Confidential Data Clean Rooms – The evolution of sensitive data collaboration
Published Apr 11 2022 09:32 PM 14K Views
Copper Contributor

Secure data collaboration between multiple parties has the potential to revolutionize societies, businesses and industries for the better. Collaborating on sensitive data assets facilitates innovation to unlock new value for organizations.


But why now? Previously, organizations could only collaborate on data via a trusted third party. Organizations that needed to pool their data together would trust that data to this third-party, who in turn would give them access to their combined data insights.


However, this meant organizations gave control over their data away to this third party, leaving their sensitive data exposed to a potential data breach or leak. Naturally, taking a risk like that was not an option for many organizations and if it was, it would take months or even years until it was set up.


Today, with the latest encryption in-use technology such as Azure Confidential Computing, data collaboration can be done in a secure environment, without the need to trust any third parties.


Azure Confidential Computing is core to Decentriq’s data clean rooms, which unlock billion-dollar opportunities in healthcare, media, and financial services. Multiple parties can now collaborate on their sensitive data in Decentriq’s data clean rooms in minutes and in a secure manner. Organizations can easily analyze data in Decentriq with some of the most popular programming languages, such as Python and SQL.


With Azure data centers in Europe, North America, Asia and Australia, this global scale provides organizations from any location with optimized access to Decentriq’s data clean rooms.


Selection of use cases for Decentriq’s data clean rooms


No matter the use case, with Decentriq's data clean rooms on Azure confidential computing, user’s sensitive data is protected at all times, and processed only inside verifiable Trusted Execution Environments.


Custom marketing audience activation




With the impending phasing out of third-party cookies, brands will be left without valuable customer data and insights.


Fortunately, brands and media owners can now turn to Decentriq – the most secure and compliance-future-proof data clean room – to perform joint customer analytics and compute customer overlaps.


Both parties can generate deeper insights to enable the brand to build custom audiences, execute precise audience activation and assess campaign attribution for more effective marketing even in a cookie-less world.


Collaborative cyber defence


Secure data collaboration in Decentriq’s data clean rooms can facilitate cyber defence collaboration. Multiple organizations can now collaborate on their confidential cybersecurity data by securely connecting common Incident of Compromise (IOC) data via API or a simple to use UI in Decentriq's data clean room.




With the collective insights generated, organizations can benchmark themselves against their peers on historical IOC data and cyber defence spending efficiency. Organizations can also train models on a much bigger dataset than what is available in a single organization, that would help them better anticipate future attacks. This common cyber incident database is being developed by Decentriq as part of the Swiss Army’s program for innovative cybersecurity solutions.



Hospitals and pharma collaboration


While working with patient data is a common request of pharmaceutical companies, accessing this data had been an extremely cumbersome process. Hospitals had to anonymize their data before the analysis and still bear the risk that this data could be de-anonymized or used for something else than it was intended.


However, with the Decentriq platform, data collaboration can now be done in a matter of minutes, allowing hospitals and pharmaceutical companies to collaborate on real-world evidence (RWE) data securely in a data clean room, and even link together multiple hospitals’ data together.


Earlier this year, for the first time, sensitive pharmaceutical data was used in an Azure confidential computing environment, where 20 of the largest pharmaceutical companies in the world collaborated in a Decentriq data clean room to perform benchmarking among themselves. At the same time, Decentriq is working with pharmaceutical clients to help them get access to hospital data in Switzerland and Belgium in a compliant and secure manner.


“Decentriq’s confidential computing technology brought the necessary flexibility to our yearly benchmarking study and upscaled confidentiality levels to the current requirements of our pharma customers.” - IM Associates



Address verification


Secure data collaboration can impact the banking industry too and solve an age-old problem of outdated customer addresses. Banks and their local postal companies can now securely collaborate on their customer databases in Decentriq’s data clean room.




Banks can match their customer addresses and subsequently update their mailing list with up-to-date addresses found in the postal company’s database, without disclosing their customer data to the postal company.


Previously, either organization had to share their entire customer list with the other party in order to do matching and get the results back. This meant that an organization had to give up control over their customer data and trust this sensitive data with the other party.


"Decentriq enables a whole new perspective on how we can innovate with data that wasn't possible before." - PostFinance



How Decentriq leverages Azure confidential computing for secure data collaboration


Azure confidential computing is core to the guarantees provided by Decentriq’s data clean rooms. Behind the scenes, confidential computing technology allows Decentriq to provide two guarantees that would be impossible without it.


  1. Confidential computing provides hardware-based memory protection that enhance data security in the cloud. Azure or Decentriq cannot inspect any data that enters the Decentriq platform, even though the Decentriq platform is managed by Decentriq and is deployed on infrastructure owned by Azure.

By relying on the design of confidential computing, the data is inaccessible to entities external to the trusted execution environment, even during computation. Hence, no administrators can inspect the data. This includes the infrastructure provider, such as Azure, and the platform provider, Decentriq.


  1. Confidential computing provides end-to-end verifiability of the Decentriq platform, so that users can independently verify the platform code running in Azure Confidential Computing.

Core to the guarantees of the Decentriq platform is the attestation process. The attestation process allows Decentriq’s users to independently verify the security and privacy guarantees of the platform. It is comprised of two distinct parts, that are combined into a single exchange, and remove the need to trust the cloud provider or Decentriq.


  • Every user connected to the Decentriq platform will first attest through the respective CPU manufacturer that they are indeed connected to a confidential computing instance. Every confidential computing CPU can attest themselves without the need to trust the CPU owner with it.
  • Every user can attest that the software running in that CPU instance is indeed the software that the user expects (the Decentriq platform with all its features). Through our code auditing procedure, we enable users to individually audit and validate the code that is running on our servers this way.

Until now, using any data analytics offering in the cloud meant relinquishing trust over the actual workings of that software to the analytics platform provider. Even if the provider would allow them to audit the code, there is no way to know that this is the code being deployed on the managed service. And even if they knew that, there is no way to know that no admin inspects the data while unencrypted in memory. Only with confidential computing they can be sure that the code they audit is the code deployed and that even admins are not authorized to access any data.


Unlock new value from sensitive data assets today


By leveraging Decentriq's data clean rooms powered by Azure confidential computing, users are guaranteed a level of data security and protection that goes beyond existing data analytics platforms.


Decentriq allows users to collaborate on sensitive data with partners while completely preserving privacy of their data and adhering to strict regulatory standards.


No matter the intended use case, organizations can sustain a competitive advantage by effectively leveraging their sensitive data assets in data clean rooms, while maintaining the highest levels of data privacy.



1 Comment
Version history
Last update:
‎Apr 22 2022 12:46 PM
Updated by: