2021: The Year We Start Securing Data Even When In Use

Richard Gendal Brown
Chief Technology Officer, R3

Remember when Apple first allowed you to put “1,000 songs in your pocket”?

Few of us now remember the days when we had to carry around a wallet of CDs and a discman if we wanted to listen to music on the move.

But notice how we barely even remember iPods, either! Something that seemed so new was itself first commoditised and then rendered redundant.

It’s probably a long time since you’ve ‘ripped’ a CD or paid for a song on iTunes. But you probably don’t even bother to download Spotify tracks for ‘offline’ use these days, so prevalent has high-quality pervasive connectivity become.

It’s a normal part of the technology lifecycle that a product that at first seemed ground-breaking soon becomes commoditised and accepted as the status quo… and sometimes even then obsoleted.

We know this is just the circle of technological life.

But that period of novelty, even if it is fleeting, is nevertheless a period of ambition, creation and opportunity. Even when you know something will be commoditised there can still be good money to be made from it whilst it’s still new.

Think about something as mundane as security on the web.

The once rare, but now ubiquitous green padlock in the URL bar is a simple visual cue to the end user of a website that the page is secure, and they can submit sensitive information to your server. As we all now understand, this is because the site uses HTTPS, which is designed to prevent anyone from reading or modifying the data you exchange with the website, made possible because of the SSL/TLS protocol that secures transmitted data.

When this was first introduced in 1994, very few websites used it. As adoption grew, we became subconsciously trained to look for it as web users. Firms who adopted it before their competitors could win business from the laggards.

Everybody knew it would soon be ubiquitous. But it didn’t happen immediately. There was opportunity even when you knew where things were heading.

Now we’re at the point where it’s table-stakes – we even use it for simple documentation sites, and any website owner that doesn’t use it is seen as negligent.

And the firms who mastered the technology early were well placed when it became an expected cost of doing business. If you were ever in doubt about the importance of mastering pivotal technologies before ubiquity, just look at the price of eCommerce specialists in 2020 as the retailers who failed to invest in their web presence went into full-on panic mode when the pandemic struck.

But how does this apply to data security in the world of enterprise technology?

As we head into 2021, we’re beginning this same process in the lifecycle of a previously niche technology, Confidential Computing. It was those working on enterprise blockchain projects who have helped propel it into the mainstream but the impact will spread far beyond as it helps us deliver on the promise of securing a business’s data whilst in use.

Securing business data whilst it’s being used? Aren’t security protocols such as HTTPS already meant to protect us like that?

Well, you might assume that, but…no.

Have you ever stopped to ask yourself what that little green security padlock actually means?

Secure in what way?

What does it actually represent?

What protection is it giving you?

What bad things could happen to you if the padlock wasn’t there?

And in any case, isn’t there a padlock when you browse sites like Facebook? And yet aren’t they appearing in the news regularly accused of “selling” or “misusing” your data? How can they do this if they have the padlock and the padlock means it’s “secure”?

The answer, of course, is that the padlock is there simply to ensure you really are logged in to facebook.com and not some other site. And it ensures that nobody can intercept your private information as it flows back and forth between your computer and Facebook’s data centres.

The padlock in your browser keeps your data safe as it travels to and from your favourite social media service. That’s important, of course.

But notice what that padlock doesn’t do.

That padlock doesn’t tell you anything about what Facebook will do with your data once it arrives. You just know you’re sharing your data with them and not somebody else.

In the world of business, where data is often a firm’s most valuable asset, this situation is no longer acceptable. Traders, for example, want to buy and sell stocks for the best prices in the most liquid venues. But they don’t want the operators of those venues using their orders to trade against them.

This is where Confidential Computing comes in.

This technology makes it possible to check what program is running on somebody else’s computer before you send your information, and to be sure that the owner of that computer can neither influence nor observe what’s happening.

And it’s going to utterly transform how we think about data security.

OK, but what does this have to do with blockchain?

In my last column I stated the fact that no technology stands alone. After all, market-level cooperation, which is the central promise of enterprise blockchain platforms, relies on accurate, timely and secure data sharing between firms.

But that’s not always the whole story. What if firms need to gain collective intelligence from data that needs to remain concealed? Blockchain has no answers to that question. But by integrating an adjacent technology – such as Confidential Computing – this challenge can finally be overcome.

The last five years of enterprise blockchain development have woken the business world up to the fact we can solve problems for entire markets in a way that we couldn’t in the past. Just look at some of the market-wide initiatives that are already live – Spunta Banca DLT for interbank reconciliation in Italy, B3i for the global insurance industry, and Contour and Marco Polo for trade finance. But that’s not to say it’s easy bringing so many different players together – in fact, it’s been much harder than many of us anticipated, and taken much longer. But it is possible – and the live use cases of this technology continue to grow month by month.

Ironically, however, as the technology moves towards widespread adoption, fewer and fewer businesses will realise that the platforms and apps they’re using are being powered by blockchain. It won’t be new or exciting anymore, it’ll just be there – and it will work.

Similar to that little green padlock.

As we head into 2021, Confidential Computing will begin its journey on this same lifecycle. Ever since blockchain firms began working with clients on tackling their challenges with blockchain technology, there would always be someone in the room that would say: “you don’t need a blockchain for that!” And guess what – sometimes they were right. In some scenarios, firms needed to collaborate at a market level but not everyone’s records needed to be synchronised.

The challenge was sometimes to bring together data to extract insight but without anybody seeing anybody else’s information - and this is what Confidential Computing is able to achieve. And so, the combination of these two innovations enables collaborative data processing without giving up privacy. This seemingly simple premise is in fact so revolutionary that it will enable businesses to gain a major competitive edge and grow market share in the coming years.

Imagine, for example, a bank that operates a dark pool. As a buyer or seller, you can send a bid or offer to the bank and be assured that you won’t be revealed to other participants. Your trade will be successful only if it’s matched with a counterpart, but the act of buying or selling doesn’t move the market unintentionally. This is a low-risk way to test the market – but you’re sending data to the bank and it can do whatever it wants with it. The only real protection is the bank’s privacy policy and its reputation as a trusted institution.

There have been some very high-profile examples of front running in this scenario – so imagine if a bank actively gave up its freedom to see your data by deploying Confidential Computing. Isn’t it possible it would actually grow its market share?

Or imagine multiple institutions being able to share all their transaction data to a third party via a blockchain-based anti-fraud solution and the third party being able to analyse it for fraud patterns without actually seeing any of the sensitive data. Would they not quickly become a market leader?

And that’s why the convergence of blockchain and Confidential Computing is my tip for 2021’s most meaningful development in the enterprise software world.

As the world’s software engineers come to view Corda and other blockchain platforms as just another tool in their toolkits – just like the green padlock, Confidential Computing will begin this same journey towards adoption and ubiquity. Because with the massive benefits it offers businesses that value the privacy of their data, there’s no way it can be held back.

And even though it’s abundantly obvious to me that it will be the table-stakes for anybody processing other people’s data in a few years’ time, it’s also the case that those who master it in 2021 will enjoy an amazing period of competitive advantage when they’re the only ones in their industry who can make data security promises to their customers that their competitors could only dream of.

Explore more articles

The latest news and announcements about Conclave.