Homomorphic encryption for GDPR
There has been a sharp increase in data security technologies since the realization that the GDPR regulations are soon to go into effect. With compliance deadlines around the corner and many organizations still scrambling to figure out who it affects, how it affects them, and what they need to be doing, there is a definite need for the implementation of new security technologies at organizations big and small around the world.
Encryption has become commonplace at most businesses and organizations in order to keep their data safe and protect it from leaks and breaches. It is fairly effective at keeping hackers at bay and providing organizations peace of mind, when they adopt the right approach. However, there is a lot of hassle associated with the process of decryption, which can make using this data cumbersome for the organizations who are going through such trouble to store and manage it.
In response to this, tech giant IBM has invested in what's known as "homomorphic encryption". Just as it sounds, this is a cutting-edge type of cryptography, and the concept could make a revolutionary impact on organizations around the world.
In general, the concept of encryption requires a message to be decrypted, or unscrambled, before it's able to be read and used. This method protects data "during transit" but it then become instantly exposed (and, therefore, vulnerable to hackers) the instance you unlock it. That's just one of the flaws of the slow and resource-intensive encryption/decryption process.
However, the homomorphic encryption process that IBM has proposed will work differently. It will allow you to read a message as if it has been decrypted, but it will do so without removing the protective layer that the encryption process placed on it. This sounds like a novel concept, but it has the potential to improve the efficiency and security of data-driven operations around the world and all through cyberspace.
Theoretically, an administrator in your organization's IT department could use homomorphic encryption to encrypt all of your sensitive data: customer records, business intelligence, and trade secrets. This will keep your confidential information safe before you upload it to the crowd. Here, the encrypted data is practically useless. It is just being stored for access at a later date. But, through this cloud, the data can be managed and even shared--and you can do so without decrying it.
Cloud technology has certainly sped up many aspects of business, but before homomorphic encryption, it proposed harmful security concerns about the storage and sharing of sensitive data. Of course, there are adoption challenges that come along with homomorphic encryption. It is a concept that computer scientists have been working on for many decades now. IBM's Craig Gentry first created a homomorphic encryption system in 2009.
Homomorphic encryption is a very promising system, but two primary barriers have been keeping it from being adopted by the mainstream. Practical use and performance are those two barriers. Gentry, for instance, estimated that his system would take about a trillion times longer to process in a web search scenario (like Google) compared to encrypted data.
There have been improvements made since then, but now five years after the fact, full-on homomorphic encryption processes are still very much slower than unencrypted data. Of course, all data privacy techniques have some inherent processing delays and slowness to them, but homomorphic encryption in particular requires more improvement still before it will be ready for enterprise adoption.
With GDPR on the horizon, however, it is expected that more tech companies will begin looking into homomorphic encryption and alternatives to it and working to speed up the data storage and management process as a whole. This will be a critical step forward for the entire IT industry, and organizational interest in methods like homomorphic encryption will likely stretch far beyond GDPR compliance when these methods begin showing improvements in not just data privacy, but also speedy increases for general data management on the larger scale.
You Might Be Interested in Reading These Articles
Data encryption is a critical part of GDPR compliance although there are no explicit GDPR encryption requirements. The regulation vaguely states that businesses must enforce safeguards and security measures to protect all consumer data that they handle. The GDPR refers to pseudonymization and encryption as “appropriate technical and organizational measures.
Published on May 16, 2018
Cellphone instead of a filing cabinet. Until quite recently, doctors at the IKEM hospital in Prague needed to perform photo documentation by first taking pictures with a digital camera, and then downloading and/or uploading them via a computer network to patient cards. A solution to this tedious and time-consuming practice was made possible through the use of mobile scanning technology.
Published on December 10, 2019
zScanner is a mobile application for clinical and medical photo documentation. zScanner enables doctors to take photos of patient medical records, and of injuries of the patients, and upload them to a hospital information system. zScanner is an application developed and used by IKEM, a major Czech hospital, and the largest center of clinical and experimental medicine in the Czech Republic.
Published on May 12, 2019