Resources

News & Thought Leadership

Check out the latest news, insights, and updates.

Videos & Podcasts

See and hear more about our capabilities and tech.

Frequently Asked Questions

Uncover answers + common myths and misconceptions.

The Data Triad

Discover why protecting Data in Use is critical.

Company

About Us

Learn our story and meet our team.

Our Partners

Explore our collaborations to advance secure data usage.

Careers

We're hiring!
Consider our active openings — Join our team!

Use Cases

We're hiring!
Unlock untapped opportunities across verticals.

Verticals

Public Sector

Mission-enabling, transformative data usage for federal users.

Financial Services

Secure and private data sharing across silos and jurisdictions.

Healthcare

Securely use and collaboration with sensitive, health-related assets.

Secure AI

Enhance decision making, protect privacy, and combat ML/AI risks.
We've just released an article!
Highlights of tremendous progress in the Privacy Enhancing Technologies market
Book a Demo
November 3, 2023

Computing: Data-driven Needs, Data-Centric Protection

In this article, Enveil CEO Ellison Anne Williams explains the importance of taking a data-centric approach to security

The recent surge of data-driven, insight-producing innovations such as generative AI, computer vision and large-scale natural language processing have brought the value of data to the forefront.

Our digital-first world is data hungry, driving the need to leverage data across global silos at a scale and speed that we've never seen before. However, the rules for responsibly doing so, especially given the heterogeneous regulatory landscape, are unclear at best and frequently left undefined. Such uncertainty often puts the burden of protection on the party in possession of the data. And for businesses, taking ownership of that data — even temporarily — can significantly raise the organisation's risk profile in ways that can have very real and very expensive consequences. In order to minimise this risk and achieve the maximum flexibility needed to grow, adapt, and thrive in a shifting market, security strategies need to be designed around protecting the data itself.

In a data-centric security approach, protection strategies are focused on data at a granular level. Instead of working to build a stronger perimeter or more secure infrastructure, data-centric security is designed to protect data at all times. In many ways, data-centric security is the core of the zero trust philosophy which assumes that systems and networks are inherently compromised. As part of its updated zero trust guidance, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that "zero trust presents a shift from a location-centric model to an identity, context and data-centric approach with fine-grained security controls between users, systems, applications, data and assets that change over time."

When you can't trust your trusted networks or infrastructure, you need to focus on ensuring that the data assets that they contain are identified, categorized and protected at levels appropriate for their sensitivity and/or value.

Three states of data

At a foundational level, data exists in one of three states: at rest, in transit or in use.

Data at Rest is data stored in any digital form. It may reside in databases, data lakes, cloud storage, on the hard drive or in other locations. It is frequently protected by a number of common, industry-standard technologies such as access controls and encryption.

Data in Transit is the label given to data on the move. Often protected using transport encryption with industry standard techniques and protocols, the data assets can move through a public network, private network and/or untrusted space and remain protected.

Finally, Data in Use refers to data when it's being used or processed, the time during which a user extracts insights from data to yield value.

Methods for securing Data in Use include Privacy Enhancing Technologies (PETs), a family of technologies that includes homomorphic encryption, secure multiparty compute and trusted execution environments. PETs are unique because they protect the usage of data, enabling value to be extracted through operations such as search, analytics or machine learning without increasing risk or exposing sensitive data assets. 

The CISA guidance referenced earlier specifically draws attention to these three states and highlights the importance of protecting each. When describing data encryption functions pertaining to zero trust, as well as the considerations for visibility and analytics, automation and orchestration, and governance within the data context, CISA says organizations that execute at an optimal level protect data in all three states: at rest, in transit and in use.

Data privacy

In addition to creating the foundation for ensuring the protection of data assets in the traditional sense, data-centric security enables organizations to better plan and account for the increasingly critical activity related to data privacy. In its 2023 From Privacy to Partnership report, The Royal Society made this distinction between the two pursuits: "Data security relates to protecting data as an asset, whereas data privacy is more concerned with protecting people: ensuring the rights of data subjects follow their data."

Organizationally, this is often further distinguished by the party in charge of overseeing it: CISOs traditionally lead all things security, while data privacy may be driven by a CIO or a Data Privacy Officer. For both objectives, ensuring data remains protected throughout its lifecycle — at rest, in transit and in use — will help ensure the basic thresholds of privacy and security are achieved.

The volume of data is consistently increasing, and the goalposts relating to protecting this value-delivering asset are constantly moving.

Lawmakers, regulators and business owners strive to keep up with the regulatory, policy and technological landscapes that push the bounds of any standard almost as soon as it is developed and adopted. As a result, data protection strategies will only be sustainable if they are designed with flexibility and adaptability in mind.

A data-centric approach to security that focuses on securing the data itself rather than just the networks, servers and applications it resides on is one of the most effective ways to address variability driven by rising cyber threats and regulatory pressures while deriving maximum value.

Read full article at Computing.

To learn more about the expanded value unlocked by Enveil, please schedule a meeting.
Enveil Logo
Enveil is a pioneering Privacy Enhancing Technology company protecting Data in Use. Enveil’s business-enabling and privacy-preserving capabilities change the paradigm of how and where organizations can leverage data to unlock value. Defining the transformative category of Privacy Enhancing Technologies (PETs), Enveil’s award-winning ZeroReveal® solutions for secure data usage, collaboration, monetization, and Secure AI protect the content of the search, analytic, or model while it's being used or processed. Customers can extract insights, cross-match, search, analyze, and leverage AI across boundaries and silos at scale without exposing their interests and intent or compromising the security or ownership of the underlying data. A World Economic Forum Technology Pioneer and Gartner Cool Vendor, Enveil is deployed and operational today, revolutionizing data usage in the global marketplace.
Copyright © 2024 Enveil | Privacy Policy