Enveil is focused entirely on protecting data while it’s being used or processed, what we call Data in Use. This is different from the more familiar types of encryption that protect data as it moves through the network or while it’s at rest on the file system. We think it’s helpful to think of the distinction between these three states of data — at rest, in transit, and in use — as three points of a triangle that we call The Data Triad. While all are important, Data in Use is the segment that is most frequently overlooked, in part because it’s a hard problem to solve but also because, until fairly recently, there was a lack of scalable, practical, commercial-ready solutions.
Sensitive data must be protected at all points in its lifecycle: at rest, in transit, and in use.
Data at Rest: Categorized as inactive data stored in any digital form, data at rest resides on the hard drive or in databases, data lakes, cloud storage or other locations and is commonly protected by perimeter-based, access control and user authentication technologies. Additional security measures such as data encryption are commonly added depending on the level of sensitivity.
Data in Transit: Data is vulnerable as it moves through a private network, public/untrusted space or a local device, and it is, therefore, standard practice to protect it using transport encryption. If businesses adhere to proper protocols, this is an efficient and effective defense strategy for data in transit.
Data in Use: Representing data while it’s being used or processed, Data in Use has become the point of least resistance for increasingly sophisticated attackers, as it is the most commonly overlooked segment of the Data Security Triad. Technical methods for securing Data in Use come from the category of
Privacy Enhancing Technologies, including
homomorphic encryption, secure multiparty compute, and trusted execution environments.
Encryption renders data useless to an attacker, making it unreadable and therefore removing its value. Thus, encryption is able to undermine the attackers’ purpose – stealing assets of value – and makes the target infinitely less appealing. Experience tells us that if there is data of value at stake, attackers will find a way to find and reach it – we can’t just lock the front door; every point of entry needs to be protected. Consequently, limiting encryption to only a portion of the The Data Triad is a dangerous oversight. It is critical to protect data at rest, in transit, and in use.
No, we exclusively focus on protecting data while it's being used or processed, what we call Data in Use. This is different from other common forms of encryption, such as protecting Data at Rest on the file system, or Data in Transit as it moves through the network. You can think of Data in Use as the interaction with the data – we encrypt the search, analytic, or machine learning model itself, as well as the corresponding results throughout the processing lifecycle. Using our ZeroReveal® solutions, organizations can securely derive insights, cross-match, and search third-party data assets without ever revealing the contents of the search itself or compromising the security or ownership of the underlying data. Enveil works alongside existing systems with ease to enhance security and ensure sensitive assets such as Intellectual Property, PII, and other compliance critical data are protected throughout the processing lifecycle.
