Future-proofing big data security
- By Riddhiman Das
- Feb 05, 2021
Enterprises are continuously seeking out ways to operate more efficiently, and improving how they leverage and monetize the vast amounts of data they possess is one critical strategy they pursue. IBM estimates that enterprises fail to utilize 93% of the data they possess due to privacy and regulatory issues. Government faces a similar problem. Teams often fail to share data due to concerns about breaches or misuse. Current solutions have proved cumbersome and inadequate -- forcing agencies at the federal, state and local levels to operate less efficiently. For governments to share data safely, they need technology that enables them to gain new insights faster into how to better serve taxpayers and constituents, while keeping the data encrypted. New technology advances offer a solution that is easy to deploy, relatively low cost and works with most government entities’ current infrastructure.
Today’s solutions miss the mark
Today, government teams have three options for attempting to share data, all of them are far from optimal:
- Complex legal contracts often contain terms so limiting that they don’t allow government teams to collaborate effectively. In addition, creating these agreements is typically expensive and requires months to complete.
- Data anonymization/de-identification is hard to execute well. It is ineffective if it doesn’t meet three criteria: individualization (it must not be possible to identify an individual), correlation (it must not be possible to cross-check multiple data sets to identify an individual) and inference (it must not be possible to deduce information about an individual from the data set).
- Other technologies: homomorphic encryption is a slow process that dramatically taxes compute performance, especially problematic given that many government computer systems are not up to date. Differential privacy introduces inaccuracies to the eventual calculations. Secure enclaves are hardware dependent, susceptible to known hacker attacks and difficult to update.
New solutions open new doors
There is a new generation of technology solutions emerging based on mathematically enforced cryptography that doesn’t rely on laws or outdated technology, but rather on privacy that is built into the protocol. These solutions “build in” privacy preservation and give government teams the keys to either lock or unlock their data as they see fit.
However, not all mathematically enforced privacy solutions are alike, and government IT teams researching these solutions must ensure the technology includes all of the following capabilities:
- It should employ a blind processing pipeline through which sensitive data is privately aggregated from disparate sources and encrypted, after which the solution privately explores, selects and preprocesses the relevant features for training. It then has to privately process the encrypted data for results.
- No raw data should ever be exchanged anywhere in the pipeline, and no data must ever be allowed to be decrypted or replicated.
- The intellectual property in the algorithms used on the data must be kept safe from reverse engineering attempts by attackers.
- The parties cannot regenerate any of the original training dataset for neural networks.
- Digital rights management has to be a priority. There must be fine-grained control of the data from every party involved. Every byte must have digital rights associated with it to provably ensure that it can’t be abused.
- It must be built for the future so it retains these capabilities even as technology advances.
When compared to other approaches like federal or split learning, this blind pipeline approach offers the highest privacy and security, lowest computational load, and the lowest communication overhead with no one ever seeing the entire model.
Mathematically enforced privacy offers a wide range of benefits to understaffed and underfunded government IT teams:
- The solution can be deployed quickly, often in a matter of a few days or weeks.
- It is relatively low cost compared to the other solutions available today.
- Because it does not overly tax system infrastructure, mathematically enforced privacy does not require teams to update or replace existing systems.
- It unlocks as much data as government teams want to use efficiently and safely with no opportunity for breaches or misuse.
Government IT teams eager to improve the performance of their operations by leveraging the data they possess more effectively now have a new solution available that will help them meet the information challenges ahead.
Riddhiman Das is co-founder and CEO of TripleBlind.