Secure Data Sharing Made Easy

How a platform for businesses to securely collaborate with partners can help increase oversight and reduce risk.

Data sharing has become a critical operation of almost any business. In a recent Harvard Business Review report, 78% of companies surveyed responded that the ability to easily access and combine data from a variety of external sources was very important for their company. This is evident in the broad use of data sharing today. From supply chains, to regulation compliance, to product integrations, almost every modern company shares data. Many companies even have data as a core component of their product — such as providing analysis or returning product reports for decision making. And we’re only at the beginning. With advancements in machine learning and predictive analytics, companies are finding novel new ways to extract value out of their data. Data sharing gives businesses access to more data, allowing them to improve their predictive models and provide valuable services such as:

• Better drug discovery and disease prediction in healthcare
• Estimation of traffic congestion and infrastructure wear and tear for city planners
• Improved risk scoring for insurance brokers

These are just a few examples of data sharing’s promising future, but transferring data comes with risks that must be addressed before the its potential is realized.

Current Solutions Lack Control and Oversight

Last year, security researches exposed that dozens of companies were inadvertently leaking personal information and sensitive business data by creating public Box links to share data with external partners. While only intended for one external partner, anyone who could guess the url would have access. Guessing these urls is fairly trivial when done programmatically — allowing security researches to expose troves of sensitive data. In some cases, links were even scraped by search engines, and posted in search results, making the results easily discoverable. As a CISO or data owner at a company, it’s nearly impossible to map and track data sharing across your entire organization. As illustrated by the example above, this is especially true of tools like Box, Google Drive, and Dropbox. These simple storage tools allow individuals to upload raw files, and with just a few clicks, make those files available to the entire internet.

More advanced techniques like SFTP offer better security, but similarly lack the oversight and controls needed to prevent an engineer from accidentally (or maliciously) leaking personally identifiable information or business secrets. Furthermore, file transfer protocols don’t allow partners to directly query a file, and require directories to be predefined and agreed upon for easy file sharing.

Once data is shared, companies have little oversight into how their data is used or if it’s properly protected. Recently a list of 2.4 million individuals that the Dow Jones shared with an external partner was leaked because their partner left it on a server without a password. Thus for data sharing to be done securely we not only need detailed oversight of usage but also guarantees that every component that is involved, from checking policies to giving access, is run with high integrity and confidentiality.

Introducing Oasis Labs’ Secure Data Sharing

In order to quickly and securely share data, we need a solution that allows for easy collaboration with partners while providing the constraints and traceability needed to avoid exposing personal information or leaking company secrets.

There are multiple axes at play when it comes to giving access to your data, whether the data is shared internally or externally, whether the data is shared post transformations such as redaction and anonymization, or query-level access alone with data never leaving your databases, derived data such as trained regression, classification, or statistical models, etc. Sharing can also come with expected tight controls over visibility, such as for use in approved analysis programs with no visibility into the data for any entity beyond those programs.

Oasis Labs offers a secure data sharing product that allows for controlled data sharing, while providing complete oversight over how external partners use your data. Our solution integrates directly with popular SQL databases such as MySQL, PostgresQL and leading data warehouses solutions like Snowflake. Just like our Internal Data Management product, data is accessed via a controlled environment we call a View. Views allow you to set guardrails that control what rows and columns can be queried, transform data before it’s shared, or restrict what queries can be run. Here are just a few examples of the types of constraints that can be added to a View:

• Aggregates: Pre-define aggregates to remove PII
• SQL restrictions: Restrict the types of SQL commands that can be executed
• Column exclusion: Block access to specific columns
• Custom functions: Create custom restrictions to do anything from de-identifying data to controlling sample size
• Differential privacy: Protect query outputs from indirectly exposing PII by introducing noise in query results with bounds on accuracy and how many queries can be run

Your partners can be granted access to a specific View, and can query it via an API. Queries can be run ad hoc, or be done programmatically, enabling deep product integrations between you and your partner. Views can be adjusted and updated at any time, giving you complete control over how your data is shared and accessed externally. Oasis Labs maintains a tamper-resistant ledger of every action taken against a database. The log is stored on a decentralized blockchain that can be accessed via an intuitive dashboard by both you and your partner — giving both parties full transparency into how data is used and accessed. The result is a system that allows you to quickly share data with partners, while giving you complete oversight of what data is shared across your company.

Controlled Data Use With Oasis Labs’ Cleanrooms

While transforming and controlling what data is shared outside your company with Views is critical for secure data sharing, it falls short for two critical use cases. First, situations where sensitive PII data must be shared in its raw form for analysis, and second, instances where you’d like to retain ownership of your data and prevent it from being copied into an external system.

For data sharing that needs the strongest protection, Oasis Labs allows you to spin up a cleanroom environment for controlled data consumption. Using privacy technology called a Secure Enclave, Oasis Labs can create an isolated environment that only allows a specific, predefined application to run on your data. We call these controlled environments cleanrooms. Just like with a View, you specify what data you’d like to make available to your partners application. Data is then encrypted and loaded into at cleanroom, helping ensure end-to-end confidentiality. Your partner then uses Oasis Labs’ API to select an application, which is added to the clean room and given controlled access to your data. Your partner only gets the outputs of the application, while your underlying information remains confidential and secure. Using cleanrooms is especially useful when running a proprietary algorithm on sensitive, external data. Just like your data, your partner’s algorithm remains confidential and protected, allowing for easy collaboration with external partners without the risk of losing valuable intellectual property.

Putting it All Together

At Oasis Labs, we believe that data can and should be used to further business objectives and to drive new discoveries in science and technology — but data use must first and foremost be secure and responsible. To that end, we’re building tools that make it possible to track and control data use not only within the walls of your company, but also as you share it externally. Combining an internal data management solution with our external sharing product can give your security and data engineering teams a precise view of the flow of data, while also giving them the tools to quickly unlock valuable data for new use cases and development.

Curious to learn more about what we’re building at Oasis Labs? Visit our website at oasislabs.com or check out our other blog posts.