-cybersecurity-trends-for-2024 (Accessed: 10 August 2025).

Semenchenko, A. I. and Dreshpak, V. M. (eds.) (2017). Elektronne uriaduvannia ta elektronna demokratiia. Part 13: Zakhyst informatsii v systemakh elektronnoho uriaduvannia. Kyiv: FOP Moskalenko O.M.

Verkhovna Rada of Ukraine (2011). Pro dostup do publichnoi informatsii: Law No. 2939-VI of 13 January 2011. Available at: https://zakon.rada.gov.ua/laws/show/2939-17#Text (Accessed: 18 August 2025).

European Union Agency for Fundamental Rights and Council of Europe (2018). Posibnyk z yevropeiskoho prava u sferi zakhystu personalnykh danykh. Kyiv. Available at: https://www.echr.coe.int/Documents/Handbook_data_protection_UKR.pdf (Accessed: 15 August 2025).

Tsilyna, M. (2022). Zarubizhnyi dosvid zabezpechennia zakhystu konfidentsiinoi informatsii. Ukrainskyi Zhurnal z Bibliotekoznavstva ta Informatsiinykh Nauk, 9, pp. 22–32. https://doi.org/10.31866/2616-7654.9.2022.259142

Verkhovna Rada of Ukraine (2010). Pro zakhyst personalnykh danykh: Law No. 2297-VI of 1 June 2010. Available at: https://zakon.rada.gov.ua/laws/show/2297-17#Text (Accessed: 20 August 2025).

Schneier, B. (2021). Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley.

Verkhovna Rada of Ukraine (1992). Pro informatsiiu: Law No. 2657-XII of 2 October 1992. Available at: https://zakon.rada.gov.ua/laws/show/2657-12#Text (Accessed: 22 September 2025).

Cisco Systems (2022). Cisco Cybersecurity Reports. Available at: https://www.cisco.com/c/en/us/products/security/cybersecurity-reports.html (Accessed: 14 August 2025).

Ouaknine, E. (2020). The Importance of Document Security and How to Make Sure You Are Working Safely. Available at: https://www.upslide.net/en/the-importance-of-document-security-and-how-to-make-sure-you-are-working-safely/ (Accessed: 14 August 2025).

Yurydychna Hazeta Online (2019). Osoblyvosti roboty z dokumentamy z hryfom “Dlia sluzhbovoho korystuvannia”. Available at: https://yur-gazeta.com/publications/practice/sudova-praktika/osoblivosti-roboti-z-dokumentami-z-grifom-dlya-sluzhbovogo-koristuvannya.html (Accessed: 10 August 2025).

Ukrainian Institute for the Future (2018). Ukraina 2030e – kraina z rozvynutoiu tsyfrovoiu ekonomikoiu. Available at: https://strategy.uifuture.org/kraina-z-rozvinutoyucifrovoyu-ekonomikoyu.html#6-2-2 (Accessed: 15 August 2025).

Hostpro (2025). Kryptohrafichni alhorytmy shyfruvannia AES, RSA, ECC: ohliad suchasnykh tekhnolohii. Available at: https://hostpro.ua/wiki/ua/security/encryption-types-algorithms/ (Accessed: 5 August 2025).

Carbo, Dzh. (2020). Don’t Just Rely on Data Privacy Laws to Protect Information. Available at: https://www.securitymagazine.com/articles/91775-dont-just-rely-on-data-privacy-laws-to-protect-information (Accessed: 15 August 2025).

UCEP (2020). Intehratsiia Ukrainy u Yedynyi tsyfrovyi rynok YeS: potentsiini ekonomichni perevahy. Available at: https://ucep.org.ua/doslidzhennya/intehratsiia-ukrainy-u-yedynyi-tsyfrovyi-rynok-es-potentsiini-ekonomichni-perevahy.html (Accessed: 10 August 2025).

Medynska, T. V. and Nohinova, N. M. (2022). Tsyfrovizatsiia orhaniv podatkovoho administruvannia v konteksti suchasnykh vyklykiv i zahroz. Naukovi Zapysky Natsionalnoho Universytetu “Ostrozka Akademiia”. Seriia “Ekonomika”, 24(52), pp. 90–96.