Until today, data-sensitive companies are unable to utilize the immense benefits
of cloud computing. Confidential Computing is here to change this.
It is well known that cloud-computing offers many advantages, ranging from
increased scalability to reduced operations and update costs. However, in the
age of decentralized computation, cybersecurity and data privacy are becoming
increasingly important. All while their implementation remains at high costs.
Big factor in this cost is that migrating to the cloud creates a hybrid security
model. While the cloud provider is responsible for network and physical
security, the client is still responsible for data security and privacy.
> Migrating to the cloud creates a hybrid security model
Naturally, this distribution of security duties confuses many companies. In a
by Oracle and KPMG, only 10% of Chief Information Security Officers and 25% of
the Chief Information Officers fully understand this hybrid security model. This
confusion alone has caused actual costs and security breaches. Such a breach
occurred at least once in 82% of the companies active in the public cloud. Thus,
leading most companies to choose to hold their sensitive data on-premises,
further complicating the security model and hindering its scaling potential.
As a result, the promise of the cloud to simplify processes and to reduce costs
is not working in the most crucial cases.
Sensitive data is everywhere
In the past, thinking about organizations with privacy-sensitive data, the mind
would go to industries such as defense, pharmaceuticals, and, more lately, the
However, today, a simple thought like this could not be further from the truth.
The data economy has assigned tremendous value to sensitive data. Companies
collect, willingly or not, data such as drug prescriptions, financial
transactions, face photos, biometric data, and even DNA data. Such sensitive
datasets pose both a significant revenue potential but also a big security risk.
Today, every organization which utilizes the advancements of scalable computing
and advanced analytics possesses or utilizes sensitive data. Combine this with
the confusion on the security architecture of the cloud, and suddenly a lot of
the recent data breaches make sense.
The interim solution
Cloud providers offer services and consulting on encrypting the data as a
solution to this problem. But this only solves the problem while the data is at
rest or in transit but not when the data is at its most sensitive but useful
state, in use.
For the organization to analyze or even see the data, they have to perform the
computation locally after decrypting the entire data set. Thus, the cloud
infrastructure, instead of serving as a platform for decentralized computing,
serves as a giant expensive remote USB Stick.
Confidential Computing as the solution
Encrypting the data is just half of the solution. The other half is using the
data while encrypted. But, analysis of encrypted data, how can this be possible?
Introducing, the avato platform. The avato platform developed by decentriq
solves precisely this challenge. avato enables organizations to utilize and draw
insights from their encrypted data, using public cloud infrastructure, for
example, Azure confidential computing
avato allows you to effectively use all the computing power that the Azure
offers [https://azure.microsoft.com/en-us/] while never compromising security or
How we do it
The avato platform operates on Intel SGX [https://software.intel.com/en-us/sgx],
an implementation of a Trusted Execution Environment (TEE)
[https://en.wikipedia.org/wiki/Trusted_execution_environment]. The TEE, also
known as an enclave, uses hardware memory protection to encrypt data in-use from
anyone who wants to “see” inside. Consequently, encrypted data can be analyzed
in the TEE, preventing any third party to reveal the unencrypted data (including
the cloud provider and decentriq). The combination of encryption and TEE enables
us to perform trusted analytics on privacy-sensitive data sets on a single- or
What are avato`s capabilities
The avato platform is not restricted to specific computations or hindered by
speed. Avato enables any computation with little to no computation speed
decrease. Computations using the avato platform range from data matching, SQL
queries, to even machine learning on encrypted data.
Closing the circle of security
For long, the place of the computation and the place of security were
hand-in-hand, but the moment computing started leaving the premises, security
got stretched. With more and more sensitive data produced every day, the natural
reflexes of the organizations were to protect their sensitive data locally. The
added complexities of that, however, led to a vicious circle of increased
security risks and increased complexity in the face of an ever-increasing need
for cheap scalability. Our goal at decentriq is to close that circle and enable
organizations to utilize the full potential of multi-party confidential
computing, without ever worrying about data security and privacy.
Our next blog shows you how avato is unlocking use cases and collaborations that
were highly inefficient or even considered impossible before.