Resources

News & Thought Leadership

Check out the latest news, insights, and updates.

Videos & Podcasts

See and hear more about our capabilities and tech.

Frequently Asked Questions

Uncover answers + common myths and misconceptions.

The Data Triad

Discover why protecting Data in Use is critical.

Company

About Us

Learn our story and meet our team.

Our Partners

Explore our collaborations to advance secure data usage.

Careers

We're hiring!
Consider our active openings — Join our team!

Use Cases

We're hiring!
Unlock untapped opportunities across verticals.

Verticals

Public Sector

Mission-enabling, transformative data usage for federal users.

Financial Services

Secure and private data sharing across silos and jurisdictions.

Healthcare

Securely use and collaboration with sensitive, health-related assets.

Secure AI

Enhance decision making, protect privacy, and combat ML/AI risks.
We've just released an article!
Highlights of tremendous progress in the Privacy Enhancing Technologies market
Book a Demo
June 16, 2022

Computer Weekly: PETs Myths & Misconceptions

Ellison Anne Williams busts some common myths and misconceptions around the emerging technology category of Privacy Enhancing Technologies

The business-enabling category of Privacy Enhancing Technologies (PETs) is making its mark as the one of the foundational technologies of the digital transformation era. With data as the backbone of the digital economy, market factors such as the drive to view data as an organizational asset, the need for global data sharing and collaboration, and an ever-increasing demand for privacy have catapulted this family of technologies into the spotlight.

The direct impact that they deliver to business and mission capabilities is the reason they are here to stay. Grouped together for their ability to enable, enhance and preserve the privacy of data throughout its lifecycle, these technologies are powerful and transformational in engineering trust and unlocking data value. As the value of PETs becomes more widely recognized and an increasing number of organizations and providers begin using the term, there remain a variety of questions and misconceptions to address.

Front and center among items to clarify is the name itself. While there have been a number of proposed labels – privacy-preserving technologies, privacy-enhanced computation, privacy enablers – PETs has surfaced as the category name of choice. This is the designation that US and UK leaders used late last year when they announced an initiative to advance these technologies to “harness the power of data in a manner that protects privacy and intellectual property, enabling cross-border and cross-sector collaboration to solve shared challenges”.

It is also the category name being used by the United Nations, the ICO, and a growing number of large, global organizations

Also, there are misconceptions about which technologies should be included in the category. Clarity on this item centers around how the technologies are used, the role they play in enhancing privacy, and where that impact takes place. As a mathematician by training, to me, the simplest dividing line comes down to computation.

PETs protect Data in Use, which describes data while it is being used or processed via searches or analytics. By this definition, the core pillars of PETs include homomorphic encryption, secure multi-party computation, and trusted execution environments (sometimes called confidential compute). Other approaches, such as synthetic data and data at rest protection mechanisms such as tokenization, are tangential, but do not fit within the category because they do not protect data in use.    

To continue building a shared understanding of this increasingly visible, transformational family of technologies, let’s address some common myths and misconceptions about PETs.

Myth 1: PETs aren’t ready for prime time

The PETs category includes technologies that protect, preserve and enhance data throughout its processing lifecycle – technologies that have been studied deeply for decades. Homomorphic encryption (HE), for example, became broadly recognized thanks to research published by Craig Gentry in 2009. The timing of the story is similar for secure multi-party computation (SMPC) and trusted execution environments (TEEs). What has changed more recently is the practicality of their broad use at scale.

Breakthroughs, largely driven by market need and motivation, have firmly taken these technologies from the realm of research to commercial readiness. Although the progress made in recent years is impressive, industry experts agree that we have only begun to scratch the surface. Gartner predicts that, by 2025, half of all large organizations will be using these capabilities for processing data in untrusted environments and multi-party data analytics use cases. These advances are being driven by a growing ecosystem of venture capital-backed startups, well-funded research components of global organizations, and academia.

There are a number of great examples of PETs being implemented at scale today for use cases in financial services, healthcare and government. PETs are enabling cross-jurisdictional data sharing for know-your-customer screenings and fraud investigations. They are enabling organizations to privately leverage third-party data assets without pooling or replicating data. They are facilitating more accurate risk assessment modeling by expanding the number of accessible data sources. They are protecting sensitive indicators and speeding time to value for applications at the processing edge.

