cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

PETs and you: mapping privacy-enhancing technologies to your use cases

Hi All

 

An update on PETs again:  Privacy Enhancing Technologies, something to be well aware of.

 

Every PETs use case has specific data privacy challenges.

These challenges are related to the adversarial model.
This means answering two questions:

- Who has access to the raw, privacy-sensitive data?
- Who are we protecting against; who must not be able to access the raw data?

The graphics in the blog post are very clear and indicate the answers to these fundamental questions. In each diagram, the entities with access to the data are labeled with a , and the adversaries with a .

A number of use cases and corresponding PETs are discussed:

▶️Collecting data privately

Goal: collect data from individual users, but not collect personal data, only learning information about large groups of users.

PETs:
- Secure aggregation (encrypted data points are combined to compute the aggregate result)
- Local differential privacy (adding random noise to each individual data point)

▶️Computing on data privately

Goal: run computations on your sensitive data with a partner, but hide the data from this partner.

PETs:
- Homomorphic encryption (computation on encrypted data)
- Confidential computing (hardware-based approach to encrypt data while in-use)

▶️Joining data privately

Goal: combine your data with the data from other organizations.

PETs:
- Secure multi-party computation (each participant first encrypting their own data. Then, compute the metric of interest)
- Confidential computing

▶️Sharing data privately

Goal: analyze your data, and share some insights about it. Including internal sharing, external sharing, publication.

PET:
- only differential privacy (adds statistical noise to aggregated information)

Differential privacy provides strong privacy guarantees for different kinds of data releases:
-- statistics or other aggregated analyses on the original dataset;
-- machine learning models trained on the sensitive data;
-- or synthetic data, which has the same format as the original data.
 
Regards
 
Caute_Cautim
 

 

 
2 Replies
Caute_cautim
Community Champion

@PasweAccording to ZScaler (Zscaler Private Access - ZPA) and others VPNs are dead.  They will be blocked and not permitted by SASE / CASB implementations.  They remain private to individuals, but a lot of organisations are implementing policies which prevent VPNs from being used.

 

Regards

 

Caute_Cautim

denbesten
Community Champion


@Caute_cautim wrote:

According to ZScaler (Zscaler Private Access - ZPA) and others VPNs are dead.  


Zscaler private access is referring to client-to-site (laptop-to-company) VPNs.  Their claim is that their reverse-proxy can (securely) expose your internal host to via the Internet the need for a full-routing solution to your company.  The issue is that it tends not to work well for I.T. staff who require access to a wide-variety of internal IPs and non-web admin interfaces.