Closing the circle of security in the cloud

Until today, data-sensitive companies are unable to utilize the immense benefits of cloud computing. Confidential computing is here to change this.

It is well known that cloud computing offers many advantages, ranging from increased scalability to reduced operations and update costs. However, in the age of decentralized computation, cybersecurity and data privacy are becoming increasingly important. All while their implementation remains at high costs. A big factor in this cost is that migrating to the cloud creates a hybrid security model. While the cloud provider is responsible for network and physical security, the client is still responsible for data security and privacy.

Migrating to the cloud creates a hybrid security model

Naturally, this distribution of security duties confuses many companies. In a recent report by Oracle and KPMG, only 10% of Chief Information Security Officers and 25% of the Chief Information Officers fully understand this hybrid security model. This confusion alone has caused actual costs and security breaches.  Such a breach occurred at least once in 82% of the companies active in the public cloud. Thus, leading most companies to choose to hold their sensitive data on-premises, further complicating the security model and hindering its scaling potential.

As a result, the promise of the cloud to simplify processes and to reduce costs is not working in the most crucial cases.

Sensitive data is everywhere

In the past, thinking about organizations with privacy-sensitive data, the mind would go to industries such as defense, pharmaceuticals, and, more lately, the technology industry.

However, today, a simple thought like this could not be further from the truth. The data economy has assigned tremendous value to sensitive data. Companies collect, willingly or not, data such as drug prescriptions, financial transactions, face photos, biometric data, and even DNA data. Such sensitive datasets pose both a significant revenue potential but also a big security risk.

Today, every organization which utilizes the advancements of scalable computing and advanced analytics possesses or utilizes sensitive data. Combine this with the confusion on the security architecture of the cloud, and suddenly a lot of the recent data breaches make sense.

The interim solution

Cloud providers offer services and consulting on encrypting the data as a solution to this problem. But this only solves the problem while the data is at rest or in transit but not when the data is at its most sensitive but useful state, in use.

For the organization to analyze or even see the data, they have to perform the computation locally after decrypting the entire data set. Thus, the cloud infrastructure, instead of serving as a platform for decentralized computing, serves as a giant expensive remote USB Stick.

Confidential computing as the solution

Our Decentriq platform solves precisely this challenge. Decentriq is an enterprise SaaS platform providing data clean rooms - allowing users to leverage data previously not possible.

Decentriq allows organizations to easily and securely collaborate with stakeholders, internal or external, to derive new data value - all with guaranteed trust and privacy because of Decentriq's underlying encryption-in-use technology called confidential computing.

How we do it

The Decentriq platform operates on Intel SGX, an implementation of a Trusted Execution Environment (TEE). The TEE, also known as an enclave, uses hardware memory protection to encrypt data in-use from anyone who wants to “see” inside. Consequently, encrypted data can be analyzed in the TEE, preventing any third party to reveal the unencrypted data (including the cloud provider and Decentriq). The combination of encryption and TEE enables us to perform trusted analytics on privacy-sensitive data sets on a single- or multi-party setup.

What are Decentriq's capabilities

The Decentriq platform is not restricted to specific computations or hindered by speed. Decentriq enables any computation with little to no computation speed decrease. Computations using Decentriq range from data matching, SQL queries, to even machine learning on encrypted data.

Closing the circle of security

For long, the place of the computation and the place of security were hand-in-hand, but the moment computing started leaving the premises, security got stretched. With more and more sensitive data produced every day, the natural reflexes of the organizations were to protect their sensitive data locally. The added complexities of that, however, led to a vicious circle of increased security risks and increased complexity in the face of an ever-increasing need for cheap scalability. Our goal at Decentriq is to close that circle and enable organizations to utilize the full potential of multi-party confidential computing, without ever worrying about data security and privacy.

Our next blog shows you how Decentriq is unlocking use cases and collaborations that were highly inefficient or even considered impossible before.