Data clean rooms (DCRs) are beginning to capture attention as potential components of data privacy and AI security solutions, offering a controlled environment for secure collaborative data analysis. However, DCRs have been available for a while, so what do they do and why did Duality decide to support Trusted Execution Environments (TEEs) instead of DCRs? What are the pros/cons of each option and what does the future look like for both? In this article, we talk about the functionality of DCRs and TEEs, exploring their role in safeguarding sensitive information and why Duality, a leading innovator in real-time secure data collaboration, chose to support TEEs over DCRs.
Data clean rooms (DCRs) and trusted execution environments (TEEs) are two infrastructure options reshaping how organizations handle and analyze their most valuable asset – data. But what are these and how do they relate to secure data collaboration?
Data clean rooms are secure, virtually isolated environments that allow multiple parties, including data providers and consumers, to collaborate on and securely use sensitive data. The goal is for parties to leverage clean room technology without concern over the potential risks to a data source that may be considered sensitive, such as personally identifiable information (PII), device IDs, and other geographic, behavioral, audience, or contextual data. In a clean room environment, data is anonymized and analyzed, ensuring data governance best practices are upheld.
Trusted Execution Environments (TEEs) provide a hardware-based or combination hardware-software-based approach to isolating an environment for secure and confidential computing. It’s a secure area inside the main processor where code is executed and data is processed in an isolated private enclave. This technology protects data resources by ensuring no other application can grant access to it, and both insider and outsider threats can’t compromise the original data even if the operating system is compromised. This degree of data security matches the level offered by traditional cryptographic methods like symmetric-key encryption, hashing, and digital signatures, establishing a benchmark for implementing security practices and managing data analytics.
The primary use cases for clean rooms are used by ad tech and marketing tech firms to analyze data they own, where large volumes of PII must be protected during use while TEEs promote multi-party collaboration as the main functional benefit in addition to greater computational capacity. TEEs or Secure Enclaves prioritize secure data sharing and exchanges among multiple stakeholders, overcoming the challenges of secure data collaboration.
Despite their availability for some time, data clean rooms have gained increased attention as a potential solution to address security and user privacy concerns. So, the question arises: Why did Duality opt to back trusted execution environments (TEEs) over DCRs, and what lies ahead for both technologies?
Data clean rooms and trusted execution environments (TEEs) offer unique approaches, each with its own set of advantages and considerations.
DCRs have several advantages, including enhanced security measures and the ability to facilitate collaborative analysis while complying with privacy laws. However, while DCRs provide a controlled environment for collaborative data analysis, the reliance on trust can introduce inherent risks. Since the provider or administrator is a trusted party that has access to the shared data, there are concerns about potential data breaches. This is particularly significant when dealing with customer-level data and analyzing consumer behavior, where the stakes for privacy and data integrity are important to maintain competitive advantages and foster trust with consumers.
In contrast, Duality’s approach is to remove “trust” from multiparty data collaboration workflows, which is the main reason we chose to operationalize TEEs in addition to other security and privacy technologies. Combined with the Duality Platform, there is no trusted participant in a multiparty collaboration workflow when using a TEE. The data, the model, and the computations are encrypted before being sent to the TEE. Once inside the secured environment, robust access control ensures that the data and model are protected before and during computations. Once inside the environment, the datasets and models are decrypted, computations are run, and insights are generated, encrypted, and returned only to the analyzing party. At no time does any participant have direct access to any data or model that they do not own. This approach enhances security by mitigating the risk of unauthorized access and maintaining the integrity of each user’s data while enabling them to benefit from the secure share of insights.
While DCRs have proven valuable in facilitating collaborative data analysis and ensuring compliance with privacy regulations, their future utility might be replaced by software-based solutions leveraging privacy technologies. Such solutions are easier to deploy, have more flexible deployment options, and provide better security and privacy guarantees.
As organizations navigate data privacy and security, data clean rooms and trusted execution environments are pivotal technologies in ensuring the confidentiality, integrity, and availability of sensitive information. While DCRs have proven valuable in facilitating collaborative data analysis and ensuring compliance with current privacy regulations, their future utility might be challenged. The potential for DCRs to evolve into more dynamic and adaptable platforms could open up new possibilities for data collaboration across various sectors but without significant innovation, DCRs risk becoming obsolete.
Emerging software-based privacy solutions are seen as more adaptable to the rapid change in regulatory practices, potentially making them more suited for future needs. TEE’s strong security architectures naturally protect data during processing. Particularly in the context of Responsible AI, TEE-based workflows offer model IP and input data protections through robust access controls, and data governance and reporting mechanisms that align closely with evolving regulatory requirements while fostering innovation and collaboration.
For more information, watch our on-demand webinar about AI Development with AWS, or contact us to see how Duality Tech can protect your sensitive data in a secure environment while giving you the ability to access, share, and collaborate securely.