Intro to Privacy Tech, Part 2
[This is part 2 of a 3-part series on Privacy Tech. You can find part 1 and part 3 at these links.]
In a previous post we presented the current state of privacy tech – starting with how large an issue private data is to us and continuing to describe different types of privacy tech.
In this post, we’ll present information about moving data into the cloud.
Why Migrate to the Cloud?
To be competitive, businesses must lead with product innovation, value and performance. They must continuously modernize their operations, their services, and their compute infrastructure – including systems and workloads that support it all – but not all businesses can afford to build specialized on-premises data centers. They also cannot move to the cloud due to privacy issues – any encrypted data in the cloud must be downloaded, decrypted, processed, the results encrypted, and then stored back in the cloud. This lengthy process makes any real time data processing infeasible.
The CapEx costs (e.g., buying new servers) and OpEx costs (e.g., cooling and electricity) associated with on-premises data centers have pushed many businesses into the cloud. As more legacy data centers move their workloads to the cloud, it has become a $500B industry, growing at a rate of 21% CAGR year over year.
So why doesn’t every business move its data and processing into the cloud? There are 3 problems currently facing the future of modernized compute in the cloud.
Problem 1 – Cloud is Untrusted
Since cloud providers are 3rd parties, any data stored in the cloud must be stored encrypted. The data cannot be decrypted and processed there because malicious parties with access to that 3rd party could potentially access the decrypted data.
This limitation means that any company that needs to perform computations on private data most likely will not move to the cloud. For example, Visa maintains 4 of its own, private data centers worldwide (2 in the US, 1 in London, and 1 in Singapore), to process user transactions.
Problem 2 – Energy Costs Rise
The second problem facing cloud migration is the rising cost of energy. The cost is not just rising, but due to Corona, Russia invading Ukraine, supply chain issues and other factors, we are in an energy crisis.
For businesses to move to the cloud, they require the security of compute intensive PETs. This added processing comes at a cost, and data centers have no choice but to pass the rising energy costs to their customers (see the following image), which not only is a burden on the customers, but makes it harder for data centers to attract new customers.
Figure 1: Global Energy Demand
The previous image shows the rise (more than 2x) in the cost of energy for data centers – energy use has become a significant factor in the cost of data centers.
The following image shows the magnitude of energy that data centers use. Data centers consume as much electricity as some countries[1].
This high cost of energy has led to a shift from HPC to more energy efficient compute – companies are willing to sacrifice compute performance for cost savings.
Problem 3 – The Need for Speed
As compute becomes more complicated and involves more data, the acceleration required increases dramatically.
From the image you can see that a query, such as running SQL on a database, takes very little processing power, whereas Deep Learning (DL) training, such as for computing an Artificial Intelligence (AI) algorithm, takes much, much more.
GPUs can only achieve up to 200x acceleration over CPUs for these operations, but today’s privacy solutions need 100,000x acceleration. Advancements in software help but cannot provide enough acceleration to meet the privacy challenge.
How can we Make the Cloud Secure?
So far, we described how businesses need/want to move to the cloud, but can’t due to privacy issues. If there was a solution that implemented PETs in a fast, energy-efficient manner, it would open the door to migrating to the cloud.
Let’s take a step back and understand what PETs are.
The next evolution in privacy tech is called Privacy Enhancing Technologies or PETs. PETs enable us to perform operations on encrypted data without ever having to decrypt it.
While research on PETs has been going on since the late 70’s, they are only now beginning to become feasible for real life use cases. While there are many types of PETs, there are two types that provide significant privacy benefits for data centers: FHE and ZKP.
- Fully Homomorphic Encryption (FHE) is encryption that allows arbitrary computation on ciphertexts (as opposed to computing on plaintext). FHE enables an untrusted 3rd party to perform operations on data without revealing the input data or the internal state of the data during computation.
- Zero-Knowledge Proof (ZKP) is a method where one party (the prover) can prove to another party (the verifier) that they know a value x without conveying any information apart from the fact that they know the value x. ZKPs can be used for authentication between 2 parties, where no credentials – even hashed – need to be sent between the parties.
These types of PETs enable us to encrypt our data, store it in a public/cloud location, and perform operations on it without having to worry about it getting exposed.
While a setup using ZKPs and FHE is technically possible, because of the computation needs it is limited to cases where you don’t need the results in real time.
Wrap-up
Moving data into the cloud is necessary for businesses to succeed, but is faced with the challenges of trust, energy consumption, and performance. Once technology solves these issues through real time FHE/ZKP, it will enable a wave of migration to the cloud where sensitive data can be securely processed and stored.
[1] Data from article Data centers keep energy use steady despite big growth.