News & Thought Leadership

Check out the latest news, insights, and updates.

Videos & Podcasts

See and hear more about our capabilities and tech.

Frequently Asked Questions

Uncover answers + common myths and misconceptions.

The Data Triad

Discover why protecting Data in Use is critical.


About Us

Learn our story and meet our team.

Our Partners

Explore our collaborations to advance secure data usage.


We're hiring!
Consider our active openings — Join our team!

Use Cases

We're hiring!
Unlock untapped opportunities across verticals.


Public Sector

Mission-enabling, transformative data usage for federal users.

Financial Services

Secure and private data sharing across silos and jurisdictions.


Securely use and collaboration with sensitive, health-related assets.

Secure AI

Enhance decision making, protect privacy, and combat ML/AI risks.
We've just released an infographic!
Highlights of tremendous progress in the Secure AI market
Book a Demo
June 11, 2019

Forbes: Compliance Is The New Normal – It's Time To Lock Down The Data

In this article for Forbes, Enveil CEO Ellison Anne Williams writes that with the GDPR’s first year behind us, it’s time to shift our collective focus to ensuring the personal data businesses use and possess is truly locked down.

The recent anniversary of the General Data Protection Regulation (GDPR)’s implementation commemorated the first full year that businesses dealing with EU resident data have spent operating in this new regulatory environment. One year in, GDPR looks less like an outlier and more like a global trendsetter. While the EU may have led the way, consumer data protection conversations have shifted to the forefront in the United States, both at the state and federal levels and in countries around the globe.

Businesses aren’t the only ones that have begun educating themselves on all things compliance; thanks to a GDPR-related uptick in regulatory content in the media and other public spaces, consumers are increasingly better informed on their digital personas and the rights that do (or do not) accompany them. With that knowledge comes increased expectations for the businesses they choose to interact with and more awareness of those that may be using their personal data without consent. The bar has been raised, and it’s hard to think that consumers will accept less protection than they now see represented on a global stage.

There is a broadening recognition and acceptance that privacy regulations aren’t going away. In a recent Gartner survey, executives named accelerating privacy regulation as their top concern of Q1 2019, with 64% of respondents citing it as a key risk facing their organizations.

Businesses must be prepared for ongoing and elevating compliance standards in the years ahead -- standards that may vary greatly by region, country or state. GDPR spurred great strides in data governance, causing companies to take note of what data they have, where is it, who has access, etc. as well as make significant improvements in the timeliness of breach notifications. However, better data governance and reporting isn’t the end of the compliance story. While improving procedures in these areas is important for companies and consumers alike, these first steps are just that -- a beginning.

Some organizations used GDPR as a catalyst to establish broader data protection strategies, while others have yet to implement technologies that will actually have a meaningful impact on consumer data security. Data governance and reporting satisfy a number of tasks on the compliance checklist, but they do little to prevent sensitive consumer data from being breached or stolen. With the GDPR’s first year behind us, it’s time to shift our collective focus to ensuring the personal data businesses use and possess is truly locked down.

Establishing a data-centric approach to security and focusing on securing the data itself rather than just the networks, servers and applications it resides on is one of the most effective ways to deal with variable and accelerating regulations. If a company’s security strategy is built around protecting data at all times, the business will be better prepared to prevent breaches and misuse no matter what regulatory environment it finds itself operating in.

Data must be secure wherever it is within an organization, whether at rest on the file system, moving through the network or while it’s actually being used or processed. This is a protection strategy I refer to as the "Data Security Triad," the three components of which include:

  • Data at Rest: Categorized as inactive data stored in any digital form, data at rest resides on the hard drive or in databases, data lakes, cloud storage or other locations and is commonly protected by perimeter-based, access control and user authentication technologies. Additional security measures such as data encryption are commonly added depending on the level of sensitivity.
  • Data in Transit: Data is vulnerable as it moves through a private network, public/untrusted space or a local device, and it is, therefore, standard practice to protect it using transport encryption. If businesses adhere to proper protocols, this is an efficient and effective defense strategy for data in transit.
  • Data in Use: Data in use has become the point of least resistance for increasingly sophisticated attackers, as it is the most commonly overlooked segment of the Data Security Triad. Technical methods for securing data in use include homomorphic encryption, secure enclave and secure multiparty compute.

Access management is important for ensuring protection for data at rest, in transit and in use, but when it comes to locking down data to prevent a breach or misuse, one of the most effective technical solutions is encryption. While encryption itself does not prevent interference, without access to the keys, encrypted data is useless to an attacker, and data breached in its encrypted state is not subject to regulatory penalties. Limiting encryption to only a portion of the Triad is a dangerous oversight. If there is data of value at stake, attackers will find a way to reach it, so every point of entry needs to be protected.

GDPR has proven that regulations can spur real change in the commercial market -- change that many consumers view in a positive light. When referring to businesses’ ongoing battle with compliance, as highlighted in its Emerging Risk Trends Report, Gartner’s Matt Shinkman described GDPR as the “starting gun in this process, and not the finish line.” While that seems to be an accurate summary of the market, where businesses perceive that finish line is also critical.

Compliance just to avoid regulatory penalties is not enough to impress an increasingly informed consumer base. In GDPR’s second year, let’s drive action geared more specifically toward what the law was intended to accomplish: Protecting the privacy of consumers by ensuring the security of their data.

Read the full article at Forbes.

To learn more about the expanded value unlocked by Enveil, please schedule a meeting.
Enveil Logo
Enveil is a pioneering Privacy Enhancing Technology company protecting Data in Use. Enveil’s business-enabling and privacy-preserving capabilities change the paradigm of how and where organizations can leverage data to unlock value. Defining the transformative category of Privacy Enhancing Technologies (PETs), Enveil’s award-winning ZeroReveal® solutions for secure data usage, collaboration, monetization, and Secure AI protect the content of the search, analytic, or model while it's being used or processed. Customers can extract insights, cross-match, search, analyze, and leverage AI across boundaries and silos at scale without exposing their interests and intent or compromising the security or ownership of the underlying data. A World Economic Forum Technology Pioneer and Gartner Cool Vendor, Enveil is deployed and operational today, revolutionizing data usage in the global marketplace.
Copyright © 2024 Enveil | Privacy Policy