Confidential computing (“CC”) enables many data threats during computation to be alleviated. The security and privacy enhancements offered by CC are beyond the usual privacy steps taken by businesses today. However, encloud believes that the current standards are not sufficiently robust for the modern IT architectures and data deployment if the data is sensitive or “high-value”. This is because these standards have been shown to be fragile. For a fuller discussion of the incremental benefit of CC please see this blog. We believe CC will become the standard for enterprise computation on sensitive data.
What is sensitive data?
This question appears partly subjective: how critical is the data to a business’ operations? How much would it cost the company if the data was leaked? However, in some cases the sensitivity is not derived from the value of the data itself, but rather the presence of regulation or a contractual obligation to keep the data secure and private.
The EU offers a framework in its current AI regulatory guidance for data based on its risk of deployment. Typically, these risks stem from the usual regulatory drivers (for example those that seek to protect personal data like GDPR) or that the data relates to a regulated industry (financial services and healthcare typically) or government activity.
To present a holistic strategic framework encloud have combined the EU’s framework for AI data risk with its own commercial judgment. The EU breaks down the risks into Unacceptable risks, High risk, Limited RIsk, and Minimal or No risk. In our judgment, the optimal use cases for CC would be limited and high risk use cases, and accordingly our own framework concentrates on these classifications of data risk. In the table below, we provide a structured approach to classifying use cases and examples of use cases that would fit within each risk classification.
Within our classifications, the use cases for Regulated Industries and Social and Infrastructure most closely resemble the EU guidance. Worth noting both that a lack of compliance with the incoming regulations can result in a fine of up to 7% of global revenues and the EU’s framework is gaining wider acceptance including in the US where regulators have indicated they will likely adopt a similar approach. The Unregulated Industries classification is largely commercial judgment based on experience and primary and secondary research.
The financial services industry has witnessed widespread adoption of AI, with the Bank of England and the UK’s Financial Conduct Authority released publication “Machine learning in UK financial services” identifying that two thirds of respondents had already deployed machine learning in their businesses as of 2019.
Current use-cases from Generative AI and AI more broadly in Financials & FinTech tend to focus on improving customer service models or optimizing costs. Generative AI additionally has potential to help create new investing tools, improve algorithmic trading, fraud identification, and allow for better analyzing of risk.
Credit Underwriting or scoring
Traditional credit scoring models, such as FICO in the US, have known limitations that can leave large portions of the population without credit scores. The traditional model has a simplified recipe with a handful of data sources for predicting an individual’s credit score. By accessing other data sources, or known as ‘alternative data’, credit scores could better reflect the customer and bring financial inclusion to more people. Alternative data could include data from a utility company (or other regular payments and fringe sources like government records, shopping habits, social media presence, etc. These alternative data could be tailored for a particular industry, i.e. auto lender looking at driving records. However, accessing these new data sources is not straightforward and raising significant questions about data confidentiality.
encloud enables a credit scoring service to query alternative data and provide a broader view of an individual’s ability to repay the loans. The data that can be queried can extend far beyond the existing accessible sources that a credit agency has available to them using TEEs. Credit agencies can deploy AI that can query user trends to assess credit rating of a customer across many different sources of information, such as career trajectory, spending behavior, and government records. To provide added assurance to the data sharers, the AI can be run on the sharer’s own network using encloud. This way, the IP from the proprietary AI can be maintained and the sensitive data does not extend past the data sharer’s own infrastructure.
Having the holistic view of an individual could help enhance existing accuracy of credit scoring. The benefits of minimizing credit defaults has obvious benefits for the lender. Additionally, accurate credit models based on individual behaviors make it possible to insulate default events to smaller groups of borrowers and help reduce influxes of large volumes of defaults due to specific industry events, etc.
Sophisticated fraud often leaves traces across many different data sources. Plus, many of these sources of data are highly unstructured and insights are not easily extracted using conventional analytics or machine learning means.
With encloud, any business logic, analytics tools, and AI can be deployed to investigate data from various sources enabled by private sharing. Using a foundation AI model combined with other AI tools across a multitude of data sources, financial services firms or authorities could better detect fraud. Data owners across siloes would be able to share their data freely in a confidential way while helping to prevent fraud. Also by using attestation of the runtime environment, data owners can ensure that only fraud detection models are run on their data – preventing other parties from extracting insights that could impact their competitiveness.
Having data across multiple sources would greatly enrich the evidence from which an AI model can detect fraud. It would offer earlier and more accurate detection while ensuring all party’s data are kept private. By using generative AI, it is also possible to ‘invent’ new fraud schemes that would inform authorities of vulnerabilities in regulations and laws. Such fraud detection technologies can be used to monitor activities in the financial services, healthcare, and government sectors.
