Secure Enclaves

It has become a common practice to process large volumes of sensitive data to unlock groundbreaking insights and train valuable artificial intelligence systems. This requires securing both the data and the often-proprietary algorithms used to process it. Organizations are in a race against malicious actors when it comes to protecting sensitive information by using the latest techniques and technology.

On top of protecting data, organizations also need to protect their networks and novel algorithms. Security measures need to go beyond on-premises assets, to include any operations based in the cloud. Companies also need to approach third-party collaborations with caution, as well as follow all applicable regulations.

One emerging approach to keeping data and algorithms secure is through the use of secure enclaves. A secure enclave refers to hardware-level protection that isolates sensitive assets from other users or programs running on the same machine or cloud server. This is typically accomplished by coding security-related instructions into a separate secure enclave processor that handles the sensitive data and performs the processing. A secure enclave is capable of receiving data that has been encrypted for secure sharing and decrypting it on the fly. With data inside the enclave, it is able to be decrypted and at that point any operation can be run on it (e.g.- find the average). 

Using a completely isolated memory and hard-coded decryption keys, a secure enclave does not allow the host to access it during typical processing. This approach is designed to be secure even if the operating system or root user is compromised.

Some secure enclave systems offer an additional layer of security by using a process called attestation. This process confirms that a CPU targeted for data processing is a genuine secure enclave and the processing application hasn’t been corrupted. 

Big Tech’s Secure Enclave Security Options

Secure enclaves are a popular technology, and two of the biggest tech companies on the planet — Apple and Intel/AMD — offer hardware implementations for secure enclaves.

The Apple system uses physical separation between the main CPU and a secondary processor located in a different section on the motherboard. The Intel/AMD system uses extended CPU coding and trusted hardware to host both the data and the processing software. Both approaches are designed to protect both the data and computation. Each system is focused on different development types, speeds, scalabilities, and security needs.

Limitations of Secure Enclaves

Secure enclaves security is effective at minimizing the risk of intentional or unintentional data breaches. However, there are also concerns about vulnerabilities, data access, and logistics.

One of the most concerning issues with using secure enclaves is that identified hardware vulnerabilities can take years to patch, and in some cases, the hardware may not be patchable at all, unlike software which can be updated in near real-time over the internet. Recently, security researchers identified a major vulnerability in Apple’s secure enclave processor that they determined to be unpatchable. The vulnerability was related to a memory controller that manages the scope of the secure enclave’s memory use. According to reports, an attacker could exploit this memory-related vulnerability to acquire data that would otherwise only be accessed by the secure enclave.

Secure enclaves also do not enable digital rights on the data. A trusted data partner could still access raw data, possibly using it for unauthorized purposes. For instance, if a research lab wants to provide patient data to a pharmaceutical company, it must negotiate an agreement and trust adherence to terms; which adds significant logistical overhead to data sharing and access. 

In addition to security vulnerabilities, secure enclaves do not address some privacy concerns and regulations. Organizations looking to remain compliant with regulations like the General Data Protection Regulation (GDPR) in Europe and the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. must take significant extra measures to ensure compliance. For example, if a research clinic wants to share sensitive data with a drug maker using a secure enclave system, the clinic first has to remove personally identifying information, anonymize the data, agree to legal terms and take other compliance-related steps. Secure enclaves do not reduce the burdensome tasks involved in preparing data for transmission and consumption.

There are also logistical concerns related to the use of secure enclaves. This approach to data security requires data to be compiled in one place before processing. Furthermore, both the processing algorithm and the data must be located on the same server. This scenario raises data residency issues and complicates the processing of European data by U.S.-based organizations. Finally, secure enclaves can be challenging to use for teams that do not have an API ready for data science applications.

A More Comprehensive Approach

While secure enclaves provide a significant degree of privacy and security, additional measures can make for a more comprehensive approach.

The TripleBlind Solution can address many of the limitations associated with secure enclaves, such as:

• Well-known vulnerabilities that can take years to patch
• Issues surrounding data residency and digital rights management
• A high level of administration and red tape that must be addressed
• The need to move data to a server containing the processing algorithm
• The need for tokenization of data

Now, consider the following benefits of TripleBlind:

• TripleBlind avoids the patching and update challenges associated with hardware. Our software-based approach is more flexible and better positioned for technological evolution.
• TripleBlind allows data providers to keep their data behind a firewall. This feature addresses many of the concerns associated with data residency and regulatory compliance. It also addresses the issue of digital right management.
• TripleBlind does not require the tokenization of data. This means a more efficient process and it allows for the sharing of unstructured data, such as genomic data.
• TripleBlind allows for multiple data partners from around the world to collaborate on the same initiative. These features reduce costs and complexity while unlocking the intellectual property value of sensitive data.

If you would like to learn more about our comprehensive approach to data privacy, please contact us today to schedule a demo.