By Ellison Anne Williams, CEO, Enveil
2020 continues to present many challenges for business leaders.
The COVID-19 pandemic has changed the way many businesses function and proven that employees from across different industries can work effectively from home. At the same time, it has shifted the nature of the security threats facing all organisations, with many adversaries using the uncertainty of the situation to trick their way into corporate systems.
One of the biggest risks faced by all enterprises is protecting sensitive information. Sensitive information may include information sensitive to the company such as Intellectual Property and trade secrets, or information sensitive to the individual which is increasingly protected under privacy regulations.
While securing data at rest (on the file system) and in transit (as it moves through the network) is common practice, protecting data while it is being used or processed has often been a point of weakness. Processing traditionally requires decrypting sensitive assets in order to perform operations such as search, analytics, or machine learning. Homomorphic encryption (HE) solves that issue, helping companies to protect “Data in Use” and enable secure search, analytics, sharing, and collaboration.
By its most basic definition, HE secures data in use by allowing computations to occur in the encrypted or ciphertext domain. This is probably as close to magic as you can get in the security world — but it’s not magic; it’s math.
If encryption is a vault protecting sensitive data, traditional practice requires taking that data out of the vault every time it needs to be used or processed. This exposure leaves the data and the operation vulnerable. HE allows these actions to take place within the vault, ensuring the interaction and the corresponding results remain protected.
The mention of HE a few years ago among colleagues in the security space, much less in a business context, would either elicit blank stares or a sigh, followed by a hopeful “if only.” Those who were familiar with HE recognised its paradigm-shifting potential as the holy grail of cryptography — if only it could achieve computational practicality.
Recent breakthroughs have now made HE practical for a wide range of commercial applications, transforming the technology from exclusive academic darling to commercial game changer.
HE is one of the technologies in the powerful privacy-enhancing technologies (PETs) category, a family of technologies that enables the privacy of data to be preserved throughout its processing lifecycle. Ensuring that the sensitive and/or regulated content contained within searches or analytics is never exposed, HE allows companies to prioritise the protection of data while still enabling critical business functions.
There are business-enabling capabilities that HE facilitates that are not otherwise possible. And the fact that a category — PETs — has formed around the utilisation of HE further affirms that it has shifted into the mainstream. HE is not making something better; it’s making something entirely new possible.
As with many breakthrough technologies, the market adoption of homomorphic encryption really comes down to what business problems HE can uniquely solve within the constraints of real-world applications. Here are three examples of commercial use cases where HE can immediately be put to work:
- Secure Data Monetisation
As we head towards a global recession, organisations looking for new revenue streams are increasingly examining how they might leverage existing data assets. However, the data can only be securely and ethically monetised if the privacy of both the customers of the monetisation service and the underlying data itself are respected. Because HE uniquely allows data to be processed in a privacy-preserving manner without risk of exposure, it opens the door for secure monetisation.
- Third-Party Risk
Third parties can present the greatest risk of exposure for both data security and associated regulatory compliance. To use and share data with an ecosystem of third parties to accelerate performance, enhance agility and realise cost savings, the ability to effectively share data assets with these third-party collaborators is critical. HE allows this collaboration to occur in a secure, decentralised manner.
- Secure Data Sharing and Collaboration
HE enables organisations to securely collaborate across organisational or jurisdictional boundaries without introducing new sensitive variables into the organisation’s data holdings. This is important because exposure to these indicators could trigger additional reporting requirements or expose competitive advantage. By protecting data while it’s being processed, HE allows these organisations to securely leverage external data assets in a decentralised manner without exposing sensitive indicators.
In summary, while these use cases highlight only a small subset of the market-ready commercial applications of homomorphic encryption, they showcase the practical applicability and business value of HE in the near term. As both the awareness and performance capacity of HE continues to accelerate over time, the breadth of commercial use cases will similarly increase. This horizontally transformational technology will become increasingly pervasive for applications built around the privacy and security of using sensitive data, completely changing the paradigm of how and where organisations can leverage these data assets.