Encryption at rest? Bah, try encryption in-use.

Posted on Wednesday, Mar 22, 2023 by Ned Bellavance

Featured in this episode of Chaos Lever

When we discuss keeping data secure, we often talk about encryption in transit and encryption at rest. Data transit is usually protected by some form of TLS and data at rest uses a combination of symmetric data encryption keys and asymmetric key encrypting keys.

Still, there’s one place the data is not usually encrypted, and that’s in memory where actual work needs to be done with that data. But what if you could perform operations on encrypted data with results identical to running the same operations on plaintext? That’s the goal of companies like MongoDB with their Queryable Encryption feature and data security firm Vaultree with their Data-in-use Encryption SDK. Both of which have products available in the market today.

Another approach behind encryption-in-use is called Full Homomorphic Encryption, which allows for more advanced operations than what MongoDB’s solution can provide, but also requires heavy computation. The idea is not a new one, with academic papers going back several decades. But the necessary specialized chips to make it feasible at scale should be released in 2023.

No word on what technique Vaultree is using in their proprietary SDK, but all of these encryption-in-use technologies add a new level of security to potentially sensitive data. 2023 could be the year of encryption-in-use, forming the final piece of the data security trifecta.