Accenture: Secure data sharing - without the risks
Trust is the key stumbling block to data sharing, according to a report from Accenture who highlight how organisations can maximise collaboration through secure data sharing without the fear of losing their competitive advantage.
A new family of Privacy Preserving Computation (PPC) techniques will allow data to be jointly analysed between parties without the fear of risk, according to a report from Accenture which outlines how these four techniques can be used across different industries including healthcare.
“PPC techniques open many new opportunities for enterprise collaborations that were not previously possible due to risk or regulation,” claims the report, Maximize collaboration through secure data sharing.
The need to share data is reflected in a recent Accenture C-suite survey in which 36% of executives said the number of organisations they had partnered with had doubled or more in the last two years. It also revealed that 71% of executives predict the volume of data exchanged with ecosystems will increase in the future.
But there are two main hurdles organisations need to overcome before feeling confident about sharing data:
- Trust remains elusive
- The risk of sharing data is disproportionally higher than the potential value of sharing data – even in the presence of trust
The PPC techniques address these two key barrier points by allowing data to be jointly analysed without sharing all aspects of that data. “By doing so, companies can gain back control of their data and the risks associated with sharing it, even when used beyond their borders,” says Accenture.
What are PPC techniques?
PPC techniques are a family of cybersecurity techniques that look at how to represent data in a form that can be shared, analysed and operated on without exposing the raw information.
According to Accenture, encryption techniques often form the core of how PPC techniques provide these capabilities, but here they are used in a slightly different way.
“PPC techniques use encryption differently to provide a mechanism to share data with other parties while limiting how or where the other parties can access the data, what parts of the data they can see, or what they can infer from the data,” says the report.
This can be done by one or more of the following:
- Control the environment within which the data can be operated on
- Obscure the data to protect the privacy of the data and remove identifying traits
- Provide a way to allow the data to be operated on while encrypted
“You could think of this as cooking a meal without seeing the ingredients or doing a jigsaw puzzle without seeing the picture of the intended outcome.”
Four of the primary PPC techniques highlighted in the report are:
- Trusted execution environment
An environment with special hardware modules that allow for data processing within hardware-provided, encrypted private memory areas directly on the microprocessor chip only accessible to the running process.
- Differential privacy
A data obfuscation mechanism - often used with other traditional anonymization - that allows broad statistical information to be gathered from data without the specifics of individual items being exposed.
- Homomorphic Encryption
A technology that enables computation on encrypted data without the need to decrypt it first.
- Secure Multi Party Computation (MPC)
A technology that provides a mechanism that allows a group to share the benefits of combining their data to create useful outputs while keeping their source data private.
“While these PPC techniques and technologies are still new, they are rapidly maturing and are now at a point where they can be used in real business use cases,” comments Accenture who focus on industries from Google to the Danish Sugar Company and Kara who are maximising the benefits of secure data sharing with their partners and consumers.
According to Accenture there are also emerging opportunities to disrupt existing markets through the combined effect of PPC techniques and other technologies like blockchain and Internet of Things (IoT).
One example is sighted as MyHealthMyData (MHMD), an EU-funded project, which is looking at how to share anonymised data for medical care, research and development, while giving people ownership over their health data. To perform this secure function the platform combines blockchain, smart contracts, dynamic consent and a suite of data privacy and secure analytics tools including Homomorphic Encryption and MPC.
“Beyond the traceability and control of data considerations, these technologies enable partners to work in a decentralised way, giving them the opportunity to jointly investigate common or shared business issues. Companies are also able to apply Artificial Intelligence and improved analysis methods to datasets that they had not previously had access to. This means collaborations with external parties - even competitors - are now possible, and in some cases, well underway,” concludes Accenture.