In short, PETs are making entirely new things possible across a growing number of industries by overcoming regulatory, organisational, security and national boundaries to accommodate secure data usage and collaboration in ways that are not otherwise possible.

Myth 2: PETs protect data in use, at rest and in transit

The power of PETs lies in their ability to protect data while it is being used or processed – when searches, analytics and machine learning models are being run over data to extract value. This is different from, and complementary to, other traditional measures that protect data at rest, such as in the file system or database, or data in transit as it moves through the network.

While there are many effective, established solutions for protecting data at rest and data in transit, if organizations want to be able to safely and privately extract value from data assets, these traditional protection strategies are not sufficient. Also, PETs do not replace existing solutions protecting data at rest and in transit; they work alongside them to protect the final segment of the data triad, data in use.  

Myth 3: The individual technologies within the PETs category are competitive

In an emerging category like PETs, there is a tendency to pit technologies against each other to evaluate which technology reigns supreme. The reality is that these technologies each offer unique attributes and choosing the right ones depends entirely on the use case requirements, infrastructure, and the desired level and type of protection. PETs can, and often do, work together.

For example, organisations can use an SMPC capability that leverages HE, and vice versa. Or SMPC and HE techniques can be leveraged in conjunction with a TEE. Organisations looking to utilise PETs should explore all the options available and educate themselves to determine the best fit.

Commercial PETs companies, regulatory bodies, industry consortiums, market analysts, researchers and other third-party groups have a role to play in these efforts to build awareness and enhance understanding. Likewise, those working in the PETs space need to recognise and embrace the role we play in educating the market, in helping differentiate the technologies and explaining their often-complementary nature, and do so in a way that acknowledges that the adoption of any and all PETs will best serve to address global privacy challenges. 

Myth 4: PETs research = PETs commercialization 

PETs have a long and rich research history and, as such, many PETs are part of an active ecosystem that includes open source research libraries and algorithms. While it is fantastic to have a research foundation upon which to build, it is also important to remember that these elements are not ready-to-use commercial offerings. For example, HE libraries provide basic cryptographic components, but organizations leveraging them must dedicate engineering, algorithmic and integration resources in order to mature the basic building blocks into viable, enterprise-grade solutions.

Likewise, SMPC libraries offer basic algorithms and TEEs are built into many chips and cloud environments today, but there is much work and deep expertise required to take these fundamental elements and build practical, commercial offerings to protect data in use at scale. That is the value that commercial PETs software providers bring to the table – deep PETs knowledge and off-the-shelf capabilities that are ready to deploy and use today to solve real problems.

The open source research landscape is an awesome tool for advancing innovative technologies and the PETs category has certainly benefited from the efforts of numerous contributors. But these PETs research efforts are just the beginning of the story. Commercial solutions advance and give these research efforts the “wings” required to add real, measurable value. 

Conclusion

The time for Privacy Enhancing Technologies is here. The technologies are ready, the market is ready, and the list of data usage problems demanding secure and private solutions continues to grow. Stephen Almond, director of technology and innovation at the ICO, recently summarized the value this innovative category delivers to the broader market: “Privacy-enhancing technologies help organizations build trust and unlock the potential of data by putting data protection by design into practice.”

We are undeniably in an era of digital transformation, and to ensure we continue forward on a foundation prioritising data privacy and security, we should embrace PETs now. That effort starts with shared understanding.

Ellison Anne Williams is CEO and founder of Enveil

See the full article at Computer Weekly.

To learn more about the expanded value unlocked by Enveil, please schedule a meeting.
Enveil Logo
Enveil is a pioneering Privacy Enhancing Technology company protecting Data in Use. Enveil’s business-enabling and privacy-preserving capabilities change the paradigm of how and where organizations can leverage data to unlock value. Defining the transformative category of Privacy Enhancing Technologies (PETs), Enveil’s award-winning ZeroReveal® solutions for secure data usage, collaboration, monetization, and Secure AI protect the content of the search, analytic, or model while it's being used or processed. Customers can extract insights, cross-match, search, analyze, and leverage AI across boundaries and silos at scale without exposing their interests and intent or compromising the security or ownership of the underlying data. A World Economic Forum Technology Pioneer and Gartner Cool Vendor, Enveil is deployed and operational today, revolutionizing data usage in the global marketplace.
Copyright © 2024 Enveil | Privacy Policy