Protecting Sensitive Data with Secure Data Enclaves

Abstract

A Secure Data Enclave is a system that allows data owners, such as governments and private firms, to control data access and ensure data security while facilitating approved uses of data by other parties. This model of data use offers additional protections and technical controls for the data owner compared to the more commonly used approach of transferring data from the owner to another party through a data sharing agreement. Under the data use model, the data owner retains full transparency and auditing over the other party's access, which can be difficult to achieve in practice with even the best legal instrument for data sharing. We describe the key technical requirements for a Secure Data Enclave, provide a reference architecture for its implementation on Amazon Web Services using managed cloud services, and describe four use cases of this architecture in partnerships with state governments to control access to sensitive administrative data.