KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
This presentation is really a deeper dive into one of the areas in my previous presentation, which was a cloud for all seasons. And to repeat the anecdote that I started off that previous presentation with, which was that in April the 27th, 2021, the Portuguese data protection authority gave the Portuguese census office 12 hours to stop using an American cloud service provider. And that came from a set of things which I'm going to describe here.
And it could have been overcome had the cloud, the, the, the, the tenant, the Portuguese census office been doing things slightly differently and confidential computing is the essential thing that you need in order to be able to use a cloud that you cannot trust.
So, to repeat what we talked about in the first place that in July, 2020, there was a judgment by the European court of justice, which is known as the Shrems to judgment, which came because an activist and Austrian law student called Maxim and shrimps was complaining that an American social media platform was moving his data into the us, where it was not secure.
And the result of that judgment was that processing data processing personal data in the cloud is not permitted unless it is protected that the standard contractual clauses, which are the systems that the legal structures, which the cloud service providers try to persuade you, that the way they treat data is okay, were considered by the ECJ not to be sufficient. And that what was required was supplementary technical measures.
Now, remember, I'm an Analyst, not a lawyer, if you're in any doubt about how this applies to you see your attorney now, from the perspective of us as technologies, the supplementary technical measures, which came from the European data protection board, which were published in November, 2020, basically specify that there are three or four technical measures that you need to apply to your data.
If you are going to be able to process it within the, the remit and within the bounds, without set by the general data protection regulation, the first of them, everyone understands is encryption, but it must be strong state of the art encryption of data in transit and at rest. And if you are going to use those, you have to keep the keys within the EU. And this is talking about exporting data from the EU into what is known as a third country.
The second approach is pseudonymization and pseudonymization is a form of multiparty computing, where the data is transformed into a form which can be processed, but which cannot be decoded without a third piece of information, which is held again within the EU and split processing is a more generalization of that that applies in other ways, other than suit organization, which we will talk about now, this matters not only for, for personal data, but if you, if you care about your intellectual property and your business critical data, then that must be at risk.
If you transfer it into what might be a hostile government environment. So what is confidential computing and what does it matter? Now? I think we all understand that when we U when we are using cloud services, there are new threats and the controls that we had previously may no longer be effective. What we need is to have controls that are effective in this new world of cloud computing. And one of the key areas that is not covered by most controls is how you protect data while it is being processed. And there are all kinds of examples where you want to be able to process it.
So for example, that you want to be able to do development. And in order to test your development, you need to export your data. As a test data set, you need to be able to quality assure your applications. You need to be able to share the data with some kind of service provider. How do you protect it while it is being processed and confidential? Computing is what, one of the systems that you can use to do this. And I'm going to go through some of the examples of what is on offer and whether it works.
Now, one thing which people have forgotten about is encryption gateways, that these came up at the very beginning of the cloud when people were building cloud access security brokers. And this was some kind of on premises or in a trusted environment type of network device, which as you send information into your software as a service, that it tokenizes, it, it encrypts it, or it pseudonyms it now, depending on how it has, pseudonymized it or tokenized it, it may or may not be possible to continue with encryption or continue with processing.
So for example, if you turn it into a token, things like sorting and searching may not may or may not work, but nevertheless, that is a form which works and is potentially a solution, but which people seem to have forgotten about, however, it's not the only solution. The second solution, which has appeared specifically from Microsoft is this thing called double key encryption. And what Microsoft say is, well, look, we take your data into office 365 or into Azure.
And we, by default, whatever it is, we hold is encrypted and we encrypt it, but we Microsoft hold the keys. So that means that if the, if the media is lost or the raw data is stro stolen without access to Microsoft keys, it's safe.
However, that doesn't protect it during processing, and it doesn't protect it against Microsoft being forced to hand over the keys. So what they do is they give you the client, the ability to have your own encryption key, which you apply to your data before you send it out into the software as a service.
Now, the net result of that is that even if the data was stolen, and even if the government demanded Microsoft handover the keys, they wouldn't be able to get hold of your data. The downside of it is that you can't process the data. So it works with office 365 apps that are on premises, but it doesn't work with office 365 apps in the cloud. And it also gives you all kinds of problems. If you try to use it in conjunction with the rights management software. So it's good in parts. So that's another thing.
