Privacy Enhancing Technologies (PETs)

Privacy Enhancing Technologies enable, enhance, and preserve the privacy of data throughout its lifecycle, securing the usage of data.
PETs Infographic

The Pillars of PETs

Secure Multiparty
Compute
Homomorphic
Encryption
Trusted Execution
Environment

Privacy Enhancing Technologies Myths & Misconceptions

To continue building a shared understanding of this increasingly visible, transformational family of technologies, let’s address some common myths and misconceptions.

Myth #1: PETs aren’t ready for prime time

The PETs category includes technologies that protect, preserve, and enhance data throughout its processing lifecycle — technologies that have been studied deeply for decades. Homomorphic encryption (HE), for example, became broadly recognized thanks to research published by Craig Gentry in 2009. The timing of the story is similar for secure multiparty computation (SMPC) and trusted execution environments (TEEs). What has changed more recently is the practicality of their broad use at scale. Breakthroughs largely driven by market need and motivation have firmly taken these technologies from the realm of research to commercial readiness. These advances are being driven by a growing ecosystem of VC-backed startups, well-funded research components of global organizations, and academia.

There are a number of great examples of PETs being implemented at scale today. They are enabling cross-jurisdictional data sharing for Know Your Customer screenings and fraud investigations. They are allowing organizations to privately leverage third-party data assets without pooling or replicating data. They are facilitating more accurate risk assessment modeling by expanding the number of accessible data sources. They are protecting sensitive indicators and speeding time to value for applications at the processing edge. In short, PETs are making entirely new things possible across a growing number of industries by overcoming regulatory, organizational, security, and national boundaries to accommodate secure data usage and collaboration in ways that are not otherwise possible.

Myth #3: The individual technologies within the PETs category are competitive

In an emerging category like PETs, there is a tendency to pit technologies against each other to evaluate which technology reigns supreme. The reality is that these technologies each offer unique attributes and choosing the right ones depend entirely on the use case requirements, infrastructure, and the desired level and type of protection. PETs can, and often do, work together. For example, organizations can use a SMPC capability that leverages HE and vice versa. Or, SMPC and HE techniques can be leveraged in conjunction with a TEE. Organizations looking to utilize PETs should explore all the options available and educate themselves to determine the best fit. Commercial PETs companies, regulatory bodies, industry consortiums, market analysts, researchers, and other third-party groups have a role to play in these efforts to build awareness and enhance understanding. Likewise, those working in PETs space need to recognize and embrace the role we play in educating the market, in helping differentiate the technologies and explaining their often complementary nature, and do so in a way that acknowledges that the adoption of any and all PETs will best serve to address global privacy challenges.

Myth #2: PETs protect Data In Use, At Rest, and In Transit

The power of PETs lies in their ability to protect data while it's being used or processed — when searches, analytics, and machine learning models are being run over data to extract value. This is different from, and complementary to, other traditional measures that protect Data at Rest, such as in the file system or database, or Data in Transit as it moves through the network. While there are many effective, established solutions for protecting Data at Rest and Data in Transit, if organizations want to be able to safely and privately extract value from data assets, these traditional protection strategies are not sufficient. Further, PETs do not replace existing solutions protecting Data at Rest and in Transit; they work alongside them to protect the final segment of the data triad, Data in Use.

Myth #4: PETs research = PETs commercialization

PETs have a long and rich research history and, as such, many PETs are part of an active ecosystem which includes open source research libraries and algorithms. While it is fantastic to have a research foundation upon which to build, it is also important to remember that these elements are not ready-to-use commercial offerings. For example, HE libraries provide basic cryptographic components, but organizations leveraging them must dedicate engineering, algorithmic, and integration resources in order to mature the basic building blocks into viable, enterprise-grade solutions. Likewise, SMPC libraries offer basic algorithms and TEEs are built into many chips and cloud environments today, however, there is much work and deep expertise required to take these fundamental elements and build practical, commercial offerings to protect Data in Use at scale. That’s the value that commercial PETs software providers bring to the table: deep PETs knowledge and off-the-shelf capabilities that are ready to deploy and use today to solve real problems. The open source research landscape is an awesome tool for advancing innovative technologies and the PETs category has certainly benefited from the efforts of numerous contributors. But, these PETs research efforts are just the beginning of the story. Commercial solutions advance and give these research efforts the ‘wings’ required to add real, measurable value.
Privacy Enhancing Technologies Infographic

Frequently Asked Questions

What are Privacy Enhancing Technologies and how do you use them?

