This is a contributed article by Ellison Anne Williams.
Data is at the heart of the digital economy and organisations are constantly on the hunt for better, broader ways to utiliSe their own data — and increasingly, they are also seeking ways to access and leverage data outside their walls. At the same time, a growing heterogeneous regulatory landscape is adding to the complexity of this pursuit by demanding that privacy and security be prioritised.
The need to accommodate both the desire for broader access and restricting regulatory requirements is leading many to explore how technology-enabled solutions can help simultaneously address these challenges. This path frequently leads to homomorphic encryption, a pillar of the Privacy Enhancing Technologies category with the potential to disrupt how and where organisations can leverage data.
What is homomorphic encryption?
By its most basic definition, homomorphic encryption (HE) protects data while it’s being used or processed by allowing computations to occur in the encrypted or ciphertext domain. This is different from the more familiar types of encryption that protect data as it moves through the network or while it’s at rest on the file system. It can be helpful to think of the distinction between these three states of data — at rest, in transit, and in use — as three points of a triangle. While all are important, Data in Use is the segment that is most frequently overlooked, in part because it’s a hard problem to solve but also because, until fairly recently, there was a lack of scalable, practical, commercial-ready solutions.
To help visualise the concept of Data in Use protection, imagine encryption as a vault protecting sensitive data. Traditional practice requires taking data out of the vault every time it needs to be used or processed (to perform a search, apply analytics, evaluate a machine learning model, etc.). This exposure leaves both the data and the operation exposed and vulnerable. HE changes the game by allowing these actions to take place without extracting sensitive data from the protected vault of encryption, as it can also protect the operation and its corresponding results. This ensures sensitive interactions — for example, the interests and intentions of the party performing a search — remain protected throughout the processing lifecycle.
These powerful capabilities have led to HE being referred to as the “holy grail” of cryptography, and they are also why it has been the subject of research and academic pursuit for nearly four decades. Once computationally impractical for use at scale, performance and utilisation breakthroughs over the past several years have prompted increased exploration and adoption in a number of market verticals. And while there continues to be a lot of great progress being made in the academic and research communities, HE has proved that it’s now ready for the move to real-world deployments.
The business case for homomorphic encryption
For business users, HE expands the ways organisations can securely share and leverage data to unlock value. For example, HE is being used today to expand the usage and sharing of regulated data across privacy jurisdictions. Utilising HE-powered search capabilities, users initiate an encrypted query in one jurisdiction and searches over data holding in another jurisdiction. The use of HE ensures that any sensitive and/or regulated information contained in search itself — as well as the corresponding results — remain encrypted throughout the processing lifecycle. This enables a decentralised form of data sharing and collaboration as the data remains in each originating jurisdiction and ensures that sensitive data is never exposed outside of the trusted domain in which the search was initiated. For financial institutions operating in jurisdictions around the world, this expanded secure and scalable access allows them to broaden their visibility for use cases such as anti-money laundering, fraud detection, and Know Your Customer screenings.
Other use cases for HE include secure collaboration, third-party risk, and data monetisation. By protecting data while it’s being processed, HE enables organisations to use external data assets where they are and as they are today, without exposing sensitive indicators. This ability to collaborate without pooling or centralising data expands the ways in which third party entities can work together as all contributors are able to maintain positive control and ownership of their data assets. The technology also can be configured to continue respecting the access and verification controls established by the data owner. Existing sensitive or regulated data assets can be used in ways that may have previously been determined as too risky to pursue.
While the transition from innovative technology to broad commercial use is rarely straightforward, homomorphic encryption is on its way. The unique capabilities it enables are too transformative to ignore, and it is a technology that will continue to thrive far into the future. By proving its usefulness and impact in real-world use cases today, homomorphic encryption is quickly solidifying its position as a business-enabling, privacy-preserving tool that you need to know.
Dr. Ellison Anne Williams is the Founder and CEO of Enveil, the pioneering data security company protecting Data in Use. Building on more than a decade of experience leading avant-garde efforts in the areas of large-scale analytics, information security, computer network exploitation, and network modelling. Dr. Williams founded the startup in 2016 to protect sensitive data while it’s being used or processed — the ‘holy grail’ of data encryption. Dr. Williams leverages her deep technical background and a passion for evangelising the impact of disruptive technologies to cultivate Enveil’s capabilities into category-defining solutions that enable secure search, analytics, sharing, and collaboration.