Using Homomorphic Encryption to Secure Your Cloud Computing Data
By Ameesh Divatia, CEO and co-founder | July 29, 2019
Homomorphic encryption continues to entice cryptographers and academics. But is this technology ready for widespread deployment in enterprise environments? Our CEO and Co-founder Ameesh Divatia contributed his thoughts on the topic in a recent Dark Reading article. Today we continue our Homomorphic Encryption Explored series with a look at how the technology relates to securing data in the cloud.
In my last blog post, I reviewed the key differences between homomorphic encryption and secure multiparty computation (SMPC). In this post, we will review how homomorphic encryption capabilities can be used to protect data IN the cloud while still enabling privacy-preserving analytics to occur.
Up in the Clouds
It’s no secret that cloud computing has taken the world by storm. IDC predicts global spending on public cloud services and infrastructure will hit $210 billion in 2019 alone. The market is expected to hit $370 billion by 2022 (a compound annual growth rate of 22.5%). Customers and end-users clearly enjoy the guaranteed uptime, scalability, flexibility and reduced operating costs that cloud computing services bring.
Current cloud security practices, however, are focused more on securing the infrastructure and configuration management of the cloud versus securing the data in the cloud. Is homomorphic encryption the answer? How should enterprises think about protecting data and their workflows in the cloud?
Homomorphic Encryption and Cloud Computing
When it comes to homomorphic encryption, there is no difference between moving your workloads to Amazon’s AWS, Microsoft Azure, Google Cloud Platform or any other cloud service.
Instead, generally speaking, your goal is to push for a data-centric security model in your organization – an overall data security standard that protects data while still allowing for analytics to be run against your data. This capability is important, as enterprises in highly-regulated industries look to mine their data for intelligence or find ways to sell business and industry insights without violating privacy regulations and confidentiality contracts.
While homomorphic encryption can provide capabilities to run analytics on data without decrypting the values, it doesn’t come without costs. It has severe performance penalties and has limitations on the types of queries or analytical functions that can be run. This means that while the functionality that it offers for data scientists and analysts is intriguing, it may not meet the minimum bar for business requirements.
One benefit in Baffle’s SMPC approach is that it can support ad hoc queries and any mathematical function to operate on data securely, all without requiring any application modification. Further, SMPC can operate millions of times faster than most homomorphic encryption operations.
Putting it All Together
As I mentioned in my first blog, homomorphic encryption has made a lot of progress over the years, but it still falls short in terms of practical, real-world implementations. As mentioned above, it has significant disadvantages in that it can require either application modifications or specialized client-server applications in order to make it work functionally. Either of these would substantially increase your total cost of ownership, and still, don’t address the performance penalty that you will incur. You’re not likely to find this in glossy marketing materials from vendors claiming they can support privacy-preserving analytics.
Baffle provides a strong alternative that can deliver “homomorphic-like” functionality and may be able to address your analytics requirements. Our approach has been proven at-scale, is more performant and does not require developer engagement to deploy it. This means you’ll save on resources and be able to deliver on business requirements at the speed that your stakeholders are demanding.
Want to learn more? Watch our 90-second video on how Baffle can operate on encrypted data without any application code modifications and still preserve application functionality, or request a demo with one of our experts.
The Whole Series: