Searchable and Fully Homomorphic: Data Encryption Evolved

data encryption

Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. John Johnson of Vaultree offers a glimpse into the future of data encryption, fully searchable and homomorphic.

Expert Insights badgeWe hear about cyber-attacks and cybersecurity breaches almost every day. Headlines jolt us into the reality that yet another company and its customers have fallen prey to cyber-criminals selling usernames, passwords, and personally identifiable information (PII) on the dark web. Cyber-criminals have a security stack on the dark web enabling them to conduct their business anonymously, which is far superior to the relative transparency that law-abiding organizations must use to conduct their business. What can we do? How can we prevail against cyber-criminals? Although many systems and methodologies are on the market for preventing, thwarting, and discouraging cyber-attacks, it’s virtually impossible to perfectly protect data from every possible attack vector and theft.

Keys to Freedom from Cyber-Theft

The key to victory over cyber-criminals is to not have a key. It’s crucial to deploy cybersecurity defenses, including firewalls, antimalware, authentication, threat and vulnerability management, penetration testing, intrusion detection, and network monitoring tools. However, the foremost line of defense against cybertheft should be Fully Homomorphic (FHE) and Searchable Encryption (SE).

FHE and SE encrypt data not only at rest and in transit over a network, which are common states in data encryption but also while in use. FHE and SE allow searches and processing, such as analytics and computation, to be performed directly on encrypted data (ciphertext) in the same way as on unencrypted data (plaintext). It also means that any data wrested from its systems are useless and impenetrable outside of those systems. With FHE and SE encryption in place, cybersecurity professionals, business leaders, and their customers can rest assured that, even when cyber-criminals penetrate security perimeters and steal data, it’s worthless and impossible to decrypt. This persistent mode of encryption should be the starting point and nucleus of a cybersecurity strategy, sealing the data that is the target of most cyber-crimes.

While many organizations’ reputations, brands, and finances suffer from cyber theft, the impact is minimized when a company announces it took the right steps to fully encrypt data and render it worthless if stolen. Persistent encryption breakthroughs could also improve an organization’s reputation and business. Since many of us may believe that cybertheft is almost inevitable, consumers and businesses, many of whom have been burned by breaches repeatedly, prefer to do business with an organization that fully protects our data from breaches (exposure as plaintext). Cost savings also can be massive. The average cost of a data breach in the United States is estimated to be $9.4 million, a figure that could be drastically reduced if there is no value in stolen data.

Three Types of Homomorphic Encryption

You may be wondering, “Since there’s fully homomorphic encryption, is there also partially and somewhat homomorphic encryption?” Of course! The difference between partially, somewhat, and fully homomorphic encryption lies in the mathematical operations they can perform on ciphertext. Partially homomorphic encryption can perform either addition or multiplication an unlimited number of times. Somewhat homomorphic encryption can perform both addition and multiplication a limited number of times. Fully homomorphic encryption can perform both addition and multiplication an unlimited number of times on ciphertext and is the strongest form of homomorphic encryption.

Concerns About Encryption Technologies

One of the common concerns about any encryption technology, including searchable and fully homomorphic encryption, is its impact on system performance. If system performance, such as the time required to view, search, analyze or process data, is hampered by encryption, that’s a reason not to encrypt data in use; but if performance on ciphertext nearly matches performance on plaintext, the performance trade-off is eliminated, and FHE and SE are validated. It’s now possible to search and process ciphertext at virtually the same speed as plaintext.

Another common concern about any encryption solution is cost and complexity. An organization is unlikely to implement a costly solution that requires considerable modifications to its existing systems and information-technology infrastructure. It’s now possible to seamlessly integrate FHE and SE technology into existing information systems, whether cloud-based or on-premises, with no modifications. That’s music to the ears of IT and security professionals who don’t always march to the same tune.

What about making data available to third parties, such as business partners, and allowing them to search, analyze and process data? Searchable and fully homomorphic encryption remains in effect; there is no compromise to the security of that data and no decryption to plaintext. This supports zero-trust initiatives for third parties in addition to in-house employees and consultants.

New Horizons from Searchable and Fully Homomorphic Encryption

This new encryption standard also opens new opportunities for insights not possible until now. For example, industries such as healthcare and financial services with strict data-privacy regulations can benefit from analytics, artificial intelligence, and machine learning performed on ciphertext. It can be impossible to view or decrypt the data, but it’s possible to gain business insights on anonymized ciphertext. With the daily deluge of data breaches, it may seem that we’re helpless against cyber-criminals, but FHE and SE widely deployed would change the game, heading off this pervasive and ubiquitous criminal industry. We now simply need to lobby and wait for organizations to deploy this vaccine-like shield and solution against cyber-crime.

John Johnson
Follow John
Latest posts by John Johnson (see all)