TripleBlind: A Supplemental Solution to Confidential Compute and Secure Enclaves
The data ecosystem is broken. In the current market, if Company A wants to share data with Company B, it has to decrypt it, send it over the internet and then once received, Company B has to replicate it for use. Decrypting and duplicating data comes with multiple risks, including:
- Company A cannot put any restrictions on the use of the data,
- Both companies face liability concerns,
- Both companies are subjected to expensive and time-consuming contracts and negotiations,
- And, both companies are trusting that the data will be used in a way that adheres to the Terms of Use.
Right now, the most popular solution to minimize risk for both companies A and B are secure enclaves. Secure enclaves enable confidential computing, a process that ensures different programs running on the same machine or cloud server cannot access one another’s memory, keeping data in use private. Secure enclaves act as a black box, keeping the data stored separately from other machine processes; subsequently protecting all of the data and code inside the enclave. However, secure enclaves have limitations.
Secure enclaves store data on a public cloud, which solves issues related to keeping data safe from company employees and third-party vendors with access to the same physical hardware. With secure enclaves in place, the possibility of an intentional or unintentional breach is minimized. However, they do not solve privacy challenges from regulations like HIPAA, GDPR and other government regulations. Even with secure enclaves, the path to regulatory compliance is costly and strenuous.
For instance, if a medical research lab wants to share patient data with a drug manufacturer using only secure enclaves, to be HIPAA compliant, the research lab has to remove the 18 PHI identifiers and be anonymized, consult third-party analysts, establish legal terms, negotiate BAA and good faith adherence to terms. Each of those steps cost money, with the last step putting the data at risk of abuse.
Secure Enclaves Do Not Solve Data Privacy Issues on Their Own; TripleBlind Does
As stated above, secure enclaves have been an effective solution for protecting data, but they are limited due to the fact that both the data and algorithm must be in the same physical location. TripleBlind does not have those same constraints. With TripleBlind, enterprises are not restricted by the physical location of their data or algorithm.
By itself, confidential compute is expensive, time intensive and complex. Pairing it with TripleBlind’s Blind Data Utilization Toolbox, simplifies data regulation compliance and eliminates much of the work and cost associated with achieving data de-identification.
By itself, TripleBlind can ensure compliance with any data privacy law or regulation. When combined with secure enclaves, TripleBlind creates a thorough approach to ensure sensitive data is never accessible by unauthorized users, programs, applications or companies at any stage of the data lifecycle.
Comparison of TripleBlind and Secure Enclaves
| TripleBlind | Secure Enclaves / Confidential Compute |
| Does not require movement of data residing in multiple locations or countries | Requires data to be compiled in one place |
| Real time data de-identification with Blind De-Identification | No de-identification; requires manual anonymization and tokenization |
| Allows for easy aggregation of data from multiple sources while enforcing regulations | Requires a great deal of paperwork, BAA, resources, and time |
| Enables data operations to occur across the world from anywhere | Does not allow operations on European data to take place from the US |
| Allows for keeping the raw data in the country during operations | Data must be moved so that the algorithm and the data reside on the
same server |
| Brings digital rights to the data – enforce any regulation into the rights that govern the data | Does not enable digital rights on the data; trusted-but-curious parties can still access raw data |
| Easy to use via simple API | Difficult to use – requires complex lower level operations |
| Blind Learning protects training data leakage from the trained model | No model protection – training data leakage is still possible |
| Data residency compliant because raw data stays local | Does not solve data residency issues since data needs to be compiled
in one place |
| Keeps algorithm intellectual property secure | Algorithm can be susceptible to reverse-engineering of intellectual property & training data |
| Eliminates the need for data sharing agreements | Data sharing agreements are a necessity for this approach |
| Reduces liability for receiver of data | Even if best practices are followed, the receiver of the data has the raw data which still could be exposed |
| Reduces liability for sender of data | Sender of data cannot control how the receiver uses it, takes on a lot of risk |
| Does not address shared hardware compute concerns on public cloud | Specifically addresses shared hardware compute privacy needs on the public cloud |
| Enforces permissions on how the data can be used | Does not enforce permissions on how the data can be used |
| Maintains an auditable log of every operation done to every piece of data | Does not keep a auditable log of data operations |
| Does not require tokenization of data – works with unstructured (untokenizable) data | Requires tokenization of data – not feasible
with unstructured data |
| No limitations on operations on the data, as long as they are permissible | Accessing the GPU is difficult – training Neural Networks is a challenge |
| All software (no hardware dependencies) – vulnerabilities can be updated with a software patch | All hardware – vulnerabilities are well known and take years to patch |
Secure enclaves on their own are not enough to solve data privacy regulatory issues. Contact us today at contact@tripleblind.com to learn about how TripleBlind provides enterprise data privacy unbounded by the physical location of the data or the algorithm.