In-Use Encryption, Tokenization & Masking

Data in Use, Data Sharing and Privacy Enhancing Computation

rectangle Written by: Purandar Das rectangle 2 5 min read

In a recent post on Top Strategic Technology Trends for 2021, Gartner called out “Privacy-enhancing computation” (PEC). This is what they wrote about it:

While Gartner identifies this as a trend for 2021, security researchers and others have been exploring this space for some time. PEC involves a range of technologies including those that support trusted environments for data sharing, decentralized analytics, and encryption of data in use. All of these are explored at length in a handbook on privacy-preserving computation techniques put out in 2019 by the UN working group on Big Data, though you can also find them explored here and here.

Homomorphic Encryption: A Problematic Approach

Discussions of PEC inevitably mention “homomorphic encryption,” and the working group’s handbook is no exception. Originally proposed in the 1970s, homomorphic encryption – which makes it possible to perform a limited set of arithmetic operations, like addition and multiplication, on encrypted data – began to mature as a technique a decade or so ago. Unfortunately, the promise of this technique has yet to be fully realized.

As the UN working group writes, “The use of homomorphic encryption comes with at least three types of costs: message expansion, computational cost, and engineering cost.” Message expansion occurs because the data to be used is replaced with an encrypted version that can be much longer (sometimes 20x longer) than the original version. This tends to put a limit on the amount of data that can be effectively analyzed using homographic encryption.

Message expansion is related to the computational costs of this method. Depending on the precise method for implementing the technique, the compute time needed, when compared to working with unencrypted data, can be 100-500x slower for operations like multiplication. This type of slowdown makes homomorphic encryption far from ideal for most use cases.

Finally, from an engineering standpoint, the UN working group states the problem very clearly: “Developing complex systems with homomorphic encryption can be challenging and should always be done with the help of an expert, making the initial cost for such solutions potentially high.” The primary drivers of this cost are the complexity of the security model itself and the difficulty of working with existing homomorphic encryption libraries.

An Alternative Approach to Encrypting Data in Use

That there is a need for PEC is beyond doubt. While the UN working group was primarily focused on identifying methods for non-state organizations to take advantage of Big Data analytics, the need for these capabilities in the private sector is equally pressing. As more and more organizations come to understand their data as a valuable asset, they likewise understand the value of sharing that data with others.

There are a lot of reasons that companies may want to share data. There may be value in comparing your customer data with a company that has additional information on those customers. You may want a third party to analyze your data in ways that you cannot. Or you may be sharing data as part of an emerging go-to-market partnership.

Whatever the case, sharing data is not without its challenges. Aside from the data security risks inherent in sharing data with third parties, there is always the possibility that an unscrupulous partner may take advantage of the sharing relationship and try to do things with the data that go beyond the initial scope of the arrangement.

As discussed, homomorphic encryption facilitates basic arithmetical operations and can’t support the searching and matching functionality required for enterprise-level data sharing. It is also ill-suited for things like advanced data analytics.

There is a better way to safely and securely share data. Specifically, we have developed a method for keeping data encrypted while it is being analyzed and processed. The beauty of this method is that it shares none of homomorphic encryption’s many limitations. In fact, it makes the entire process of encrypting data in use easy to implement, scalable and economical. You can find out more here.

If you would like to take a deeper dive into this topic, we are also hosting a Fireside Chat on secure data sharing in the marketing industry. I will be participating in the chat along with Patrick Dineen, CIO at Nielsen and George Coruguedo, CTO at Redpoint Global. I believe it will be a great conversation and hope you can make it!

Tags:

privacy enhancing computation,

third-party data breach,

third-party data risk,

third-party data security

Subscribe to our Blog

Take a look at a truly encrypted future, with no data left unsecure.

Request a Live Demo.

Schedule a live one-on-one
demo of Sotero.

Book Demo