In today's digital landscape, Chief Information Security Officers (CISOs) are encountering a pivotal moment. The traditional perception of security as merely a cost centre is rapidly evolving, driven by heightened legal concerns, compliance requirements, and intensified scrutiny from board-level stakeholders. Amidst this backdrop, security leaders are challenged to strike a delicate balance between safeguarding valuable assets like data while also facilitating business growth.
Data has become the new ‘oil’ of business. Meanwhile, across the business, it has become everyone’s responsibility to ensure data security. However, functions are challenged with what is sensitive, or valuable data – not all data is the same, and a CISO does not have the budget to secure all the expanding data sets, at the same standard.
Despite reports indicating increased security budgets, many CISOs face mounting pressure to justify expenditures. This begs the question: why is security often relegated to the realm of business insurance or compliance? What if security could be reframed as a strategic business enabler capable of driving customer adoption, unlocking new revenue streams, accelerating time-to-market for innovative services, and fortifying the business and brand while simultaneously reducing costs?
We live in a world where we are awash with data. So much so we struggle to keep up with the latest information and trends, and then we can't analyse it effectively due to the volumes in existence.
Enter AI - for analysis at scale, with reduced human error and bias, in far faster timeframes.
Businesses become capable of making better decisions, solving more complex problems, and gaining deeper insights. Something every CEO and Board member will be pushing for. But rather than restrict the dataset on which to base these decisions, the advancement in thinking shifts to sharing multi-party resources and expertise, to gain even deeper insights, make even better decisions, and solve even more complex problems, without being restricted to an independent dataset.
IDC predicted [source] by this year, 65% of G2000 Enterprises will form data-sharing partnerships with external stakeholders. And Gartner predicts [source] that those organisations promoting data sharing, will outperform their peers on most business value metrics.
The challenge then shifts from performing AI analysis that informs business decisions, to securing the data without putting the business, or personal, data at risk, and driving ethical adoption and practices. Enabling the sharing of de-sensitised data, businesses face the opportunity to drive competitive advantage through secure, ethical, and compliant, data collaboration. As a result, the world becomes open to new partnerships, agreements, and protocols for sharing and managing data securely, ethically, and legally, taking individuals, businesses, markets and economies further.
And that’s where Confidential Computing is a game-changer in data security. By creating a trusted execution environment, Confidential Computing enables organisations to utilise sensitive data in a desensitised manner, sourced from a range of encrypted repositories, without compromising its confidentiality or integrity. This approach not only simplifies data collaboration but also opens avenues for secure multi-party partnerships and innovative business decisions.
Through a Zero trust attestation SaaS environment, with verified trustworthiness across the compute stack, collaborative AI allows data modelling to provide personalised, not generic recommendations, seeing users as the individuals they are. Medical treatment, financial planning, shopping recommendations, to name just a few examples, aid in the decision making of both the business and the individuals.
This approach shifts the thinking of security as a cost, to security as an enabler to drive a range of new revenue opportunities, through secure multi-party collaborations, and business decisions made of greater insights led from AI modelling.
Compliance is recognised as one of the main barriers to gain access to data, due to regional regulatory rules. One of the biggest opportunities confidential computing creates, is a secure, multi-party collaboration and computation, reduced data exposure, whilst enabling regulatory compliance and a greater data security posture. Each participant can benefit from a shared dataset, in the knowledge of a trusted, ethical approach, and security diligence across all parties.
However, in two recent CISO boardroom sessions, working with Evanta, a Gartner company, across the DACH and Nordics regions, although the desire to securely collaborate was apparent, whether internally following M&A, or with third parties, before being able to start on that journey, greater concern was felt around the availability and integrity of the data. Formalising plans around data discovery, classification and anonymisation; identity access management; audit policies and procedures are essential. These can often involve automation, but it is only truly enlightening when layered with subject matter expert (SME) interviews from across the business – as of course, not all information is as important as the next piece, or perhaps it's only the accumulated and packaged data into information, that actually drives its value and confidentiality.
We have a number of customers benefitting from confidential AI use. In healthcare, one spotted an opportunity to deliver greater insights throughout their partner network. By building a business-intelligence-as-a-service platform, collating datasets from partners across the supply chain, and including publicly available data on a set requirement, a partner in their network gained insights to help determine frequency and reason for use with their Diabetes medication.
Through the secure, trusted platform, business decisions were made more holistically and accurately, resulting in the partner recognising a customer churn reduction by 29%, and loyalty increase by 60%.
Confidential computing capabilities allows data to be extracted without any personal identifying information, it isolates and protects sensitive data in a secure enclave, whilst being processed. Together, this secure service enabled the linkage of datasets to reduce unnecessary information use, whilst making more informed decisions through predictable insights.
And this is the next paradigm of opportunity for businesses – we hear how many CISOs are being asked by their Boards why AI isn’t implemented yet if the business benefits are so large. But it isn’t that simple, and the security of the data and its environment is vital whilst we face the ever-growing impact of cybercrime, and predicted challenge of PQC (post quantum cryptography) making ransomware and breaches more likely.
Just recently, the European Commission has invested €112m [source] in AI and quantum research and innovation. And before that the EU AI Act [source] was passed, with the aim to counter disinformation, and ensure humans are ultimately in control, whilst improving access to information, e.g. for those with disabilities, and ensuring safeguards and transparency to ensure decisions are not influenced or deceived with deepfake. Users are to be notified when dealing with a chatbot or other AI system, to ensure the experience and outcome is beneficial for the user, not just for perceived monetised gain. AI is simply not just a service we switch on!
In conclusion, the convergence of AI and Confidential Computing presents a compelling opportunity for organisations to transcend traditional security paradigms and embrace security as a strategic business enabler. What is essential here is the use of technology for good, through a secure operation – including appropriate access rights, high levels of data protection and encryption, and regulatory compliance.
By harnessing the power of AI and secure data collaboration underpinned by Confidential Computing, organisations benefit from true defence in depth, which we believe enables businesses to take next generation technologies from theory into practice, driving business outcomes, at the highest standard of security.
As we navigate the digital age, prioritising security as a catalyst for business growth is not just a strategic imperative but a competitive advantage in an increasingly complex landscape.
For more information on how Security can enable business goals, please see our value paper, Secure Success: Building Business Value through Data Security.
Simon Thornell joined Fortanix in November 2023 and is the EMEA Director, Sales Engineering. His responsibilities include working with customers and partners to ascertain the best security principles to deliver to business goals. Prior to joining Fortanix, Simon worked at VMware, and BT, where he crafted his skills in product engineering in the technology industry.
Simon recently participated in our latest webinar, Security as a Business Driver, which is available on demand here.