Privacy Enhancing Technologies, or PETs as they are sometimes called, are a powerful family of technologies that enhance and preserve the security and privacy of data throughout its lifecycle. These technologies are transformational because the capabilities they enable aren’t making something else better; they are making something entirely new possible.

Our ZeroReveal solutions, which leverage one of the pillars of the PETs category, homomorphic encryption, make PETs practical, scalable and performant for real business use cases today. Data is the backbone of the digital economy and we enable organizations to utilize that data for business purposes while ensuring privacy and regulatory barriers are respected.

Does your solution protect all my data, all the time?

No, we exclusively focus on protecting data while it's being used or processed, what we call Data in Use. This is different from other common forms of encryption, such as protecting Data at Rest on the file system, or Data in Transit as it moves through the network. You can think of Data in Use as the interaction with the data – we encrypt the search, analytic, or machine learning model itself, as well as the corresponding results throughout the processing lifecycle. Using Enveil, organizations can securely derive insights, cross-match, and search third-party data assets without ever revealing the contents of the search itself or compromising the security or ownership of the underlying data.

Do I need to pool or centralize my data in order to use ZeroReveal?

No, we specifically designed our software to support a decentralized approach to data sharing and collaboration since we know that requirements to move or pool sensitive assets are often deal breakers for our customers. Enveil ZeroReveal allows all participating organizations to retain positive control and ownership of their sensitive data assets at all times. We will never ask you to move data to a centralized data lake or repository, an approach that differentiates us from many of our competitors. We enable customers to perform encrypted processing over data where it is and as it is today.

Do I need to re-encrypt my data in order to use ZeroReveal?

Nope. Enveil is built to enable encrypted processing over data wherever it sits – in the Cloud, on Prem, or in a third-party data repository. Enveil sits above the data, allowing organizations and jurisdictions to maintain control of their data assets while leveraging existing storage methods, access, and audit controls. Enveil ZeroReveal is a lightweight, proxy-layer software system designed to work at the speed of business within existing customer workflows. The deployment model is optimized for highly distributed, decentralized multi-party, or hybrid cloud deployments.

Related Articles

June 16, 2022

Computer Weekly: PETs Myths & Misconceptions

Ellison Anne Williams busts some common myths and misconceptions around the emerging technology category of Privacy Enhancing Technologies
Read story
February 7, 2022

Information Age: Privacy Enhancing Technologies are Transforming Data Usage

In this article, Enveil CEO Ellison Anne Williams identifies three use cases that showcase the power of Privacy Enhancing Technologies.
Read story
June 17, 2020

Help Net Security: A Look Inside Privacy Enhancing Technologies

In her latest article, Enveil CEO Ellison Anne Williams writes about Privacy Enhancing Technologies, or PETs, a powerful category of technologies that enable, enhance, and preserve data privacy throughout its lifecycle.

Read story
May 26, 2020

CPO Magazine: What’s Old Is New Again – Examining Privacy Enhancing Technologies

In this article for CPO Magazine, Enveil CEO Ellison Anne Williams discusses Privacy Enhancing Technologies, including the range of technologies included under this category label and the specific challenges that they are best positioned to address.

Read story
See All Articles
To learn more about the expanded value unlocked by Enveil, please schedule a meeting.
Enveil is a pioneering Privacy Enhancing Technology company protecting Data in Use. Enveil’s business-enabling and privacy-preserving capabilities change the paradigm of how and where organizations can leverage data to unlock value. Defining the transformative category of Privacy Enhancing Technologies (PETs), Enveil’s award-winning ZeroReveal® solutions for secure data usage, sharing, collaboration, and monetization protect data while it's being used or processed. Customers can extract insights, cross-match, search, and analyze data assets at scale without ever revealing the content of the search itself, compromising the security or ownership of the underlying data, or exposing their interests and intent.
Copyright © 2022 Enveil