Ellison Anne Williams, Enveil: “while it’s important to ensure data protection, you cannot do it by sacrificing usability”
Today’s business world is a data driven world – this is a truth universally acknowledged. But the data itself may not be so universal as some people would like it to be. However, they must understand that with complete accessibility, ensuring data privacy becomes a problem.
While there are a lot of ways to secure personal and company data that is not meant to be accessed by outsiders – for example, by using Virtual Private Networks (VPNs), it is far more difficult to do so when data has to be available for public use, at least to some extent. And asking data owners to share and allow using it doesn’t always work, either, as revealing interest in certain datasets is bad for some businesses.
Thus, Cybernews reached out to Ellison Anne Williams, the Founder and CEO of Enveil, a privacy enhancing technology provider, to talk more about preserving the privacy of sensitive data while still allowing it to be in use, and other cybersecurity challenges related to information privacy and safety that companies face today.
Tell us how it all began. What was the idea behind Enveil?
The idea for Enveil was born out of challenges faced during my time working in the U.S. Intelligence Community. We needed a way to search for sensitive information across large datasets we didn’t own or control without revealing our interest in the information. The search for answers led us to breakthroughs in Privacy Enhancing Technologies – more specifically, homomorphic encryption – which offered the unique ability to protect data while it’s being used or processed. I knew this concept of performing trusted computing in untrusted locations was not just a government problem; any entity dealing with sensitive or regulated information, such as banks or healthcare providers, faces similar issues. That is why I started Enveil: to change the paradigm of how and where organizations can securely and privately leverage data to unlock value.
Can you tell us a little bit about what you do? What issues do your products help solve?
Our ZeroReveal software leverages Privacy Enhancing Technologies, also known as PETs, to enable secure data usage, collaboration, and monetization. Customers can extract insights, cross-match, search, and analyze data assets at scale without revealing the content of the search itself, compromising the security or ownership of the underlying data, or exposing their interests and intent. At its core, PETs are a family of technologies that enable, enhance, and preserve the privacy of data throughout its lifecycle; they are increasingly gaining attention for the critical role they play in enabling cross-border, cross-sector, and cross-silo collaboration. As a category, PETs are transformative — and we’re utilizing them to help our customers use, share, and collaborate with sensitive data in ways that were not previously possible. We also allow that collaboration to take place in a decentralized manner so all contributors maintain positive control and ownership of their data assets.
On your website, you talk about securing the Data Triad. Could you tell us more about this concept?
Enveil is focused entirely on protecting data while it’s being used or processed, what we call Data in Use. This is different from the more familiar types of encryption that protect data as it moves through the network or while it’s at rest on the file system. We think it’s helpful to think of the distinction between these three states of data – at rest, in transit, and in use – as three points of a triangle that we call The Data Triad. While all are important, Data in Use is the segment that is most frequently overlooked, in part because it’s a hard problem to solve but also because, until fairly recently, there was a lack of scalable, practical, commercial-ready solutions.
Have you noticed any new types of data problems emerge during the pandemic?
The pandemic forced many organizations to take a second look at the security, access, and usability of organizational data assets – which I think is a good thing. It solidified the need to access data from anywhere while respecting the demand for global privacy reflected in the increasingly heterogeneous regulatory landscape. This need for remote access caused us to rethink the way things have always been done, and in many cases, the technology was ready to provide a solution. Technologies that may have previously been ‘nice to have’ now look more like necessities.
In your opinion, what security measures should be in place to mitigate these new threats?
Moving or replicating large amounts of data, whether between entities or across internal silos, can be complicated and risky, if not practically impossible. Organizations are looking for solutions that let them securely use sensitive data where it is today. PETs can help address this problem by protecting data during processing and allowing sensitive assets to be shared and analyzed without compromising security or inhibiting use.
What are the issues that come up most often when dealing with large amounts of data?
When I think of the challenges associated with large datasets, I generally think about governance, access, and usability. Each is critical and foundational – before you can do anything else with data, you have to know what you have/where it is, who has access to it, and how it will be used. Security teams spend countless hours trying to solve these problems so that the rest of the organization can put the data to work.
Keeping up with data privacy requirements can sometimes be complicated. What details do you think are often overlooked by organizations?
There is sometimes a temptation to react to regulations by locking down data to the point it becomes unusable, which is really counter-productive. Data is only as valuable as the insights you can extract from it so while it’s important to ensure data protection, you cannot do it by sacrificing usability. When business functionalities are inhibited by the surge in privacy regulations, organizations need to look for solutions that can help them comply while also allowing them to get the job done.
Which industries do you think should put more attention towards securing and managing their data?
While I firmly believe data privacy should be prioritized in all organizations, it absolutely must be a focal point for any organization dealing with sensitive or regulated data. This could be sensitive customer data including healthcare or financial records, but also information that is sensitive to the business such as IP or other competitive intelligence. The modern digital business landscape relies on trust and data privacy is the foundation upon which that trust is built. Neglecting to prioritize it has the potential to damage your business in ways that run far beyond regulatory penalties.
Would you like to share what the future holds for Enveil?
Privacy continues to be a focal point for businesses as they capitalize on the digital economy – Enveil is here to help them address those challenges. PETs are, and will continue to be, a foundational force and key privacy enabler by ensuring business goals can be achieved without sacrificing privacy and security. We’re excited to lead the PETs category as it grows and solidifies in the years to come.