If you’ve ever watched a toddler with a toy attempt to share then you know how hard it is to teach and create a culture of sharing. It starts with acknowledgement that the toddler has something it wants to play with but that another kid also wants to use. After spending enough time on playgrounds watching, you can see that some kids are comfortable giving their toy to another kid, or playing together, while others can’t grasp the concept. This isn’t a commentary on parenting or a suggestion there’s anything wrong with the kids - all kids learn at their own pace - but rather an observation on how sharing is hard to instill!
In the toddler example, there is no threat of fines from a privacy violation, or millions in lost revenue by violating customer trust - it’s a toy truck that may get broken…very high stakes! Now, consider large organizations that have lots of data sitting in silos but that are concerned about security, privacy, governance, and political risk for enabling others to use that data - it’s hard!
The methods used today for sharing only address some aspects of enabling sharing in a useful way. For example, internal systems that require bureaucratic signoff are cumbersome and can take weeks before a data scientist gets the access they need. By that time, the project could have stalled already so it’s time and money wasted. Similarly, tokenization and anonymization can be useful for some use cases, they remove linkability which is useful when making comparisons across disparate datasets. However, these solutions, and many others, are expensive, slow, and inefficient - three words any shareholder hates to see.
Enter, CipherMode Labs…CipherMode enables secure data sharing by enabling analysis - AI inference, training or business analytics - on encrypted data without decryption to preserve privacy of the underlying data. Using secure multiparty computation, CipherMode provides cryptographic guarantees of data confidentiality while still enabling the end user to extract value from the data as if it was plaintext. Sure, this sounds backwards in the world of data-at-rest encryption where the data is reduced to garbage, and in our case, we aren’t inventing new crypto…Rather we’ve drastically improved performance (orders of magnitude faster than other solutions) and created a system that requires no cryptographic knowledge so CipherMode is transparent to the data scientist or analyst with minimal performance overhead. Cool, right?!
So, now that there’s a solution to securely share data internally between business units or externally with partners, consortia, or really any organization, what can be achieved?
Really, the use cases are endless. We actually envision a world where over 95% of analysis is done on encrypted data to realize the principle of Zero Trust (topic of a future blog post so stay tuned!) and protect consumers from privacy breaches. This is a realistic goal by using tools like CipherMode. Back to use cases, sorry!
One classic use case that is widely discussed in the privacy-enhancing technologies (PETs) industry is anti-money laundering and fraud detection. If Jesse is laundering money in various banks, an individual bank may not see a pattern so they’d be in the dark about potential crime. However, if banks could share data that allowed models to analyze transactions across datasets, then they’d find a higher percentage of fraudulent transactions which are expensive for the bank so this would save significant money. In our own tests, we can train a global model to be 10-25% more accurate than a local model trained on a single dataset. That translates to millions in savings if a bank can capture 10% more fraud.
This same capability can be expanded to healthcare as well. Think about rare disease diagnosis. Today, a highly trained physician needs to read patient charts and x-rays to diagnose rare diseases, yet this could be done by a computer-vision model to free-up the doctor to focus on treatment, instead. The catch though, is that an individual hospital may not have enough data to train a model, and in a stringent regulatory environment, accessing data from other hospitals to train the model is challenging. In comes CipherMode to enable the model training on encrypted data so that the data is protected at all times yet all hospitals can now benefit from the diagnostic capabilities of the jointly-trained model.
A final use case that is top-of-mind for many CISO’s is data minimization. Today, to share data, an organization does an ETL to make a copy of the data and uses SecureFTP or other secure file transfer tools to transmit the data for a 3rd party to use. What has happened is a new copy of the data is created and sent outside of the enterprise and outside of the CISO’s control plane. Hopefully there are contractual protections in place to limit risk for the data owner, but nothing technical exists to protect the data. Until now…CipherMode is a data minimization tool that still enables third parties to securely use data but without the need for copies. Third parties can run any analysis on the data, while encrypted so it’s protected, yet they don’t take ownership of the data since it still resides with the data owner which will keep the CISO happy as they maintain control of their data.
In conclusion, CipherMode offers four key business value points”
- Access to more data: only encrypted data is ever used so getting access is significantly easier than it is today
- Faster time-to-sight: Today it can take weeks to get access to data. With CipherMode, weeks turn into days since only encrypted traffic is ever shared
- Improve Model Accuracy: More data means better trained models. Experience 10-25% increase in model accuracy by using CipherMode
- Data minimization: Plaintext data is no longer copied in many locations. Organizations will have a single copy of the sensitive data
If toddlers had access to a tool like CipherMore, the playground would be a much calmer, more productive environment for kids to play! Since this doesn’t exist, at least organizations can learn to share in a more secure, privacy-centric way.
Please reach out if you’d like to learn more: