When the impact of a relatively unfamiliar technology sounds too good to be true, it’s natural to question those claims. Homomorphic encryption has been described as the ‘holy grail’ of encryption for its unique ability to allow users to leverage data in the encrypted domain (in ciphertext) the same way they would in an unencrypted manner (in plaintext). In today’s data-driven environment, this ability to use and extract value from data without sacrificing privacy or security is a game changer — so significant in fact that upon first exposure, it is frequently treated with skepticism: if it’s so transformative, why isn’t everyone using it?
Homomorphic Encryption
To understand the power of homomorphic encryption and where it can (and is) being utilized today, we need to look back and level up. Homomorphic encryption, or HE, has been the subject of academic and corporate research efforts for decades. From the earliest days, the power of the technology was clear; the practicality, however, was another matter entirely. Performing computations using HE once took hours or even days, effectively closing that door for business uses. Continual breakthroughs over the last decade have rewritten the story, enabling HE to be leveraged for a broad range of use cases, some of which we’ll highlight later.
Beyond the progression of the technology itself, market drivers such as regulatory and policy advances and the proliferation of global data sources and silos have made the secure and private use of data more critical than ever. Organizations must be able to extract value from data sources across boundaries without increasing risk. This has driven interest and exposure for a family of technologies known as Privacy Enhancing Technologies, grouped together for their ability to preserve, enable, and enhance the privacy and security of data throughout its lifecycle.
Privacy Enhancing Technologies
The unique value of Privacy Enhancing Technologies is that they protect data while it’s being used or processed, also referred to as Data in Use. Most people are familiar with the use of encryption to secure Data at Rest on the file system or in the database and Data in Transit as it moves through the network, and these approaches are broadly solutioned and accepted as standard practice by most businesses today. However, even with those security strategies in place, there is still a gap in protection when it comes to actually using the data. That is where Privacy Enhancing Technologies, also known as PETs, come into play.
Homomorphic encryption is a core pillar of the PETs category, alongside secure multiparty computation and trusted execution environments. It allows data to be leveraged in a manner that protects the interest and intent of the user, protecting, for example, the sensitive content of the query or the analytic from exposure outside a trusted environment.
To highlight the impact of this technology, let’s explore five key business use cases for HE today:
- Secure AI: Nothing is more hyped and being pursued more aggressively in the current business climate than Artificial Intelligence and Machine Learning. Bold statements and directives from globally-influential groups including G7 Leaders, NCSC, and the White House, have directed organizations considering such initiatives to ensure they do so in a manner that is private and secure. AI is by nature data-hungry; the more relevant data inputs available, the better the outcome of AI/ML efforts. Using HE, organizations can evaluate and train sensitive models over cross-boundary data sources to enrich outcomes. And since the model remains encrypted during processing, company-sensitive information such as the data over which the model was trained is never exposed outside the trusted walls of the organization. This allows ML models to be used in ways that were not previously possible due to regulatory restrictions, data localization requirements, and broader risk considerations.
- Secure data collaboration across jurisdictions: In today’s global operating environment, organizations must navigate the heterogeneous regulatory landscape, ensuring they abide by data protection laws and localization requirements even across their own data holdings. Using HE, an entity can search and analyze data across jurisdictional boundaries without revealing the sensitive/protected content of the computation itself. This allows the user to extract business-enabling value from the data while remaining in compliance.
- Secure third-party data usage: Organizations rarely have the fortune of owning all the data they need to achieve competitive advantage or enhance decision-making. Businesses and public sector entities frequently turn to third-party and commercially available data sources to provide specific insights or a broader view of the market. Rather than replicating and pulling these additional data sources into trusted environments for processing or incurring risk by exposing sensitive indicators, HE allows users to search, analyze, and run machine learning models over these disparate data sources without revealing their own interests. Expanding the number of data holdings that can be securely and privately used provides an advantage to businesses that need to make decisions quickly and efficiently.
- Cross-silo data sharing: Data silos exist even within the walls of an organization. Data may be segmented by department or security boundaries, such as ‘need to know’ restrictions in the public sector arena. By utilizing HE to encrypt searches and analytics, businesses can draw out insights from cross-silo datasets in a secure and private way — protecting the content of the interaction while respecting the security and ownership of the underlying data.
- Secure inter-organizational collaboration: In order to achieve big-picture objectives, businesses sometimes need to share data and collaborate with unexpected entities, including those with competitive interests. Think, for example, about the drug development process where multiple parties need to be able to use datasets owned by academic or public institutions to advance their efforts and the greater good. In another example, a consortium of competing entities, such as financial service institutions, may want to share data to help combat a shared global threat such as money laundering. Utilizing the power of HE, these groups can collaborate without compromising Intellectual Property of competitive advantage, opening the door to new, more efficient paths to progress.
Homomorphic encryption is only beginning to show its value for business and government organizations. The technology’s unique ability to protect data while it’s being utilized has the potential to shift the way we use data on a broad scale by expanding the field of usable data sources and ensuring privacy and security are prioritized whenever and wherever data is leveraged. As a foundational pillar of the Privacy Enhancing Technology family, HE is nearing its breakout moment. Business leaders who want to be ahead of the privacy and security curve need to pay close attention.
Pingback: Innovative Encryption Solutions to Help Prevent Side Channel Attacks