Towards precision security
Utilizing Homomorphic encryption for tailor-made security
“But in herself alone she is more important than all the hundreds of you other roses… Because she is my rose”.
The Little Prince by Antoine De Saint-Exupéry
We all want the best. As an industry, we aspire to provide the best security for our customers. But what is the best security? Obviously the answer differs from one customer to another. He wants protection from his threats, not just any threats, he wants protection for his data, not just any data — he wants tailor-made security.
Personalized customer experience is definitely not a new concept. One industry which has a lot in common with the security industry is going through a big revolution in this direction. Precision medicine (PM) is a term describing the customization of the healthcare practices to the individual person. There are multiple benefits to this approach, mainly improving the quality of patient care, enabling cost-effectiveness, and reducing readmission and mortality rates. Machine learning (ML) has a big role in this emerging field. It is used for the analysis of big amounts of data, for lifestyle impact analysis and for genome sequencing. ML is also heavily utilized in the cyber security domain — although some would say not heavily enough.
It seems that exactly like in medicine, the next “low hanging fruit” is utilizing ML in such ways that will maximize the individual customer security experience. By using his data, his lifestyle (organizational policies) and his genome (specific software, context).
The next step, in my opinion, is expected — Precision Security (PS).
Let’s give our customers a security experience that fits them most and is based on (or tweaked by) their personal data. We have the motivation and we have the technology, there’s only the small issue of the data — it’s private. By definition if you want to use my data to personalize my security you are exposed to all of my personal IP and moreover you’ll probably want it travelling the world to be crunched by your cloud based ML pipeline. That’s disturbing and probably a big “no no” for customers, especially in conservative industries. They are right. It’s their data and it’s their most important asset. The concern is valid.
An elegant solution¹ to this problem exists as well — (Full) Homomorphic encryption. FHE is (sort of) a new encryption technology which enables mathematical computations to be made on encrypted data, without requiring any decryption in the process. The encrypted result (once decrypted) of these computations will be the same as if they were made on the plain data — amazing. In practice, it means that the data can be encrypted on the customer side, sent to a remote server, crunched and manipulated and sent back to the customer to be decrypted. The customer data was encrypted throughout the chain with minimal risk.
Production level implementations are already on the market. There are several startups on the field, like Enveil, Duality and Fortanix. PALISADE and Microsoft Seal are worth mentioning as open-source frameworks for homomorphic encryption. Using these tools we can break the data barrier and provide our customers with a real personal security experience. The market pushes us towards Precision Security, it’s up to us to pick up the gauntlet.
[1]: Another interesting solution is Federated learning (FL). FL is a ML technique that trains an algorithm on edge devices (mobile devices, gateways etc.) without sharing their data samples. This model can than be uploaded to the cloud and improve the collaborative model or just used locally. A nice use case is Google Gboard.
Note from Towards Data Science’s editors: While we allow independent authors to publish articles in accordance with our rules and guidelines, we do not endorse each author’s contribution. You should not rely on an author’s works without seeking professional advice. See our Reader Terms for details.
