Securing Data Collaboration with Confidential Computing

For many companies, today’s data collaboration landscape offers exciting opportunities to harness valuable insights that drive market advantage. Powered by rapid data clean room adoption, enterprises across industries are moving quickly to launch and expand their data collaboration initiatives. (Almost half of all companies in our survey reported using data clean rooms in the past 12 months, while 7 in 10 planned to increase data collaboration over the next 12 months.)

However, for certain heavily regulated industries that commonly deal with highly sensitive data and personally identifiable information (PII), this same data collaboration landscape can look like a minefield of potential data breaches and liability. To confidently pursue the data collaboration opportunities before them, enterprises in these industries — financial services, healthcare, telecoms, and more — require the highest levels of data security in their collaboration infrastructure. 

And now, with the advent of confidential computing — they have it. Let’s take the financial services industry as an example.

Locking down data in a TEE

Modern data clean rooms already utilize strong encryption for data at rest and in transit, but that doesn’t cover encryption for data in use — e.g., during data collaboration. Financial services companies can leverage data clean rooms to deliver a secure environment and powerful data governance that enables multiple platforms and parties to share decentralized, encrypted data and extract insights while not learning anything about each other’s data. But at this point a company pursuing data collaboration must place its trust in the clean room vendor’s data security technology, and for financial services companies, this may not be enough.

The next step is to secure the hardware and software platform on which the data collaboration environment runs — and this is where confidential computing comes into play. Companies in the financial services sector want the additional security of a hardware-based, trusted execution environment (TEE) to ensure data is protected during processing to prevent unauthorized access to data or code. Confidential computing provides such a capability, using attestation to verify the integrity of the computing environment (including hardware and software) before allowing access to data.

Habu + Azure + AMD

Habu recently announced support for confidential computing via a partnership with Microsoft Azure and AMD. With the combined privacy capabilities of a Habu data clean room, Microsoft Azure confidential computing environment, and AMD EPYC™ processors with Infinity Guard featuring Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technology, financial institutions can be sure they’re collaborating with their partners without compromising sensitive data.

Confidential computing in a Microsoft Azure TEE shields data from being read or modified by any code outside the environment. Even admins with physical access to hardware cannot see unencrypted data. Confidential computing provides a key element in building a Zero Trust environment for sensitive data. Paired with Habu, this enables financial services firms to:

• Unlock more value from data at scale
• Collaborate on decentralized data from any platform
• Cut time-to-value with flexible, secure data democratization
• Protect sensitive data while at rest, in transit, and in use

We’ve put together a guide illustrating the unprecedented opportunity for financial services firms to greatly improve the accuracy of data analytics, reduce risk in credit markets, prevent money laundering, and much more — all via data collaboration powered by Habu data clean room software and Microsoft Azure confidential computing with AMD technology.

To learn more, read our guide Data Clean Rooms for Financial Services.