Privacy-enhancing computation is one of the most exciting technological trends. Learn more about one of the most exciting new security developments.
- What is Privacy-Enhancing Computation?
- The Need for Privacy-Enhancing Computation
- How Does It Work?
- 4 Examples of PEC Applications
- Stefanini’s Approach to Data Security
You’ve likely heard the phrase “data is the new oil.” And as we enter a new decade, it appears that data remains one of the most valuable assets a company can produce – and keep safe.
As business operations continue to prioritize data privacy and security, consumers are becoming more aware of their own personal data and are getting wary of who they let manage it. In fact, a recent survey from Pew Research Center discovered that 79 percent of adults were concerned with how companies were using the amount of data (like IP addresses) collected about them. Further, 52 percent opted not to use a product or service due to worries about how their personal information might be collected.
Enter privacy-enhancing computation (PEC).
While this technology has been around for decades in the academic realm, only very recently has it started being utilized in real-world applications. One of the Top Strategic Technological Trends of 2021 chosen by Gartner, if PEC wasn’t already on your radar, it will be by the end of this article.
What is Privacy-Enhancing Computation?
Falling under the category of “people centricity,” Gartner defines PEC as featuring three technologies that protect data while it is in use. These technologies include:
- A trusted environment where sensitive data can be processed or analyzed.
- Performs processing and analytics in a decentralized manner.
- Encrypts data and algorithms before analytics or processing.
With this trend, organizations are empowered to conduct research securely across regions and with competitors without betraying their confidentiality.
The Need for Privacy-Enhancing Computation
As mentioned above, PEC is designed specifically for the increasing need to share data while maintaining security or privacy. Further, today’s businesses are looking for ways to reassure both consumers – and other businesses in a B2B context – that any data stored with them is safe.
Helpnet Security writes that due to increasing concerns over data privacy, more advances have been made in the area of PETs (privacy-enhancing technologies), a robust category of technologies that enable, enhance, and preserve data privacy throughout its lifecycle. With a data-driven approach to security and privacy, PETs help secure sensitive data, protecting it during processing (“data in use”).
How Does It Work?
Forbes notes that PEC is a way to collaborate without sharing personal or sensitive data by allowing different parties to extract value and get actionable results from data without it ever being shared with those parties.
While the aforementioned PETs is an umbrella term, several technologies secure data while it is being used, and preserve and augment security and privacy while searches or analytics are performed. The following include a few detailed ways that show how this technology works:
- Homomorphic encryption – the most secure form, this form of encryption allows for computation in the encrypted or ciphertext space. It provides two primitive operations in this space. The first is the ability to multiply two homomorphically encrypted data or values together. Meanwhile, the second involves the ability to add two homomorphically encrypted values together so that when you decrypt the product or sum, you get a meaningful value. Further, there are two basic types of homomorphic encryption – fully homomorphic encryption, which gives both multiplication and addition in ciphertext space, and partially homomorphic encryption, which gives multiplication in ciphertext space. Both types can be built together into algorithms that enable core business functions like encrypted searches and encrypted analytics like machine learning and AI.
- Multiparty computation – this family of techniques allow multiple parties to jointly operate on data while keeping their individual inputs private. No single party is able to decode anything other than possible business outcomes.
- Zero knowledge proofs – this cryptographic technology allows for the verification of data without actually revealing any of that data.
- Trusted execution environments – these offer the weakest (and least privacy-preserving) approaches. The security of TEEs is a perimeter-based security model, yet the perimeter is very small and exists on the hardware chip itself instead of at a network boundary.
4 Examples of PEC Applications
The ability to leverage datasets to which you don’t have access opens up a world of possibilities in terms of applications. Here are just a few examples:
1. Fraud prevention
Fraudsters tend to specialize in and target multiple companies within specific industries. By leveraging PEC, companies can catch these fraudsters quickly. Further, they can identify good customers if they’re collaborating with one another to create a pool of trusted identities without sharing any personal user data.
If you work for a company that is looking to minimize the gender pay gap, you can use PEC to work with other companies in your industry and measure the situation with real data. Of course, that’s just one example, but the opportunities for data analysis are truly an exciting frontier.
3. Internal data analysis
PEC can help you perform data analysis without worrying about sharing data between brands or across different regions, such as from the U.S. to the EU. PEC gives companies the opportunity to collaborate with competitors or across borders, leveraging data directly, leading to better results thanks to more recent data.
4. Medical research
Many regulations rightfully protect patient data. However, medical research often needs to be able to gain insights from data across laws and borders. With PEC, this process becomes much easier and private.
Stefanini’s Approach to Data Security
Your data is important. We can help you keep it safe.
When your organization’s most critical data is involved, there’s no such thing as a minor breach in network security. Every hole or fault in your network leaves your information vulnerable and can be detrimental to any enterprise, which is why we take active steps to supply you with maximum network security.
We work to fortify your network boundary so your essential information will never be compromised or exposed to unauthorized users. To ensure your endpoints are secured and protected, Stefanini’s Security Services team works to manage your IT security tools, policies, processes, and security operations.
Need help protecting your assets? We have you covered. Set up a call with us today!