Breaking silos with secure AI-driven data collaboration without risk

Patrick Devine, data and identity security business development, Solid8 Technologies.

---

In today’s hyperconnected, fast-paced world, organisations increasingly need to collaborate and draw insights from rich, rapidly-growing data streams − structured and unstructured alike − without sacrificing privacy or security.

A recent article in the Daily Maverick brought this challenge to the surface for South Africa’s financial crime-fighting community, highlighted by leaders across industry: “Experts from both the private and public sectors hammered home the message that the future of economic crime prevention in Africa hinges on smashing information silos and building airtight data-sharing frameworks.”

However, achieving such a goal has often been complex and costly, with limited results due to the inability to truly capitalise on the rich data needed to train AI on it and derive fast results from real-time and historical data.

The ‘trust me’ cliche is losing out to a demand to ‘prove it’.

Fraud and crime happen fast and can only be prevented if accurate and timely results are available for action. This must include analysis of data from different entities; for example, banks, payment networks and finance providers. This collaboration is naturally across “trust boundaries” where risk and concern about data breaches or insider threat typically get in the way of effective collaboration.

However, risk reduction results are literally at the fingertips of data scientists and AI researchers if rich data and modern AI models can be made more accessible than ever before with strong guardrails and state-of-the-art isolation approaches.

Traditional approaches often create more problems than they solve, yet the need for secure information sharing at industrial scale continues to grow, given rising crime and the increasing use of AI by threat actors to facilitate it, and confirmed by Interpol.

This is a problem across industry, but in the detection of financial crime, it's a critical challenge:

Third-party custodians plus legal contracts: Entrusting sensitive data to a third-party − even with a robust contract − can be risky. Outsourcing control introduces vulnerabilities: what if the custodian is compromised? Contracts don't prevent misuse or leakage once data is shared, and insider threats, cloud leaks and attack risks are still persistent barriers to success.

Synthetic or anonymised data: Generating ‘safe’ versions of data can reduce privacy concerns, but at a steep cost. Synthetic data often lacks fidelity, making cross-dataset mapping or nuanced analysis impossible. This approach introduces complexity, inconsistencies and analytical blind spots.

Fully homomorphic encryption: Performance issues make this approach a non-starter for any significant data volumes.

Meanwhile, the pace and diversity of today's data − from logs and documents to graphs, social feeds, partner data and AI-derived content − demands flexible and powerful tools. To unlock meaningful insights, particularly with emerging AI models, analysts need access to full-fidelity data, but they often don’t know exactly what types of data they'll need ahead of time.

The CCC was formed in August 2019 under the auspices of the Linux Foundation, with founding members Intel, Microsoft, Google, IBM and Alibaba.

It was formed to address IT security concerns related to the deployment of sensitive applications to cloud environments. The issue identified related to administrator privileges (root in Linux), who work for the cloud service provider.

Administrator privileges enable ‘data in use’ theft of data that is memory or being processed by the CPU/GPU using standard Linux operating system commands like ‘gcore’.

Data security for ‘data at rest’ (databases or disk storage) and ‘data in motion’ has long been solved. However, encrypted ‘data at rest’ is completely unusable. To access the data, the encrypted data must be decrypted and sent via a secure Transport Layer Encryption, ‘data in motion’ to the CPU and memory for the data to be processed.

Almost all data is ‘in the clear’ when being processed. By simply executing the ‘gcore’ command and providing the open source web server ‘process ID’ number − all the data, code and/or algorithm in memory and the CPU are written to a clear text file.

The CPU/GPU manufacturers Intel, AMD and Nvidia signed on as members of the CCC, and created a hardware-based solution to this massive security hole. Intel, AMD and Nvidia approached the problem from slightly different angles, with different capabilities, but essentially, they created hardware-enabled encryption of all data that is processed by the CPU and in memory called a Trusted Execution Environment (TEE) or a secure ‘enclave’.

To put it simply, the TEE is a secure building and an ‘enclave’ is a secured room inside the building. A related activity is called ‘attestation’ which is essentially cryptographic proof that the data, code and/or algorithm were not accessed, copied or stolen by any parties involved.

As stated by Mark Novak, director of enterprise security architecture at JPMorgan Chase & Co, in a recent article in Enterprise Security, CCC protects data, code and/or algorithms from privileged users, system owners, including systems that have been hacked. The added bonus is being able to cryptographically prove that statement.

Obvious use cases include multi-step processes, such as artificial intelligence. In situations where multiple training datasets can be poisoned, the LLM engine can be poisoned, as well as the prompts and responses, how do you prove that none of the above occurred? The answer to this is − with great difficulty or worse, the completely implausible, ‘trust me’.

As Forbes recently opined: “Privacy is becoming an infrastructure requirement.”

The leadership takeaway: If you handle sensitive data (health, legal, finance, enterprise IP), assume customers will increasingly ask: “Where is my data processed, who can access it during inference and how can I verify that?” The ‘trust me’ cliche is losing out to a demand to ‘prove it’.

Then we come to secure multi-party analytics. Hardly a month passes without a high-profile announcement of data sharing initiatives such as Shoprite and Discovery, Dischem and Capitec Bank, Pick n Pay and FNB. Questions must be asked regarding data sharing, along with consent and the POPIA act. Enter CCC.

To reemphasise, CCC enables multiple parties to share data, code and/or algorithms that can be cryptographically proven to have never been accessed/viewed/copied (stolen) by any participant.

Each CPU manufacturer has approached the TEE issue in a proprietary manner that prevents interoperability, in addition to requiring significant application changes to support CCC’s TEEs.

Each CPU/GPU upgrade or firmware update potentially requires significant programming changes. Efforts are underway to ‘virtualise’ the interaction with the various CCC capabilities.

Effectively, this approach enables any application to make use of ‘data in use’ protection, without requiring changes to the application code.