Confidential computing is an up-and-coming technology that’s been generating buzz over the last few months. Google has gone so far as to call it “a breakthrough technology.” Companies like Intel are firm believers of the promise this technology holds! The basic idea is that it brings confidentiality to the entire data lifecycle, guaranteeing data will be safeguarded in transit, at rest and while in use.
But how does this work and what are the use cases being developed? At Persistent, we’ve been digging into confidential computing for months now, going so far as to partner with a leading enterprise blockchain technology software company to develop confidential computing solutions, and we feel that there are two promising use cases that could change how organizations view data migration to the cloud.
But first, let’s discuss confidential computing 101.
How Does Confidential Computing Work?
The idea behind confidential computing is to secure data while it is in use. Traditionally, data is being encrypted when at rest and while in transit. For example, data is encrypted when it’s sitting in a database and also when it moves over a network connection. However, the processing phase has traditionally not been encrypted. So, when the data is in use, it’s actually quite vulnerable. How does confidential computing solve this problem?
It does so via hardware by creating a “Trusted Execution Environment” (TEE) or a secure enclave that is isolated from untrusted code, which includes the operating system and other applications running on the system. This TEE uses encryption keys that can decrypt the private data and use it in computation. While it’s in use, the code and data reside inside the secure enclave and is inaccessible to the rest of the system. The enclave contains trusted code that is previously authorized and whose integrity can be remotely verified before sending private data to it.
As this is an emerging area of research, there are new use cases popping up everywhere, but we’ve identified two that we think are particularly promising.
ML-Based Fraud Detection in BFSI
As organizations leverage machine learning (ML) to improve customer experience, optimize operations, and reduce fraud, they are still skeptical, due to security reasons, about moving sensitive and personally identifiable data to the cloud.
Confidential computing can facilitate ML software companies to offer their vertical-specific and specialized ML models as-a-service with cryptographically assured confidentiality and security of the customer data.
The data owner (e.g., banks) can integrate the remote ML-based fraud detection workflow in their existing on-premises application, safeguarded by their network controls. The model owners (e.g., software vendors) offer their fraud detection service via a secure enclave in the cloud, leveraging features like elasticity, DDoS protection, etc. This fraud prediction model is remotely attestable and verifiable by a client, enabling end-to-end trust in the system.
Driven by Machine Learning, Persistent has built a game changer technology that gives businesses cryptographically assured security & privacy over customer data! Our Confidential ML Inference Platform – is an unique Machine Learning engine built for trusted execution in the cloud, it finds application across many verticals that handle Personally Identifiable Information (PII). Powered by the latest Intel® SGX Technology, the platform has granular level protection that minimizes the attack surface of the system, thus, safeguarding sensitive customer data through a stronger encryption. Built with developer-friendly R3 Conclave, it allows us to load pre-trained ML models directly into the secure enclave for inferencing. The models may be developed in any popular ML framework like Sklearn, TensorFlow, PyTorch or H2O.ai (shown in the demo video below). Watch the demo of our Confidential ML Inference Platform to find out more!
Fighting Insurance Fraud
Another potential area of application for confidential computing is in insurance fraud.
For example, double-dipping or duplicate insurance fraud occurs when a single insurance claim is filed with multiple insurers resulting in multi-billion-dollar losses for the insurance companies annually. While duplicate claims can be easily detected by sharing claim data, data sharing does not happen across organizational boundaries due to regulatory constraints around data privacy and concerns about data sharing between competing providers.
With confidential computing, insurance providers can now collaborate and securely share the necessary attributes of claims data with each other without fear of data exposure or violation of privacy regulations.
To optimize the benefits of confidential computing for insurance providers, Persistent has built ‘Claim Protect’ – the duplicate insurance claim detection platform. This innovative platform combines latest technology like R3 Conclave and fraud risk management intelligence to share data & detect duplicate claims while adhering to stringent data privacy regulations like GDPR, CCPA, HIPAA, etc. Watch this demo to find how Claim Protect can help your enterprise!
Data in the Cloud, Secure.
While we explored the two use cases covered above in-depth, confidential computing is invaluable for any organization that handles personally identifiable data, especially when moving workloads to the cloud. We are now able to load pre-trained machine learning models directly into the secure enclave for inferencing. Secure collaborative sharing has the potential to unleash new business insights and build mutually beneficial strategies even amongst competitors, such as countering fraud. It is secure, adaptable, and flexible — a great choice for any business looking to harness the promise of confidential computing.
At Persistent’s Innovation Labs, we have the expertise to design and deploy tailor-made confidential computing solutions across a variety of industries and services that deal in sensitive data. We offer a wide range of customized Enterprise IT Security solutions. If you want to learn more about our comprehensive confidential computing offerings, please reach out to us.