Spending five minutes into the marketing or sales material of any enterprise
SaaS company can be enough to overwhelm you with technical speak about security
It is only natural that many initial reactions to Confidential Computing and
encryption-in-use is "I am already encrypting my data!"
In this blog, we are going to walk through why what is "secure" and "private"
has transformed in the last few years, and why "standard" cloud encryption is
not enough for a lot of use cases today.
A story of three data states
Data exists in three states, and so does the encryption applied to this data. To
really understand the value-add of Confidential Computing, one first has to be
familiar with these three states and what they mean.
Data and encryption at-rest
When some data is in a USB stick, a hard drive, or cloud storage, then that data
Leaving that data unencrypted means that whoever gets access to the data
storage, automatically gets access to the underlying data as well. However,
encrypting that data is a problem that has been solved for many years now.
Think "password protected USB sticks" or "encrypted cloud storage". It is as the
industry calls it “encryption at-rest”, and it is nowadays a heavily recommended
step for any data sitting on premises or in the cloud. Even if someone gets
access to the storage, they will not be able to see the data there without the
Data and encryption in-transit
When the data is moving from one place to the other, then we consider the data
to be in-transit.
Failing to encrypt the data in-transit results in third parties being able to
gather and intercept data while it is being sent from one place to the other,
regardless of whether the storage (or the compute) they are going to is
In other words, if your use case involves data being sent around, not having
encryption in-transit leaves the data vulnerable, even if your storage is
encrypted. Encrypting that data (encryption in-transit) is a more recent
achievement (think HTTPS and TLS) but it is something that is considered the
internet standard today.
Data and encryption in-use
But there is a third state, when some computation is performed on the data (any
computation; from simply reading a file, to Machine Learning and AI). At that
point, the data is considered in-use.
Failing to encrypt that data means that anyone with administrator rights in the
computer that performs any computation on that data, can see the data. It does
not matter if the data is encrypted where it comes from, where it goes, or when
it is being transmitted.
At the place of the computation, it is unencrypted. And today that is the case
for almost all data computation
Ok but if it’s such a big deal, why do I only hear about it now?
If you are wondering about this, you are not alone. It is not by accident that
this type of encryption has only become truly relevant recently. There are three
reasons for this, and they are connected.
1. Before cloud, on-premise infrastructure acted as a natural defense
Traditionally, organizations deployed software and held data in their premises,
allowing them to physically control and secure their infrastructure. So if you
could make sure that the data is encrypted when it was stored, and while being
piped in the network, you would not mind it being unencrypted in-use because the
"attack surface" was relatively limited. The admin with such access would
probably be a senior level security administrator in your company.
However, this has been slowly changing for the past years as more and more
companies are moving to the cloud. Now, the computation is no longer happening
in the secure perimeter of the company and the admin with that access is not a
senior security admin of the company, but an unknown cloud admin and/or the SaaS
vendor admin. This means that more people have access, especially people who are
not part of the data owning organization.
2. Encryption in-use used to be difficult and expensive
Encrypting data while it is in-use is a much bigger challenge than at-rest and
in-transit. And it makes intuitive sense why; when you want to compute on some
data, you need to know what data that is. In order to find the result of a
simple addition, I need to know what elements I am adding. And in that case, to
know, mean to be "unencrypted".
So, the question really becomes:
> How can we get the result of a computation (and know it is correct), without
knowing the data underneath?
While the technology to support encryption in-use is not new, until now, the
tradeoffs were just not worth it. It has only been recently that advancements in
cryptography enabled technologies, such as Confidential Computing, to be almost
as performant as unencrypted methods.
You can read more about these different technologies in some of our previous
3. Stricter data privacy and data security regulations globally
In the wake of events such as the Cambridge Analytica scandal
, data privacy and awareness of data misuse became a popular social movement
that created global regulations such as the GDPR, and the CCPA. These data
privacy regulations are now rapidly adopted by countries all over the world,
creating a new landscape where data privacy must be completely thought out
before data usage, making most of the current analysis platforms unsuitable for
sensitive data analytics.
4. Data collaboration is eating the data world, and it is almost impossible
without encryption in-use
The need becomes even more apparent when we talk about data collaboration. There
is currently no other way to collaborate on data, without giving access to that
data to a trusted third party, or to a consulting firm or a SaaS data
collaboration vendor. This adds yet another entity to the mix.
In the end, a company who just wants to provide their data to a collaborator
ends up having to give access to two more actors, namely the cloud admins and
the trusted third party.
And on top of all of this, they have to make sure that data privacy is uphìeld
and no sensitive information is being extracted.
All in all, a data owner, such as a first-party data provider (or a hospital,
and a bank), who wants to collaborate with someone else today, needs to:
1. Give data access to the vendor providing the software that facilitates this
(or the consultancy)
2. Give sensitive data access to the "impartial" infrastructure provider
3. Trust the privacy guarantees of the software provider to make sure that
whoever analyses that data is not ending up with more information than they
should (output privacy)
So, encryption in-use is basically another layer of protection for my data?
Yes and no.
Yes, it is an extra layer of protection for your data because it closes a
previously overlooked hole in the security assumptions.
But it is also much more than that. Removing the need to trust the
infrastructure provider and the vendor (Decentriq), we enable some very exciting
use cases that were just not possible before, such as:
* Data Clean Rooms
don’t require organizations to trust the software provider
* Cyber defence
data intelligence and collaboration
* Pharmaceutical companies developing models from hospital data
[https://www.decentriq.com/request/case-study/lynxcare] without anyone ever
seeing the data
and many more...
So yes, it is an extra protection layer, but you should not need it because of
this. It is needed because it unlocks a completely different way to interact and
collaborate on data. And that collaborative way is taking the industry by storm.
For more on keeping your data secure while in-use, please reach out to us here