Insurance Risk Assessment
Insurance companies are constantly looking for ways to improve their risk assessment models to minimize their risk profiles. A step-change in improvement could be realized by accessing the data across multiple insurance companies. Such data sharing partnerships are not feasible today due to a variety of data confidentiality concerns and regulations.
By using encloud, companies could collaborate in the following ways:
- Data could be pooled together enabling insurance companies to develop their own models across data sources from various companies. With encloud’s confidential computing, each party can ensure that their data and model IP is not accessible by their partners.
- Models can be developed locally within an insurance company’s own infrastructure, then uploaded using encloud to test and compare performance against other similar models. In this case, data, model IP and origin of the data are also kept private from other parties.
- Insurance companies can expose their most performant model to other insurance companies to enable 2nd-opinion services for high value or high risk insurance queries. The confidential data of the customer in the query and the model itself will be kept confidential.
Business impact includes improved risk assessment and overall improvement to the combined ratio of an insurance company. Furthermore, it could enable insurance companies to provide much more personalized policy offerings to their customers. It could also lead to innovative collaborations across insurance companies if protecting customer data is no longer a blocker for collaboration.
Other financial services use cases
- Improved customer experience: Providing personalized services, using chatbots and virtual assistants to provide support and handle customer inquiries, and helping improve the effectiveness of their conversations.
- Business management: Helping financial institutions make informed decisions
- Regulatory compliance: Automating compliance checks and monitoring.
- Digital operations transformation: Speeding up the digital transformation journey, such as legacy code development
- Improved client education: Lowering the barrier to entry for investors and less finance aware clients
Use Cases in Other Industries
Supply Chain Management
Manufacturing firms, ranging from consumer packaged goods to high-tech manufacturing, are always looking to improve their supply chain management because it has a direct impact on margins. The next evolution of supply chain management will require the supply chain to share unsanitized data and have a flexible AI technology that can extract valuable insights about supply chain robustness from these forms of data. However, today, this is not possible due to the lack of trust among the parties within the supply chain due to various data confidentiality concerns, including sharing of data that could leak proprietary information.
By using encloud, the companies could build a data environment where their suppliers throughout the supply chain can input their data without concerns of their data being seen in ways that would extract proprietary information. Then using an LLM, the company can query and investigate the consolidated data to determine the robustness of the supply chain and forecast potential disruptions or shortages.
Another way encloud can be used is if an established supplier with many clients can share their data and an LLM for their customers to query. Doing so enables customers better visibility of the supplier’s operations without leaking their trade secrets.
Leveraging confidential computing through encloud in this way would allow companies to have better insights into potential issues in their supply chain while respecting and protecting the data of their suppliers and partners. It would also enable companies to hire third-party supply chain specialists (i.e. consultancies) to analyze and investigate supply chain problems on their behalf. Such benefits could expand the level of monitoring that companies can perform and provide better peace of mind to their own operations management.
Other industry use cases
- Using IoT platforms to create new applications and analyze data
- Better machine/human interaction
- Process optimization
- Digital twin applications
- Content generation: Generative AI can be used to generate content in multiple languages and thousands of versions
- Generative AI has the potential to fight against counterfeit products, by identifying design differences.
- Cost cutting: reducing the admin burden in multiple domains with access to company data
- Manufacturing: AI can help optimize the manufacturing process,
- Marketing and sales planning and targeting
- Chatbots: Companies can improve online customer service
- Drug discovery and design, patient selection and recruitment.
- AI in patient communication
- AI health coaching
- AI tools for creating and managing electronic health records (EMR/EPR/EHR).
Confidential computing applies to various use cases for protecting data in regulated industries such as government, financial services, and healthcare. For example, preventing access to sensitive data helps protect the digital identity of citizens from all parties involved, including the cloud provider that stores it. The same sensitive data may contain biometric data that is used for finding and removing offensive images and aiding digital forensics investigations.
Often, confidential data is shared. The data may be personal information, financial records, medical records, private citizen data, etc. For example, hospitals and health institutes can collaborate by sharing their patient medical records with a centralized trusted execution environment (TEE). Machine learning services running in the TEE aggregate and analyze the data. This aggregated data analysis can provide higher prediction accuracy due to training models on consolidated datasets. With confidential computing, the hospitals can minimize risks of compromising the privacy of their patients.
Sensitive data aggregation using TEEs can also enable scenarios such as anti-money laundering and fraud-detection. The analytics on the aggregated data set can detect the movement of money by one user between multiple banks, without the banks accessing each other’s data. Through confidential computing, these financial institutions can increase fraud detection rates, address money laundering scenarios, reduce false positives, and continue learning from larger data sets.