In the world of business, data is often a firm’s most valuable asset. But the privacy mechanisms that protect your company’s data haven’t really changed or been substantially improved upon in years.
For Richard Gendal Brown, Chief Technology Officer at enterprise software firm R3, all firms still share the same basic underlying data security challenge: you can’t trust somebody else’s computer. Here Richard looks at the concept of confidential computing and explains how it is paving a new era of privacy in data sharing.
Sure, protocols such as HTTPS ensure that nobody can intercept your private information as it flows back and forth between your computer and the data centre of the website or service you’re using. But the technology has never existed to guarantee your data is protected once it arrives at that data centre – and in the increasingly digital world of business, this situation is no longer acceptable.
Traders, for example, want to buy and sell stocks for the best prices in the most liquid venues. But they don’t want the operators of those venues using their orders to trade against them.
Imagine a bank that operates a dark pool. As a buyer or seller, you can send a bid or offer to the bank and be assured that you won’t be revealed to other participants. Your trade will be successful only if it’s matched with a counterpart, but the act of buying or selling doesn’t move the market unintentionally.
This is a low-risk way to test the market – but you’re sending data to the bank and it can do whatever it wants with it. The only real protection is the bank’s privacy policy and its reputation as a trusted institution – and there have been some very high-profile examples of front running in this scenario.
But imagine now if a bank actively gave up its freedom to see your data. Isn’t it possible it would very quickly grow its market share?
Likewise, imagine multiple institutions being able to share all their transaction data to a third party via an anti-fraud solution and the third party being able to analyse it for fraud patterns without actually seeing any of the sensitive data. Would they not quickly become a market leader?
These scenarios are no longer hypothetical. Enter Confidential Computing.
Extracting insight with privacy
As the enterprise world continues to go through a period of unprecedented digital transformation, driven in large part by the adoption of blockchain technology, firms are increasingly collaborating at a market level – but not everyone’s records always need to be synchronised.
The challenge in this scenario is to bring together data to extract insight but without anybody seeing anybody else’s information – and this is what Confidential Computing is able to achieve for the first time. And so, the combination of these two innovations enables collaborative data processing without giving up privacy.
The technology makes it possible to check what programme is running on somebody else’s computer before you send your information, and to be sure that the owner of that computer can neither influence nor observe what’s happening.
This seemingly simple premise is in fact so revolutionary that it is to utterly transform how we think about data security. Those who master it today will enjoy an amazing period of competitive advantage, when they’re the only ones in their industry who can make data security promises to their customers that their competitors could only dream of.
These firms and their customers and competitors will be able to benefit from the collective intelligence that arises when multiple sets of data are brought together, whilst simultaneously being assured that their own data is concealed from everybody else, including whoever is hosting the service.
The demand for the data privacy and security offered by Confidential Computing extends far beyond just the banking sector. In fact, you can find similar problems everywhere you look. For example, insurers who need to share information about fraudulent claims without breaching confidentiality rules; participants in online auctions who don’t want the auctioneer to exploit knowledge of how much they’ll pay; patients who’d like to contribute their records to help fight a disease but who would be devastated if information about their disease became public. The list goes on.
Any situation where you have to give up valuable data in order to receive some broader valuable insight back in return is an example of where Confidential Computing – often in tandem with blockchain – can transform a critical industry challenge.
You could call it “collective intelligence from concealed data” – and 2021 will be the year it enters mainstream enterprise IT, enabling businesses in all industries to start securing data even when in use.
