By Greg Woolf, Founder & CEO
Some of the most impactful innovations occur when teams from across organizations work together to reach their mutual goals. But harnessing the power of collaboration is not just a vehicle for growth.
Collective knowledge and expertise can also be a company’s best line of defense, especially when it comes to thwarting external threats. Until recently, a range of legal, competitive and technological concerns have limited the scope of information sharing across financial institutions. But that’s all set to change with the adoption of Confidential Computing.
What is Confidential Computing?
Confidential Computing has a critical role to play in enabling the secure sharing of sensitive data. While protocols exist to protect data in transit (moving over a network connection) and at rest (in storage and databases), Confidential computing eliminates the remaining data security vulnerability by protecting data in use — during processing or runtime in impenetrable hardware memory, called “enclaves”.
A Collaborative Effort
Confidential Computing isn’t the brainchild of any one company – it’s a joint initiative that includes a range of technology leaders, academics, government regulators and non-profits. This collaborative approach removes concerns of a single company fully owning and controlling this technology.
In addition to creating a critical component to Confidential Computing – Intel® Software Guard Extensions (Intel® SGX) – the company has also driven the initiative’s collaborative approach. As Ron Perez, Intel Fellow and Chief Security Architect in the Office of the CTO notes, “Our approach has been to drive continuous innovation and deep collaboration to improve the confidentiality and integrity of all data, wherever it is.”
In fact, Intel co-founded the Confidential Computing Consortium to bring together a range of companies – including some competitors – to further this technology through collaboration.
How Does Confidential Computing Address Info Sharing Concerns?
Now that we understand what Confidential Computing can do, how is it being applied to the secure sharing of sensitive financial information? Here are three challenges that financial institutions previously faced, and how Confidential Computing can help.
1. Fear of losing competitive advantage by revealing info about customers or fraudulent activity
Fraudulent activity happens at every bank, but that doesn’t mean they enjoy sharing that information with competitors or regulators. If they did however, they’d be able to pool their intelligence about fraudsters and help one another prevent attacks from identified profiles.
For banks that have been hesitant to allow any sensitive data off premises, Confidential Computing provides assurances that their data is fully protected. Unlike memory encryption technologies that leave data within the attack surface of the cloud stack, Intel® SGX provides a protected execution environment with a direct interface to the hardware. This limits access and minimizes the overall performance impact for both the application and other tenants on the server.
FiVerity has adopted Confidential Computing to secure sensitive financial information. Once the information is secure and accessible, we’re able to share critical, but appropriately limited, fraud intelligence across institutions. For example, when using FiVerity’s Digital Fraud Network, Bank A isn’t able to peruse all of the fraudulent activity identified by Bank B. Institutions within the network are only alerted to identified fraudsters that attempt to become a customer or are already present in their portfolio.
2. Fear of data leaks causing reputational damage
Data leaks are always a legitimate concern, but Confidential Computing provides protection against internal leaks and external hacks. Internal access to the sensitive data is protected by secure hardware-level encryption enclaves, which protect information from malware and data breaches at the network, application and operating system levels, and even from admins with physical access.
Data and code isolated in enclaves is even protected if the compute infrastructure is compromised. This is achieved via trusted execution environments (TEE), which use hardware-backed techniques to increase security for code execution and data protection within that environment. Put simply, Confidential Computing protects data from sophisticated hacking attempts as well as common theft, such as stolen laptops.
3. Fear of violating customer privacy requirements
In addition to data encryption, Confidential Computing gives users a higher degree of control over the information shared – making inadvertent violations of privacy requirements less likely.
This is crucial as regulators push for more information-sharing across banks to fight digital fraud. As the Federal Reserve stressed in a series of white papers on synthetic identity fraud: "No single organization can stop wide-ranging, fast-growing synthetic identity fraud on its own. It is imperative that payments industry stakeholders work together to keep up with the evolving threat posed by synthetic identity fraud, which includes anticipating future fraud approaches.”
Confidential Computing at the Heart of Fighting Fraud
Compared to other industries, financial services has been relatively slow to adopt collaboration and information sharing, largely due to regulatory requirements around data privacy. With digital fraud on the rise and regulators calling for a more collaborative approach to tackling the problem however, the time has come for our industry to embrace Confidential Computing, and place information sharing at the heart of its fraud fighting tactic.