Pseudonymization, Anonymization, Encryption

Homomorphic encryption for GDPR

There has been a sharp increase in data security technologies since the realization that the GDPR regulations are soon to go into effect. With compliance deadlines around the corner and many organizations still scrambling to figure out who it affects, how it affects them, and what they need to be doing, there is a definite need for the implementation of new security technologies at organizations big and small around the world.

Encryption has become commonplace at most businesses and organizations in order to keep their data safe and protect it from leaks and breaches. It is fairly effective at keeping hackers at bay and providing organizations peace of mind, when they adopt the right approach. However, there is a lot of hassle associated with the process of decryption, which can make using this data cumbersome for the organizations who are going through such trouble to store and manage it.

In response to this, tech giant IBM has invested in what's known as "homomorphic encryption". Just as it sounds, this is a cutting-edge type of cryptography, and the concept could make a revolutionary impact on organizations around the world.

In general, the concept of encryption requires a message to be decrypted, or unscrambled, before it's able to be read and used. This method protects data "during transit" but it then become instantly exposed (and, therefore, vulnerable to hackers) the instance you unlock it. That's just one of the flaws of the slow and resource-intensive encryption/decryption process.

However, the homomorphic encryption process that IBM has proposed will work differently. It will allow you to read a message as if it has been decrypted, but it will do so without removing the protective layer that the encryption process placed on it. This sounds like a novel concept, but it has the potential to improve the efficiency and security of data-driven operations around the world and all through cyberspace.

Theoretically, an administrator in your organization's IT department could use homomorphic encryption to encrypt all of your sensitive data: customer records, business intelligence, and trade secrets. This will keep your confidential information safe before you upload it to the crowd. Here, the encrypted data is practically useless. It is just being stored for access at a later date. But, through this cloud, the data can be managed and even shared--and you can do so without decrying it.

Cloud technology has certainly sped up many aspects of business, but before homomorphic encryption, it proposed harmful security concerns about the storage and sharing of sensitive data. Of course, there are adoption challenges that come along with homomorphic encryption. It is a concept that computer scientists have been working on for many decades now. IBM's Craig Gentry first created a homomorphic encryption system in 2009.

Homomorphic encryption is a very promising system, but two primary barriers have been keeping it from being adopted by the mainstream. Practical use and performance are those two barriers. Gentry, for instance, estimated that his system would take about a trillion times longer to process in a web search scenario (like Google) compared to encrypted data.

There have been improvements made since then, but now five years after the fact, full-on homomorphic encryption processes are still very much slower than unencrypted data. Of course, all data privacy techniques have some inherent processing delays and slowness to them, but homomorphic encryption in particular requires more improvement still before it will be ready for enterprise adoption.

With GDPR on the horizon, however, it is expected that more tech companies will begin looking into homomorphic encryption and alternatives to it and working to speed up the data storage and management process as a whole. This will be a critical step forward for the entire IT industry, and organizational interest in methods like homomorphic encryption will likely stretch far beyond GDPR compliance when these methods begin showing improvements in not just data privacy, but also speedy increases for general data management on the larger scale.

About the Author

Ales Teska

TeskaLabs’ founder and CEO, Ales Teska, is a driven innovator who proactively builds things and comes up with solutions to solve practical IT problems.


TurboCat.io

Data anonymization tool for GDPR

More information


You Might Be Interested in Reading These Articles

Pseudonymization, Anonymization, Encryption ... what is the difference?

The year 2018 will, at least in Europe, be a turning point for data privacy and personal information protection. In this article, I will focus on personal data processing. I describe methods of de-identification of personal data, such as pseudonymization, anonymization, and encryption.

Continue reading ...

gdpr data-privacy

Published on November 28, 2017

Personal Data Deindetification: Pseudonymization

Pseudonymization is a critical part of GDPR compliance although there are no explicit GDPR pseudonymization requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.

Continue reading ...

gdpr data-privacy

Published on June 16, 2018

Personal Data Deindetification: Data masking (or suppression)

Data masking (or suppression) represents the de fact standard of pseudonymisation. Pseudonymisation is a critical part of GDPR compliance although there are no explicit GDPR pseudonymisation requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.

Continue reading ...

gdpr data-privacy

Published on June 11, 2018