Fortanix introduces Confidential Data Search for encrypted data under regulation
Fortanix has released Fortanix Confidential Data Search, a solution that supports highly scalable searches in encrypted databases with sensitive data, without compromising data security or privacy regulations.
Current solutions that enable secure searches of encrypted data are predominantly based on complex and expensive cryptographic technologies, such as Homomorphic Encryption (HE), which are impractical for data-mining complex medical or financial datasets.
According to a current blog from the Confidential Computing Consortium, such computationally intensive approaches can be 1,000 to 1,000,000 times slower than standard non-encrypted databases and often require customized hardware to alleviate the delay.
Homomorphic encryption-based technologies provide a severely restricted scope of search parameters, making them impractical beyond strict numerical searches. In addition, they require additional third-party solutions to police the different levels of access and secure the cryptographic keys, as mandated by security best practices and regulations.
Fortanix’s new Confidential Data Search solution addresses data security requirements while maintaining full support for streamlined business operations. The solution supports intra-organizational analysis of complex data sets that are subject to regulatory compliance controls, such as HIPAA, GDPR, FINMA, PCI-DSS, or similar.
The Fortanix solution differentiates from other point search products by integrating Confidential Data Search within an end-to-end data privacy and security platform that includes granular access controls, key lifecycle management with integrated Hardware Security Modules (HSMs) for secure key storage, data masking and tokenization, secure DevOps capabilities such as secrets management and code signing.
“The growth of privacy laws around the globe has been apparent since the introduction of GDPR, and it’s vital for organizations to meet regulatory compliance by keeping their data both encrypted and accessible at the same time,” said Anand Kashyap, CEO of Fortanix.
“Fortanix Confidential Data Search enables organizations to meet these mandates with an elegant solution that secures data at a high level while still making it available, ensuring that business operations never slow down,” Kashyap continued.
“Integrating Fortanix Confidential Data Search with Equideum Health’s offerings is a huge leap forward for multi-party computing and trusted AI in the complex healthcare and life sciences industry. Ethically leveraging data splintered across an ever-growing number of opaque data silos is critical to improving clinical research, care delivery, public health, and health equity. These aims have long been challenged by two polarizing priorities: to improve privacy preservation while also increasing data access,” said Heather Leigh Flannery, CEO at Equideum Health.
“Now, together with our partner, Fortanix, we are rapidly reconciling these competing priorities. We are democratizing confidential data discovery and compliant data use across our industry’s many regulatory constructs, each varying by jurisdiction,” Flannery added.
A new era of secure data search and retrieval powered by Confidential Computing
Fortanix Confidential Data Search enables organizations to deploy their data-driven initiatives with:
High performance and scale
In contrast to proprietary mathematical search solutions, such as homomorphic encryption where query granularity exponentially increases the computational demand, regular database queries produce faster results, especially when the query granularity increases.
For example, searching a national healthcare database for men produces many results, but searching for men in the state of Oregon, between the age of 40-50, who were previously diagnosed with COVID-19, reduces the records to analyze, and speeds up the overall process. Depending on the search granularity, the Fortanix solution is expected to be thousands of times faster than traditional cryptographic solutions.
Limited computational demand allows the solution to easily scale for large data sets with complex data, such as medical or financial records, in the Terabyte order.
Proven technology with an unrestricted search scope
Confidential Computing technology transparently adopts applications. Therefore, the new solution allows data analysts to use off-the-shelf, unmodified databases. A standard, unrestricted SQL environment is familiar to any data analyst and enables them to retrieve more accurate results, faster.
Users do not need to convert their datasets to new complex proprietary database formats or deploy proprietary agents. In addition, the solution uses proven encryption standards for increased trustworthiness, including readiness for post-quantum cryptography (PQC).
Lower TCO
Confidential Data Search uses commodity databases and hardware. The secure trusted execution environments (TEEs) are consumed as a cloud service, so customers only need to pay for what they actually use. Fortanix Confidential Data Search provides confidentiality for the query issuer and the data owner, and any arbitrary SQL query can be performed without a loss of fidelity or prohibitive system latency.
Fortanix will make the solution available for early trials in the second half of 2023. Initial participants already include large financial services and healthcare firms. The solution can be consumed as part of the DSM SaaS or as an on-premises offering.