The exponential growth of datasets has resulted in growing scrutiny of how data is exposed and shared – both from a data privacy and compliance perspective. In this context, confidential computing becomes an important tool to help Swiss organizations like Ringier and Roche meet their privacy and security needs surrounding business and end customer data.
Confidential computing technology encrypts data in memory and only processes it once the cloud environment is verified, preventing data access from cloud operators, malicious admins, and privileged software. It helps keep data protected throughout its lifecycle – in addition to existing solutions of protecting data at rest and in transit, data is now protected while in use.
Thanks to confidential computing, organizations across the world can now unlock opportunities that were not possible before. For example, they can now benefit from multi-party data analytics and machine learning that combine datasets from parties that would have been unwilling or unable to collaborate, keeping data private across participants. The technology has the transformative potential to enable data collaboration across organizations even for most sensitive data, without ever making data of individuals accessible to other parties.
In Switzerland, the media and technology company Ringier has teamed up with the Microsoft Partner Decentriq to explore how confidential computing and data clean rooms can empower its business. Naturally, the media industry relies heavily on advertising as a source of financing but legislation for more data protection is leading to stricter rules around the use of third-party data. “Confidential computing and data clean rooms present us with a great chance to exchange information in a legal, efficient and effective way,” says Zhao Wang, Head of Data Technology at Ringier.
In essence, Ringier can introduce knowledge about a certain customer that is only visible to the company itself into the data clean room. An advertising partner can do the same from their side. Machine learning is then used to compare patterns in the customers to find similarities and to decide on the importance of the characteristics. This results in a model that can be used to predict in which group a target audience is – without ever seeing any personal data. “This allows us to do better media planning and advertising, targeting more accurately – and in the end driving more revenue whilst complying with all data protection regulations,” says Wang. In the future, such models could be used across the entire publishing house and generalized for other publishing companies, enabling an ecosystem approach to an industry challenge.
Decentriq, a tech company based in Zurich that recently won the Microsoft Switzerland startup of the year award, is a key partner company in the area of confidential computing. Together with Microsoft and Intel, Decentriq is a founding member of the Confidential Computing Consortium, an alliance to accelerate the adoption of trusted execution environment (TEE) technologies and standards. “Decentriq is changing the way enterprise customers create data ecosystems and analyze data with their partners by providing a secure and privacy-assured computing environment,” says Maximilian Groth, Co-Founder & CEO of Decentriq. Decentriq has engaged in multiple proof-of-concept projects and collaborations with insurance, banking, pharmaceutical, and publishing enterprises.
Roche is also exploring the possibilities of confidential computing for its pharmaceutical research: Hospitals can now provide data for instance for clinical studies while being sure that very sensitive patient data is only used in a specific way. Azure confidential computing not only allows permanent encryption and that no one can access the actual data, but is also a re-assurance to the data owner that data can only be used in a specific pre-defined way. This is especially crucial in clinical research, in drug development for example, with very sensitive patient data – to comply with data protection regulations and to ensure the patients’ trust in the secure handling of their data.
For that reason, Roche Pharma Switzerland is also evaluating how the company could benefit from confidential computing: “These technologies would allow us on a local level to do something we couldn’t do before by leveraging info from data in data clean rooms. This could add value not only to our research but also to build trust in how we do it by protecting patient’s privacy,” says Valentina Ranghetti, Strategic Insight Manager at Roche Pharma Switzerland. Local data storage in Microsoft’s Swiss datacenter is also an important factor in that evaluation. In addition to Amsterdam and Dublin, Switzerland North is currently the only Azure region in EMEA to offer the newest confidential computing Intel SGX technology with DCsv3 Virtual Machines.
What both Ringier and Roche agree on, is the vast potential of confidential computing and data clean rooms. And not only for their specific industry ecosystems: While regulated industries have been the early adopters due to compliance needs and highly sensitive data, there is growing interest across industries, from manufacturing to retail and energy, for example. “Just as HTTPS has become pervasive for protecting data during internet web browsing, here at Azure, we believe that confidential computing will be a necessary ingredient for all computing infrastructure,” Mark Russinovich Chief Technology Officer and Technical Fellow for Microsoft Azure, stated in a blog post. “Our vision is to transform the Azure cloud into the Azure confidential cloud, moving from computing in the clear to computing confidentially across the cloud and edge. We want to empower customers to achieve the highest levels of privacy and security for all their workloads.”