Cape's Blog

Updates and announcements from our team

Cape is an easy way to run serverless functions on encrypted user data while keeping it confidential; it is serverless confidential computing. Try our beta for free.

Gavin Uhma
Gavin Uhma
Encrypt your users' data, deploy your functions, and run in auto-scaling secure enclaves.

In a world of data privacy threats from malevolent actors using information to blackmail to the steady drumbeat of identity theft, there’s the ever bigger question of do you know where your data is? Do you know how it’s being protected? 

Bessie Chu
Bessie Chu

I was recently reminded about the tool mkcert and it inspired me to add a TLS example to the Nitrogenmkcert makes its incredibly easy to test TLS with your application during local development. Its very important to note that the TLS certificates generated by mkcert should only be used for development and never production applications.

Justin Patriquin
Justin Patriquin

Credit card fraud is a form of identity theft, which involves using another person’s credit card to make purchases or withdraw cash advances without the card owner's consent. Fraudsters may either obtain your physical credit card, or just steal your credit card information such as the account number, cardholder name, and CVV code and use it to take over your account. 

Ellie Kloberdanz
Ellie Kloberdanz

TL;DR: Nitrogen is a tool for deploying web servers, databases, and other services to AWS Nitro Enclaves. Given a Dockerfile, Nitrogen will spin up an EC2 instance, configure external networking, and build and deploy your web service. What you get back is a hostname and port that's ready to use. Nitrogen is fully open source and comes with pre-built scripts for popular services like Redis, and Nginx.

Gavin Uhma
Gavin Uhma

The NSM is a powerful tool that allows developers and clients to customize the Nitro Secure Enclave system to fit the needs of problems they are solving. The Nitro Secure Module (NSM) provides some of the core functionality of the Nitro Enclave. The NSM API allows the client to set, query and lock PCRs, enabling precise control over the PCRs depending on the security guarantees built on top of the NSM. Note: by default the built-in PCRs are already locked and can only be queried. See here for more details of built-in PCRs. With the NSM API, the client can also get an attestation document and generate secure random values for use in cryptography.

Justin Patriquin
Justin Patriquin

Performing data analysis and modeling on medical data can provide extremely useful insights into both public and individual health. However, there are two primary challenges when it comes to running statistical analyses or developing predictive models with medical data. The first challenge is the size of medical data sets. Medical trials often include a number of participants that may be too small for creating complex machine learning models. The second challenge is the fact that medical data are governed by various privacy rules and laws such as HIPAA. One approach to solving this issue is to use differential privacy techniques that obscure data points related to specific individuals to preserve privacy of their information. However, the downside is that this allows for studying only aggregated data at a high level. Moreover, the noise added to individual data points to ensure privacy may result in data that is manipulated too far from the original. Therefore, there is a trade-off between the noise added (also called the privacy budget ϵ) that provides stronger privacy protection and the utility of the data. The figure below demonstrates this trade-off between data privacy and utility with an example of an employee database query that returns the total number of employees in two different months. We can see that as the privacy budget increases, the total count of employees becomes inaccurate, which may help to hide some private information such as a termination of a specific individual at the expense of accurately reporting the total headcount.

Ellie Kloberdanz
Ellie Kloberdanz

In the no-longer-as-niche world of distributed systems, there is always a fundamental problem whose solution came to be the building block of modern day massively distributed computation platforms. Of course I'm talking about consensus. Past versions of achieving this include algorithms like Paxos and Raft, which have seen much adoption in today’s distributed services. Before we get any further though let’s get some term definitions out of the way. 

Eric Zhang
Eric Zhang

In this post, we’ll be exploring one of the many hazards of multi-tenancy, and just how hard it can be to get security right!

Kyle Kloberdanz
Kyle Kloberdanz

Apparently I am a “reformer”. That’s what I learned recently when I completed an Enneagram assessment. If you’re not familiar with Enneagram, it is the latest personality assessment to achieve popularity. It works by asking the subject to react to a set of statements, from strongly agreeing, to neutral, to strongly disagreeing. When you complete the assessment, your reactions get tallied to categorize you as one of nine personality types: reformer, peacemaker, individualist, etc. You can then read about your personality type to gain some insight about yourself.

David Besemer
David Besemer

Sometimes the data you need to process is sensitive, but sometimes so are the things you’re searching for. We encountered a use case that needed to sift through streaming network data and look for hits on certain IP addresses. The data itself was sensitive, but the search criteria was even more so because it identified targets of an investigation.