Now, the other thing, many vendors come along and they say, well, we will protect your data because we allow you to bring your own key and let's bring your own key and keep your own key. But basically they are systems where you can use some encryption process based on a key, which you hold on premises and which the cloud service provider will hold for you in a secure storage, such as a, a hardware security module.
And I, if you look at what happens with this, then you have a key management protocol manages, allows you to manage the keys. The hardware security module provides physical and logical protection against the theft or misuse of that key. So your data is protected at rest, but it is not protected when it is being processed because in order to process it, it has to be decrypted. And so the, the solution to that, which has arisen is what is called trusted execution environments. So we've already got, as far as the idea that you could hold your key securely in the cloud using a special module.
So if only you could process that data in a trusted enclave, then O all would be well. And indeed, both Intel have this thing called security guard, extension, and AMD have something called infinity guard. I think it is name, which basically says that the code is executed, or some of the code is executed in a trusted enclave. And the data is only decrypted within that enclave. And the whole environment is designed in a way that makes it trustworthy. Now that's good, but it might mean that you have to change your application in order to fully exploit it.
And again, there's a dispute as to different, so different providers and different technologies may or may not need that. That's really good as far as it goes. Certainly you can use it today for your infrastructure as a service where you write your own apps. What has not yet happened is that the services, the database as a service, the software as a service are not necessarily using that, that we might expect will come. Indeed. One cloud service vendor already offers a database service, which they claim is in fact, running in that kind of environment. So that's another option.
The final option or the final, this is the final encryption type option is pseudonymization. And in pseudonymization, what you do is you trans transform that data on premises into two parts. You have the pseudonymized data and you hold effectively the key, which allows you to de pseudonymized it.
In fact, you can have pseudonymized I in a way, which is not decryptable, but if you pseudonymized it in a way which is reversible, then you can send it into the cloud and you can process it. Now, there are different ways of doing pseudonymization and not all are equal. So if you're going to do it in a GDPR compliant way, you must use the techniques that are described by the link that is on that slide.
So, for example, if, if for example, you just simply scramble the order of, of, of people's names, then that doesn't really work because you can, you have a finite set of people's names. And if it's small, you can start to deduce things from that.
So, and the good point about all of this is even if you have sort of fully, totally obscure pseudonym pseudonymized data, it is still good for artificial intelligence, machine learning and machine learning execution. So that is another approach. And that is generally recommended by the information com the, the information commissioner's office in the UK, as a way of securely sharing data. Then you have homomorphic encryption and in homomorphic encryption, we are trying to encrypt the data in a way that the encrypted data itself can be processed. And that is quite complicated.
In fact, I don't, I can't explain to you how that works. You need to talk to a mathematician about it, but you can imagine that first of all, the transformation that you make to use homomorphic encryption may, may mean that the processing becomes expensive. It may limit the processes that you can perform on it, and that makes it, and finally, you may have to change your application in order to use it. Some banks, some organizations are looking at that, but that is a future at the moment, rather than deliverable.
The final thing, which I think is really quite interesting is secure multi-party processing. And there are two basic ideas from this, but there are lots of occasions when multiple parties want to work together. And to give you the classic example, imagine that it is a, it is bonus time in a bank and a group of bankers want to the person who got the biggest bonus to pay for the drinks, but they are forbidden by their contracts to say how much they earned or what the bonus was. So is there a protocol that allows them to work out who got the biggest one without actually sharing the actual bonuses?
Well, there is. And another example of this is in fact, what happens when you have an option and multiparty computing is being used for certain auctions around the world, where effectively what happens is that instead of having a trusted third party, what you do is you have a protocol that never actually divulges the individual bids or limits, but does allow you to decide on which was the highest one. And so that is a really interesting thing because it allows cooperation in a competitive environment, it's co confidential cooperation. So what's the outcome of all of this.
Well, basically you really need to think about what data you have and to work around how you look at it throughout the whole life cycle. Data protection cannot be just brought down to simply confidential computing. Not all data is confidential, not all data is going to be subject to that. You have to recognize what data you have, what the risks are, and then use the right approach. And KuppingerCole have this comprehensive approach in our lifecycle data protection model, which you can find more out about.
So in summary, what has happened the compelling event is that Shrems two says that if you are using a cloud service provider in a third country, you must assume that your data is at risk confidential. Computing technologies give you a way of protecting it while it is processed, but not all ones are the same. You need to take a risk based approach based on the whole data life cycle. And my basic advice is never trust, always protect your data in the cloud. So with that, thank you very much back to you, Annie.
