TripleBlind: A Supplemental Solution to Confidential Compute and Secure Enclaves

The data ecosystem is broken. In the current market, if Company A wants to share data with Company B, it has to decrypt it, send it over the internet and then once received, Company B has to replicate it for use. Decrypting and duplicating data comes with multiple risks, including:

  • Company A cannot put any restrictions on the use of the data, 
  • Both companies face liability concerns,
  • Both companies are subjected to expensive and time-consuming contracts and negotiations,
  • And, both companies are trusting that the data will be used in a way that adheres to the Terms of Use.

Right now, the most popular solution to minimize risk for both companies A and B are secure enclaves. Secure enclaves enable confidential computing, a process that ensures different programs running on the same machine or cloud server cannot access one another’s memory, keeping data in use private. Secure enclaves act as a black box, keeping the data stored separately from other machine processes; subsequently protecting all of the data and code inside the enclave. However, secure enclaves have limitations. 

Secure enclaves store data on a public cloud, which solves issues related to keeping data safe from company employees and third-party vendors with access to the same physical hardware. With secure enclaves in place, the possibility of an intentional or unintentional breach is minimized. However, they do not solve privacy challenges from regulations like HIPAA, GDPR and other government regulations. Even with secure enclaves, the path to regulatory compliance is costly and strenuous. 

For instance, if a medical research lab wants to share patient data with a drug manufacturer using only secure enclaves, to be HIPAA compliant, the research lab has to remove the 18 PHI identifiers and be anonymized, consult third-party analysts, establish legal terms, negotiate BAA and good faith adherence to terms. Each of those steps cost money, with the last step putting the data at risk of abuse.

 

Secure Enclaves Do Not Solve Data Privacy Issues on Their Own; TripleBlind Does

As stated above, secure enclaves have been an effective solution for protecting data, but they are limited due to the fact that both the data and algorithm must be in the same physical location. TripleBlind does not have those same constraints. With TripleBlind, enterprises are not restricted by the physical location of their data or algorithm. 

By itself, confidential compute is expensive, time intensive and complex. Pairing it with TripleBlind’s Blind Data Utilization Toolbox, simplifies data regulation compliance and eliminates much of the work and cost associated with achieving data de-identification. 

 

By itself, TripleBlind can ensure compliance with any data privacy law or regulation. When combined with secure enclaves, TripleBlind creates a thorough approach to ensure sensitive data is never accessible by unauthorized users, programs, applications or companies at any stage of the data lifecycle.

 

Comparison of TripleBlind and Secure Enclaves

TripleBlind Secure Enclaves / Confidential Compute
Does not require movement of data residing in multiple locations or countries Requires data to be compiled in one place
Real time data de-identification with Blind De-Identification  No de-identification; requires manual anonymization and tokenization
Allows for easy aggregation of data from multiple sources while enforcing regulations Requires a great deal of paperwork, BAA, resources, and time
Enables data operations to occur across the world from anywhere  Does not allow operations on European data to take place from the US
Allows for keeping the raw data in the country during operations  Data must be moved so that the algorithm and the data reside on the

same server

Brings digital rights to the data – enforce any regulation into the rights that govern the data Does not enable digital rights on the data; trusted-but-curious parties can still access raw data
Easy to use via simple API  Difficult to use – requires complex lower level operations
Blind Learning protects training data leakage from the trained model  No model protection – training data leakage is still possible
Data residency compliant because raw data stays local  Does not solve data residency issues since data needs to be compiled

in one place

Keeps algorithm intellectual property secure  Algorithm can be susceptible to reverse-engineering of intellectual property & training data
Eliminates the need for data sharing agreements  Data sharing agreements are a necessity for this approach
Reduces liability for receiver of data  Even if best practices are followed, the receiver of the data has the raw data which still could be exposed
Reduces liability for sender of data  Sender of data cannot control how the receiver uses it, takes on a lot of risk
Does not address shared hardware compute concerns on public cloud  Specifically addresses shared hardware compute privacy needs on the public cloud
Enforces permissions on how the data can be used  Does not enforce permissions on how the data can be used
Maintains an auditable log of every operation done to every piece of data  Does not keep a auditable log of data operations
Does not require tokenization of data – works with unstructured (untokenizable) data Requires tokenization of data – not feasible 

with unstructured data

No limitations on operations on the data, as long as they are permissible  Accessing the GPU is difficult – training Neural Networks is a challenge
All software (no hardware dependencies) – vulnerabilities can be updated with a software patch All hardware – vulnerabilities are well known and take years to patch

Secure enclaves on their own are not enough to solve data privacy regulatory issues. Contact us today at contact@tripleblind.ai to learn about how TripleBlind provides enterprise data privacy unbounded by the physical location of the data or the algorithm.