Closing the circle of security in the cloud

May 28, 2021
Until today, data-sensitive companies are unable to utilize the immense benefits of cloud computing. Confidential Computing is here to change this. It is well known that cloud-computing offers many advantages, ranging from increased scalability to reduced operations and update costs. However, in the age of decentralized computation, cybersecurity and data privacy are becoming increasingly important. All while their implementation remains at high costs. Big factor in this cost is that migrating to the cloud creates a hybrid security model. While the cloud provider is responsible for network and physical security, the client is still responsible for data security and privacy. > Migrating to the cloud creates a hybrid security model Naturally, this distribution of security duties confuses many companies. In a recent report [] by Oracle and KPMG, only 10% of Chief Information Security Officers and 25% of the Chief Information Officers fully understand this hybrid security model. This confusion alone has caused actual costs and security breaches.  Such a breach occurred at least once in 82% of the companies active in the public cloud. Thus, leading most companies to choose to hold their sensitive data on-premises, further complicating the security model and hindering its scaling potential. As a result, the promise of the cloud to simplify processes and to reduce costs is not working in the most crucial cases. Sensitive data is everywhere In the past, thinking about organizations with privacy-sensitive data, the mind would go to industries such as defense, pharmaceuticals, and, more lately, the technology industry. However, today, a simple thought like this could not be further from the truth. The data economy has assigned tremendous value to sensitive data. Companies collect, willingly or not, data such as drug prescriptions, financial transactions, face photos, biometric data, and even DNA data. Such sensitive datasets pose both a significant revenue potential but also a big security risk. Today, every organization which utilizes the advancements of scalable computing and advanced analytics possesses or utilizes sensitive data. Combine this with the confusion on the security architecture of the cloud, and suddenly a lot of the recent data breaches make sense. The interim solution Cloud providers offer services and consulting on encrypting the data as a solution to this problem. But this only solves the problem while the data is at rest or in transit but not when the data is at its most sensitive but useful state, in use. For the organization to analyze or even see the data, they have to perform the computation locally after decrypting the entire data set. Thus, the cloud infrastructure, instead of serving as a platform for decentralized computing, serves as a giant expensive remote USB Stick. Confidential Computing as the solution Encrypting the data is just half of the solution. The other half is using the data while encrypted. But, analysis of encrypted data, how can this be possible? Introducing, the avato platform. The avato platform developed by decentriq solves precisely this challenge. avato enables organizations to utilize and draw insights from their encrypted data, using public cloud infrastructure, for example, Azure confidential computing []. Hence, avato allows you to effectively use all the computing power that the Azure offers [] while never compromising security or privacy. How we do it The avato platform operates on Intel SGX [], an implementation of a Trusted Execution Environment (TEE) []. The TEE, also known as an enclave, uses hardware memory protection to encrypt data in-use from anyone who wants to “see” inside. Consequently, encrypted data can be analyzed in the TEE, preventing any third party to reveal the unencrypted data (including the cloud provider and decentriq). The combination of encryption and TEE enables us to perform trusted analytics on privacy-sensitive data sets on a single- or multi-party setup. What are avato`s capabilities The avato platform is not restricted to specific computations or hindered by speed. Avato enables any computation with little to no computation speed decrease. Computations using the avato platform range from data matching, SQL queries, to even machine learning on encrypted data. Closing the circle of security For long, the place of the computation and the place of security were hand-in-hand, but the moment computing started leaving the premises, security got stretched. With more and more sensitive data produced every day, the natural reflexes of the organizations were to protect their sensitive data locally. The added complexities of that, however, led to a vicious circle of increased security risks and increased complexity in the face of an ever-increasing need for cheap scalability. Our goal at decentriq is to close that circle and enable organizations to utilize the full potential of multi-party confidential computing, without ever worrying about data security and privacy. Our next blog shows you how avato is unlocking use cases and collaborations that were highly inefficient or even considered impossible before.