Enveil: Taking Encryption to New Heights
by Sophie Cater
“Never decrypt,” says Ellison Anne Williams, CEO at ENVEIL, which provides a data security solution that the finance industry desperately needs. It lets enterprises operate on data (query/analytics) without ever revealing the content of the interaction, the results, or the data itself.
Having previously worked at the National Security Agency (NSA), Ellison Anne’s insights span the whole Big Data picture, aiming to ensure encryption “throughout its entire life-cycle – at rest, in transit, and in use.” We interviewed Williams at last month’s FinovateFall 2017 in New York. Below is the transcript.”
Finovate: What is unique about ENVEIL’s approach to securing data?
Williams: Although the company is in its early stages, ENVEIL’s completely unique technology has been in development for far longer. I worked at NSA for 12 years, where the technology was developed.
Current data encryption products still leave gaps of exposure during search and analytic processing. Our response to this problem is to never decrypt, and we have developed the first scalable commercial solution for keeping data encrypted at all times, even when it’s being processed. ENVEIL’s solution uses homomorphic encryption to secure data in use, enabling enterprises to operate on information, both encrypted and unencrypted (such as searches and analytics) without ever revealing the content or results of the operation in the cloud, on-premise, or anywhere in between. Our point-to-point product allows organizations to perform searches and analytics over data in a completely encrypted manner.
Finovate: How difficult was this challenge? Why have other approaches to solving this problem failed?
Williams: Previously, decryption was required before searching or analyzing data which leaves the data and the results of the operations potentially vulnerable to outsiders. ENVEIL’s proprietary algorithms, for which 14 patents have been filed to date, enable a method of encryption that protects in-use data to be used at a larger scale. This is the first time in over 20 years of work into homomorphic encryption that this kind of scale has been achieved.
Similar approaches are the current alternatives/workarounds for securing data in use. These competitive behaviors include: not storing store sensitive data in the cloud, maintaining all data on premises; bringing all external data home and performing all searches and analytics on isolated infrastructure; obfuscating operations; asking 100 questions to hide the one that you care about; and, blatant risk exposure by insecurely interacting with data in untrusted locations.
Finovate: What are some of the key technological accomplishments or insights that were necessary to make your solution possible?
Williams: ENVEIL’s core technology was developed and deployed at scale inside of the U.S. Intelligence community over petabyte-sized datasets and processing architectures. The point-to-point product is a two-party system consisting of (1) the ENVEIL Client Application and (2) the ENVEIL Server Application. The ENVEIL Client application lives within the Enterprise and is responsible for encrypting the operations and decrypting the results. While, the Server application lives within the environment of the data repository and is responsible for processing the encrypted operations over the data. ENVEIL supports many APIs for submitting operations to the ENVEIL client including REST and JDBC. Therefore, it is simple and seamless to integrate ENVEIL into an enterprise’s existing workflow.
Finovate: What are some of the most interesting use cases of your technology, particularly in the financial services area?
Williams: Financial institutions are constantly creating, updating, and sharing some of society’s most sensitive data (financial records, trade secrets, etc.). Without strong protections, they are at risk of losing critical information and the trust of their customers, partners and employees. It is imperative that financial institutions securely interact with data whether it is on premise, or in the cloud and keep sensitive data encrypted even when it’s being used to ensure that the queries and analytics performed are done without ever decrypting the operations, or the data.
Key use cases include:
- Securing the financial institution’s usage of data outside of its walls, such as in the cloud or in a data aggregator. Examples include protecting searches for things like M&A or trading research where their interest in a specific M&A target or potential trade could be costly.
- Securing the financial institution’s usage of ‘crown jewel’ data on premise, greatly reducing the exposure of the data (eliminating exposure during processing) and therefore risk and financial impact.
In less than one year, the EU’s General Data Protection Regulation (GDPR) will replace existing data protection rules, impacting companies worldwide. The GDPR includes strict security requirements, with an emphasis on encryption, as part of an overall risk-based approach to cybersecurity. This includes communication, which is a large security concern for the financial industry – sensitive information is constantly being shared across networks, platforms, etc., and if left unprotected, could have a devastating impact on the organization.
In addition to financial services, the use cases for ENVEIL’s robust, horizontal technology span a wide range of large market verticals including cloud security, healthcare, cyber, audit, and supply chain.
Finovate: As an expert in this area, how do you react to the almost weekly news of a major data breach? Is this “the new normal”?
Williams: Unfortunately, it has become the new normal and highlights the need to protect data throughout its entire life-cycle – at rest, in transit, and in use.
Finovate: ENVEIL participated in the RSAC Innovation Sandbox Contest in February, and made its Finovate debut in September. What’s can we look forward to over the balance of this year and into 2018?
Williams: We will be developing new products around securing data in use – stay tuned!