Credit: ID 123881917 © Funtap P | Dreamstime.com
The past year has seen the focus on data security ramp up like never before. Much of the impetus has come from GDPR – the European Union’s General Data Protection Regulation, described by the political body as ‘the most important change in data protection regulation in 20 years’.
And it’s easy to see why GDPR has made every-one sit up and take notice of data protection. Failing to protect the data of customers and citizens incurs a very hefty financial penalty – and that doesn’t include the cost of fixing the problem and the reputation damage. Falling foul of GDPR means one of two potential fines: Up to €10 million, or 2% annual global turnover – whichever is greater; or up to €20 million, or 4% annual global turnover – whichever is greater. For global companies that report billions of dollars in annual turnover, this would represent an unprecedented financial blow.
Unsurprisingly, this has led to renewed interest in how data can – and should - be used without compromising its privacy and security. The problem that has plagued users, though, is that stringent new laws to protect individuals’ data privacy means stripping away the identifying characteristics that make it useful and valuable. Companies look for patterns in personal data to come up with better, more personalised and appealing products and services. Detailed information on potential and existing customers can give an organisation the edge over a competitor fighting for the same business. Similarly, governments, researchers and academics need detailed information to plan service delivery, or prepare for flu outbreaks, for instance.
Organisations in both the public and private sectors have been collecting data for years, and now have access to enormous troves of information on customers and citizens. While most organisations house their data in a responsible way – protected by encryption – it still needs to be decrypted before any analysis can be run on it. And this is where the Achilles heel of data analytics emerged – and why new laws like GDPR were needed. Data became vulnerable to breaches, hacks and theft when it was put into a state where it could be analysed.
While most agree that the new constraints on how data is used and shared were necessary, the downside is that the very information organisations need to deliver products and services is now denied them by the law.
One of the most promising solutions to this uncomfortable predicament is homomorphic encryption, and it’s attracting a lot of attention from some of the biggest tech players in the world. While relatively new to the mainstream debate, homomorphic encryption has been around for decades, but was rarely discussed outside the relatively narrow confines of academia and advanced tech labs doing pioneering research.
If you already know about homomorphic encryption, you’ll know why it’s a big deal in the context the challenge facing data owners. If you’re reading about homomorphic encryption here for the first time, it’s the technology that allows any user to run analytics on encrypted data without having to decrypt it first.
It sounds simple, right? And almost obvious. So why, given the technological advances in the past few decades, has it taken so long to develop the ability to analyse data in an encrypted state. While academics have tinkered with the tech for half a century, it’s only become commercially viable in the very recent past due to processing power limitations and constraints on the size of data sets that could be analysed.
But that has all changed, and homomorphic encryption is now a real, commercial consideration that is gaining traction. Some of the world’s largest technology companies have initiated programs to advance homomorphic encryption to make it more universally available and user-friendly.
Microsoft, for instance, has create SEAL, a set of encryption libraries that allow computations to be performed directly on encrypted data. Powered by open-source homomorphic encryption technology, Microsoft’s SEAL team is partnering with companies like IXUP to build end-to-end encrypted data storage and computation services. Companies can use SEAL to create platforms to perform data analytics on information while it’s still encrypted, and - just as important -the owners of the data never have to share their encryption key with anyone else.
Google is the latest of the technology giants to announce its backing for homomorphic encryption. In June it unveiled its open-source cryptographic tool, Private Join and Compute. Like other players working on making homomorphic encryption widely available and commercially viable, Google’s tool is also focused analysing data in its encrypted form, with only the insights derived from the analysis visible, and not the underlying data itself.
The implications are meaningful. With more investment and open-source resources deployed into making homomorphic encryption a ubiquitous technology, the thorny problem of using data, without exposing it, is set to become a thing of the past. From a commercial standpoint, this will benefit companies – especially those that own and rely on massive data sets.
For this reason, the financial services sector is likely to be a key investor in homomorphic encryption technology, given the extent to which data powers and underpins their business models. In particular, retail banks and large life insurance companies will be able to uncover even more granular insights and detailed consumption patterns from the decades of data they’ve been collecting – and all without ever revealing the personally identifiable information of each customer.
They’ll be able to collaborate with other organisations in different sectors, like the retail industry for example, to find new insights from cross-referencing their respective customer data sets. While this inevitably means these organisations will profit commercially and financially, consumers will also benefit. Companies will create products and services that cater increasingly to individual needs and requirements.
Competing players in the same industry – such as banks – will be able to share their data with industry bodies to create more detailed reports on trends and patterns in their sector.
Other sectors and industries beyond finance stand to advance from widescale use of homomorphic encryption. Think about the opportunities it offers to healthcare providers – public and private - to provide better drug therapies and medical services by being able to analyse private patient data without exposing any sensitive information. This would create a more efficient and cost-effective healthcare system that responds more rapidly to the needs of the public.
Deployed across the economy, homomorphic encryption could help policymakers predict, respond to and plan economic interventions for the good of the entire country.
The opportunities arising from homomorphic encryption are almost endless. And perhaps one of the most exciting aspects is how it combines the need to protect privacy with the need to provide more detailed analysis. Homomorphic encryption has transformed an Achilles heel into a gift from the gods.
Peter Leihn, CEO, IXUP.
IXUP is an encrypted data collaboration platform that enables sharing and analysis of data sets from multiple sources with 100% control, security and privacy. The platform connects data from multiple sources and encrypts it at every step in the process - in use, in transit and at rest. IXUP is the first company in the world to offer a homomorphic encryption-powered secure data analytics platform to any user, in any environment. IXUP has the product and an entire governance system.