Enveil CEO Ellison Anne writes about the business-enabling power of homomorphic encryption.
A few years ago, mentioning homomorphic encryption (HE) among colleagues in the security space, much less in a business context, would either elicit blank stares or a sigh, followed by a hopeful "if only." Those who were familiar with HE recognized its paradigm-shifting potential as the holy grail of crypto — if only it could achieve computational practicality.
Although the technology has been around for more than 40 years, computational barriers kept it relegated to the academic/research arena or some enigmatic government spaces. However, recent breakthroughs have now made it practical for a wide range of commercial applications, delivering HE from exclusive academic darling to commercial game changer.
By its most basic definition, HE secures data in use by allowing computations to occur in the encrypted or ciphertext domain. This is probably as close to magic as you can get in the security world — but it’s not magic; it’s math.
If encryption is a vault protecting sensitive data, traditional practice requires taking that data out of the vault every time it needs to be used or processed (perform a search, apply analytics/machine learning, etc.). This exposure leaves the data and the operation vulnerable. Homomorphic encryption allows these actions to take place within the vault, ensuring the interaction and the corresponding results remain protected.
HE is one of the technologies in the powerful privacy-enhancing technologies (PETs) category, a family of technologies that enables the privacy of data to be preserved throughout its processing life cycle. Ensuring that the sensitive and/or regulated content contained within searches or analytics is never exposed, HE allows companies to prioritize the protection of data while still enabling critical business functions. This facilitates capabilities such as secure and private data sharing or collaboration with other entities or across privacy jurisdictions.
In a recent report on the topic, Gartner analyst Mark Driver provides, “HE is a very powerful tool that, when used with supporting technologies and best practices, can significantly reduce the risk of sharing private data in the era of digital business.”
There are business-enabling capabilities that HE facilitates that are not otherwise possible. And the fact that a category — PETs — has formed around the utilization of HE further affirms that it has shifted into the mainstream. HE is not making something better; it’s making something entirely new possible.
As with many breakthrough technologies, the market adoption of HE really comes down to business relevance: What business problems can HE uniquely solve within the constraints of real-world applications? Here are three examples of commercially viable use cases where HE can be put to work:
1. Secure Data Monetization
Organizations looking for new revenue streams are increasingly examining how they might leverage existing data assets; however, the data can only be securely and ethically monetized if the privacy of both the customers of the monetization service and the underlying data itself are respected.
Because HE uniquely allows data to be processed in a privacy-preserving manner without risk of exposure, it opens the door for such secure monetization to occur. This allows existing sensitive or regulated data assets to be used in ways that may have previously been determined as too risky to pursue.
2. Third-Party Risk
Third parties can present the greatest risk of exposure for both data security and associated regulatory compliance. To use and share data with an ecosystem of third parties to accelerate performance, enhance agility and realize cost savings, the ability to effectively share data assets with these third-party collaborators is critical. Homomorphic encryption allows this collaboration to occur in a secure, decentralized manner while protecting against the risk of data breaches, regulatory penalties or brand/reputational damage.
3. Secure Data Sharing And Collaboration
Homomorphic encryption enables organizations to securely collaborate across organizational or jurisdictional boundaries without introducing new sensitive variables into the organization’s data holdings. This is important because exposure to these indicators could trigger additional reporting requirements or expose competitive advantage.
By protecting data while it’s being processed, HE allows these organizations to securely leverage external data assets in a decentralized manner without exposing sensitive indicators. The technology also can be configured to allow them to continue respecting the access and verification controls established by the data’s owner.
While these use cases highlight only a small subset of the market-ready commercial applications of HE, they are the ones that are most likely to showcase the practical applicability and business value of HE in the near term.
As both the awareness and performance capacity of HE continue to accelerate over time, the breadth of commercial use cases will similarly increase. This horizontally transformational technology will become increasingly pervasive for applications built around the privacy and security of using sensitive data, completely changing the paradigm of how and where organizations can leverage these data assets.
Read the full article at Forbes.