...by Daniel Szego
quote
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Sunday, April 9, 2017

Emerging trend: Reporting under encryption, KPI under encryption


Reporting and big-data analysis has been having a hype phase in the last couple of years, however considering a system architecture point of view a reporting systems has a pretty big security hole it is because it aggregates different kind of a data from probably the whole company or from several companies. The data is processed and presented in a way for some end-users, however in most cases there is no detail analysis about the fact who can see what. It is usually not such a huge problem as we speak of one company (although the security hole is certainly given), however it will be pretty big cross company discussion if the data is coming from several companies.

As a solution there might be possible to use one of the emerging encryption technology that aggregates the data without actually encrypting them, like with the help of zero knowledge proofs, homomorphic encryption or secure multiparty protocols. In this way not all of the data is leaked only some kind of a specific result is presented.  Let we called the field as Reporting under Encryption or KPI under encryption.

Another solutions might be to heavily use information labeling and filtering identifying who should actually be able to see that kind of data or information. In this sense, the field should be rather called secure reporting and secure KPI-s.