Excerpt:
The need for Privacy Enhancing Technologies (PET) has been more compelling than ever today. With increased incidents of surveillance through spyware like Pegasus and ransomware groups like REvil targeting small and medium businesses, what are the technologies that can ensure privacy to consumers and businesses? How can PET minimize personal data use, maximize data security, and empower individuals?
One of the most interesting aspects of Privacy Enhancing Technologies, in general, is their broad applicability. While they are fundamentally a family of technologies that enable, preserve, and enhance the privacy of data, the range of ways in which they can be applied is broad — use cases range from protecting sensitive assets during processing to enabling secure access to third-party datasets to mitigating insider threat risk. Data is the backbone of the digital economy and an organizational asset that impacts teams across the organization. PETs can help security teams protect sensitive assets while still ensuring the data remains usable.
PET has been around as a technology, what is the adoption curve and where does it stand today? What has been the game-changer?
While PETs have long been the subject of research, the increased attention and activity we see now is the result of both market factors and technology breakthroughs. The digital economy has brought data to the forefront, and we’ve also seen a shift in the privacy landscape driven by both global regulations and consumer demand. From a technology perspective, we’re seeing technologies that once were computationally impractical now being implemented at scale. For example, homomorphic encryption, a pillar of the PETs category that allows computations to be performed in ciphertext as though it were plaintext, once required days to perform even the most basic functions. Now those same operations can be done in seconds, opening the door to a number of use cases across verticals.
What are your thoughts on how PET is empowering businesses across geographies and industry verticals?
One of the best use cases for PETs we’ve seen emerge recently is around the category’s ability to help organizations securely and privately share data across jurisdictions or internal/external data silos. While regulations increasingly limit or block such actions completely, PETs like homomorphic encryption (HE) can overcome these challenges by allowing operations (searches or analytics) to be performed without exposing the interaction with the data. HE allows entities to securely collaborate in a decentralized manner without replicating or moving data between jurisdictions, all while prioritizing data privacy. The outcomes are a significant savings of resources and time, as well as a reduction in operational risk relating to the possible mishandling of sensitive or regulated data.
With sensitive data being exposed to open and unsecured networks, how can organizations adopt PET to create a business value and minimize risk?
The emergence of new and varied attack surfaces is driving more organizations toward Zero Trust strategies, which are designed under the assumption that systems are compromised. Encryption plays a key role with this architecture, which includes looking beyond at-rest or in-transit encryption to also protect data while it’s being used or processed. Privacy Enhancing Technologies like homomorphic encryption play a key role in protecting this often-overlooked security gap.
How can PET ensure security for the data life cycle — right from data creation to data in transit, to data processing? Where are the challenges?
PETs uniquely protect data during processing or Data in Use. There have long been solutions geared at protecting Data at Rest on the file system or Data in Transit as it moves through the network, but organizations often overlook the need for protecting it while it’s being used, frankly, because it’s a hard problem to solve. That’s why PETs are such a game-changer — they allow us to securely and privately leverage data in ways that were not previously possible.
Read the full interview here.