Michael Gardner
Michael Gardner

Sentiment analysis is an application of natural language processing (NLP) that classifies the sentiment of text, typically as either positive or negative. Because vast amounts of data exist in textual form, sentiment analysis has a lot of practical applications including social media monitoring, customer feedback analysis, news analysis, market research etc. Processing this type of data in an automated manner therefore allows for extracting valuable information efficiently.

Ellie Kloberdanz
Ellie Kloberdanz

At Cape Privacy, we strongly believe in protecting users’ data. In fact, we built a company dedicated to making that simple for any developer. We do this by extending data protection from “at rest” and “in transit”, to “in use” as well. When using Cape serverless functions, you are leveraging confidential computing via simple API calls.

Michael Gardner
Michael Gardner

Attestation is a feature provided by enclaves to help verify that the user is communicating with a known enclave. Using hashing algorithms and public key cryptography, the user is able to verify that the enclave is the enclave they are expecting and create a secure channel of communication. AWS Nitro Enclaves provide platform configuration registers (PCRs) which contain hexadecimal values that help the user determine exactly what is running inside the enclave. These hexadecimal values are hashes of the software running inside the enclave, as well as hashes of the certificate that signed the software.

Justin Patriquin
Justin Patriquin
The attestation process during cape run.

The ability to process data securely is historically managed through various tools and policies.  In the world of human resources, organizations may manage employee data through a single system and have policies in place to limit access. However, this data may at times need to be accessed and shared with other parties, internally and externally, including finance, department managers, insurance providers. Since this data tends to be sensitive information including employee personal information including family members, social security numbers and salary information, the ability to process this data securely is important. Because of this sensitivity of personally identifiable information (PII); generally, pay inequality findings are reported only to senior management and managers as it could potentially reveal inequitable compensation if shared with all the employees. 

Alan Wong
Lee Rosen
Rahul Ramesh
Shweta Sah

The Confidential Computing Consortium defines Confidential Computing as:

Bessie Chu
Bessie Chu

As an innovative tech company, Cape Privacy relies on a diverse and skilled team of professionals who bring their talents to a highly collaborative environment. Through that collaboration we are building a platform that protects security by default with a novel combination of secret sharing and secure multiparty computation.

Jenny LaPierre
Annie Tan

As an innovative tech company, Cape Privacy relies on a diverse and skilled team of professionals who bring their talents to a highly collaborative environment. Through that collaboration we are building a platform that protects security by default with a novel combination of secret sharing and secure multiparty computation.

Bessie Chu
Jenny LaPierre

As an innovative tech company, Cape Privacy relies on a diverse and skilled team of professionals who bring their talents to a highly collaborative environment. Through that collaboration we are building a platform that protects security by default with a novel combination of secret sharing and secure multiparty computation.

Ellie Kloberdanz
Bessie Chu

As an innovative tech company, Cape Privacy relies on a diverse and skilled team of professionals who bring their talents to a highly collaborative environment. Through that collaboration we are building a platform that protects security by default with a novel combination of secret sharing and secure multiparty computation.

Luisa Herrmann
Ellie Kloberdanz

As an innovative tech company, Cape Privacy relies on a diverse and skilled team of professionals who bring their talents to a highly collaborative environment. Through that collaboration we are building a platform that protects security by default with a novel combination of secret sharing and secure multiparty computation.

Shweta Sah
Chris Friesen

As an innovative tech company, Cape Privacy relies on a diverse and skilled team of professionals who bring their talents to a highly collaborative environment. Through that collaboration we are building a platform that protects security by default with a novel combination of secret sharing and secure multiparty computation.

Annie Tan
Shweta Sah

As an innovative tech company, Cape Privacy relies on a diverse and skilled team of professionals who bring their talents to a highly collaborative environment. Through that collaboration we are building a platform that protects security by default with a novel combination of secret sharing and secure multiparty computation.

Chris Friesen
Grace Poetzinger

As an innovative tech company, Cape Privacy relies on a diverse and skilled team of professionals who bring their talents to a highly collaborative environment. Through that collaboration we are building a platform that protects security by default with a novel combination of secret sharing and secure multiparty computation.

Grace Poetzinger
Reesha Dedhia

The financial services industry has a reputation for being highly risk averse. Institutions that are entrusted with the wealth of individuals and organizations, and that are under strict scrutiny from state and federal regulators, are right to be cautious in their affairs. That’s because the trust on which they stake their reputations is as important as the assets that are on their balance sheets. Banks, investment firms, brokerage houses, and other financial services organizations must be extremely careful with their customers’ money.

