Enveil CEO Ellison Anne Williams writes about how homomorphic encryption is proving to be a privacy game changer.
Privacy has become an unprecedented global motivator for change. The demand for privacy has never been greater, and it is spurring fundamental shifts at an organizational level. Part of that movement comes down to policy: Privacy laws are viewed favorably around the world, and according to a 2021 Data Privacy Benchmark Study from Cisco, 79% of organizations indicate such regulations are having a positive impact.
Consumer behavior is also a driving force behind the prioritization of privacy. In fact, 90% of respondents to that same survey said that their customers will not buy from them if they are not clear about data practices and protection. Further research affirms these broader trends in specific regulation-heavy industries such as financial services. According to Accenture's 2020 Privacy Study, 70% of respondents cited privacy as a key material risk for their financial firms.
Privacy-enhancing technologies (PETs) have emerged as a key solution to the privacy dilemma for businesses. PETs secure data while it's being used or processed, thereby enabling organizations to effectively leverage data while preserving privacy. Analysts at Gartner identified privacy-enhancing computation as one of its 2021 Top Strategic Tech Trends, predicting that "By 2025, half of large organizations will implement privacy-enhancing computation for processing data in untrusted environments and multiparty data analytics use cases."
One pillar of the PETs category, in particular, homomorphic encryption, is proving to be a privacy game changer.
Long a focus of research for its transformative potential, homomorphic encryption (HE) has matured from the sole realm of academia to actually being used to address challenges in both the commercial and government space. HE allows encrypted operations such as searches and analytics to be performed without exposing the sensitive content of the operation itself or the associated results. As such, I noted in a previously published article that it's "Often hailed as the 'holy grail' of crypto for its paradigm-shifting potential to revolutionize how and where organizations can securely and privately leverage data resources and assets."
One of the best ways to understand the transformational power of HE is by looking at how it is currently being utilized in the commercial market. Commercial applications of HE have found their footing; HE is now being used at scale to solve real business problems. Let's look to the financial services sector to see how.
Given the heterogeneous global regulatory landscape, HE is providing value in directly addressing the challenges banks have when onboarding new customers or screening clients against global watchlists to prevent fraud and financial crime. If you think about banks that operate in many jurisdictions across the world, they would like to obtain a global customer operating picture for things like anti-money laundering, customer screening and due diligence. However, the diverse jurisdictional privacy regulations enacted to protect consumer data make it very difficult for them to do so. HE can be used to enable banks to securely collaborate and share in a decentralized, in-place manner across the varying regulatory requirements of these jurisdictions, all while prioritizing data privacy.
In countries where local regulations restrict the movement of data outside the jurisdiction, banks are struggling to perform such global screening while remaining compliant. Using HE, banks are now able to encrypt a query containing sensitive customer data in the privacy jurisdictions and run the encrypted query globally while ensuring that the content of the interaction and its results are never exposed. All of that work happens within seconds, as the encrypted operations transit the globe on standard cloud platform infrastructure, and a bank is left with a much clearer picture of the individuals they are trying to assess. The outcome is a significant savings of resources, time and a reduction in operational risk relating to the possible mishandling of privacy-sensitive or regulated data.
The evolution of HE from purely the subject of academic research to the performant, scalable, ready-for-business iteration we see today has been a four-decade journey. There is understandably a steadily growing amount of excitement and activity around the HE space, which further validates both the necessity, power and potential of the technology itself.
Read the full text of the article at Forbes.