PROBLEM

Money laundering

Confidential Bank 1 Outcomes

computing
Increase detection
Run agreed-upon rates.
analytics on the K1
Learn iteratively.
combined, sensitive Bank 5 Bank 2
dataset. Maintain privacy.
Gain insights without Machine learning
giving access. running in
K5 enclave K2

Meet confidentiality
requirements.
K4 K3

Bank 4 Bank 3
SOLUTION
Create a complete picture of fund movement.

Detect fraudulent patterns

(otherwise impossible with a single bank’s dataset)
Q: How do you guarantee data
security in this environment?
Physical clean room Virtual clean room
ROOM
• A room located at one of the
sites
• Security access by card reader
Business logic
Consultant 1 Consultant 2 Consultant 3
PEOPLE Data flow
• Independent consultants to Analytical queries
Insight
analyze companies
• Lawyers representation Platform management
Lawyer 1 Lawyer 2
• Security guard Communication
protocol
Key management
TECH
• Server and VPN access only ✂ ML framework
accessible within room Access Card Server VPN Printer Shredder Data loader
• Printer and shredder to prevent Encrypted Q: How do you guarantee data
data leak security in this environment?
A: Enclave technology (that is,
Azure confidential computing)
Security guard
Big data storage Big data analytics Database engine

Key vault

Read Column master key

Node: SGX-enabled
mHSM
Storage account

Spark driver
Azure SQL

spark.read.parquet(…) spark.read.format(“jdbc”)

Parquet 1 Executors 2
50 GB | 1.5 B rows

Plaintext MSSQL

NYC taxi SGX enclave

dataset
Kubernetes cluster Contoso HR
dataset

Azure attestation

Token