Shared from the 6/30/2022 Financial Review eEdition

A game changer in data management

Picture

The volume of data that is being created and used continues to grow exponentially. In 2020, the world produced 64.2 zettabytes of information with that expected to triple by 2025. At the same time, there has been an increased focus on data protection and privacy that has resulted in encryption becoming the default for the storage and transmission of data.

The convergence of these two trends has created new challenges for organisations. Everything from digital transformation efforts and the growth of open data and online gaming to the increased oversight by regulators when it comes to the protection and use of personal data relies on the ability to understand data from multiple sources. But when that data is encrypted, the ability for it to be read and used can be hampered.

Encryption’s purpose is to prevent the unauthorised use of information. This makes sense when data is being stored and moved. But what about when we want to use it? The typical approach has been to decrypt data when it needs to be transacted or analysed.

“Encryption has significantly reduced the risk of doing business online at scale, improving productivity while also protecting sensitive commercial and personal information,” explains Dr Paul Coe, the chief technology officer of Sydney-based secure data management firm IXUP. “But when we want data to be put to work it needs to be decrypted so that computers can transact, compute, analyse or report on that data. This is the weakest link in your data security chain but it’s also where we turn data into real business value.”

With about 70 per cent of the world’s GDP digitised, securely managing data through the entire value chain is critical. That means industries as diverse as governments through to esports need to find ways to gain value from encrypted data. This is what homomorphic encryption makes possible. It is an enabler of consumer data rights, business integrity, compliance and social impact, allowing encrypted data to be securely computed, analysed, processed and reported on.

Encryption uses a public key to encrypt data so only someone, or a machine, with a matching private key can decrypt the data. Homomorphic encryption – “homomorphic” means “same shape” – uses algorithms to maintain the relationships between elements in data, which in turn, allows for encrypted computation. This supports businesses in their governance, risk and compliance (GRC) obligations as they can share and process data without weakening security.

Coe says: “The resulting computations are also encrypted and can only be revealed using the secure, private key. This level of security means value can be added to data sets without compromising the integrity or privacy of the source data. The enriched data can be tracked, traced and audited, ensuring a continuous chain of custody, building trust and provenance at the same time.”

With environment, social and governance (ESG) now a major issue for boards, and increasing oversight from regulators all over the world, ensuring the confidentiality and integrity of data is vital. Homomorphic encryption is a game-changer that will enable organisations to protect data through its entire value chain at scale and in a form that supports large batch processing or real-time transaction processing, but organisations need to invest in the right tools and work with experienced partners.

As more organisations use public and private cloud solutions, privacy enhancing technologies like homomorphic encryption will become increasingly important.

For example, an organisation may choose to store an encrypted, sensitive data set on a cloud service and perform some calculations with that data. At no point does the operator of the cloud service decrypt the original data or the result of the calculations. Both the actual calculations and the result remain encrypted and can only be accessed by someone with the decryption key.

As data privacy legislation becomes more prevalent – Gartner says that by 2023, 73 per cent of the world will be subject to privacy rules such as the European Union’s General Data Protection Rules, the Australian Privacy Principles and others – ensuring the confidentiality and integrity of personal data through the entire value chain is a significant compliance issue.

Securing private information has, up until now, been the responsibility of each organisation, but these regulatory changes are extending that responsibility across enterprises and industries – and businesses are needing to turn to privacy-enhancing technologies to fill the gap.

For example, IXUP is collaborating with Microsoft to enhance the privacy of gaming operators and sporting bodies to protect vulnerable gamblers. By ensuring information such as self-exclusion data remains safe at all times, gamblers will be able to protect themselves from the effects of gambling while enabling service operators to ensure vulnerable people are kept safe.

This was the first implementation in the world of homomorphic encryption technology turning a privacy challenge into a social impact benefit.

“Homomorphic encryption is vital for protecting privacy. This is a goal that we should all aspire to,” says Coe.

Organisations are under increasing pressure and scrutiny to ensure they protect sensitive data. Homomorphic encryption enables them to maintain security even when using data. The days of needing to decrypt data to extract value from it will be behind us as this proven technology helps keep personal data private.

See this article in the e-Edition Here