Reesha Dedhia
Reesha Dedhia

Cape Privacy’s Head of Marketing Reesha Dedhia recently sat down for a two-part conversation with the company’s Co-Founder and CTO, Gavin Uhma. In Part Two, Gavin describes what happens when an organization grasps the idea that they can keep data encrypted and still put it to work–in the cloud. Then he explains why Cape Privacy’s partnership with Snowflake is the ideal combination for financial services organizations. Finally, Gavin offers an inspiring vision of what’s possible when data–and individual privacy–is protected by default.

Gavin Uhma
Reesha Dedhia

Cape Privacy’s Head of Marketing, Reesha Dedhia recently sat down for a two-part conversation with the company’s co-founder and CTO, Gavin Uhma. In Part One, they talk about the meaning behind the Cape Privacy name, the importance of privacy and data security, and the “Aha!” moment when organizations come to understand what Cape Privacy does.

Gavin Uhma
Reesha Dedhia

Many enterprises today use tokenization to protect their sensitive data and incorporate tokenization workflows as part of their data protection ecosystem. However, tokenization alone does not solve protecting sensitive data in-use or facilitate the most secure environment for using sensitive data for machine learning. 

Bessie Chu
Yann Dupis

Financial Services institutions are in a constant struggle to stay ahead of fraud and other financial crimes. The reasons are simple: financial fraud harms people, costs money, and undermines brand trust. When fraud occurs, the financial institutions involved often bear a disproportionate cost. The most recent LexisNexis True Cost of Fraud study found that every $1 of fraud perpetrated costs financial services organizations $3.64. And those dollars add up. Professional services and consulting firm PwC recently calculated the cost of financial fraud in the U.S. at $42 billion.

Reesha Dedhia
Reesha Dedhia

Know Your Customer (KYC) refers to a set of financial services industry standards and guidelines designed to protect both the client and the service provider from fraud. Under KYC a detailed customer profile is built and maintained, and all transactions are monitored and evaluated based on an accurate understanding of the customer, their risk profile, and all applicable laws. KYC starts with accurate identity verification, and from there is used to keep the customer safe by detecting and preventing attempts to defraud them, and to protect financial institutions by detecting suspicious activity and preventing them from being used as a part of any criminal operations, in compliance with Anti-Money Laundering (AML) regulations.

Reesha Dedhia
Jason Mancuso
Rahul Ramesh

Personalization can be a powerful tool for reaching and converting new customers–and better serving the customers you already have–by delivering a message that is in-tune with their interests and needs. According to a study by Forrester, AI-driven personalized marketing was responsible for an average 5% incremental improvement in customer conversions and a 5.5% increase in online purchases. That’s impressive; but what if AI could be used to personalize products as well as messaging?   

Reesha Dedhia
Reesha Dedhia

Keeping data secure is a business imperative. That’s because the costs associated with a data breach are significant, and the risk of technical or human error, or an attack by threat actors, is ever-present. According to a 2021 cost of a data breach report, compromised data will cost an average of $4.24 million per incident; but for certain industries the costs are much higher. Healthcare and financial services are at the top of the list with average costs of $9.23 million and $5.72 million respectively. Fines, legal fees, remediation, customer churn, and erosion of brand trust are among the factors contributing to resultant losses.

Reesha Dedhia
Reesha Dedhia

Buy now, pay later (BNPL) is a major trend in e-commerce. Seen as an alternative to traditional credit cards, the concept of BNPL is not new, but technology has revolutionized the process of evaluating and extending instant consumer credit for both online retailers and third-party applications. And it’s catching on.

Reesha Dedhia
Reesha Dedhia
Powerful AI predictions for financial services - buy now pay later

When discussing the application of prediction intelligence with the financial services industry, we usually end up uncovering a lot of latent conflict within organizations that recognize the potential for making better, more timely decisions with AI-based tools. Decision-makers and portfolio managers see the possibilities for mining rich data stores for critical insights that can improve the results of their products and trades. Security, legal and privacy officers, uneasy with the idea of putting sensitive and personal data in play and at risk, are understandably raising questions and intervening on the side of caution. Meanwhile, CTOs are caught in the middle, trying to maximize the value of their organizations’ data, while operating within the boundaries set by legal to steer clear of regulatory violations. 

Reesha Dedhia
Reesha Dedhia

Data creation and collection is a vital aspect of doing business in financial services. Every transaction and customer interaction creates a data trail that, in aggregate, can reveal valuable trends and insights. When analyzed with the right models, financial data can be used to create decision intelligence and generate predictions that can be used to improve trading performance, reduce risk, create and improve products, detect fraud, and give the user a competitive edge.

Reesha Dedhia
Reesha Dedhia

The second in a series of twenty five-year reports tracking the progress, impact, and evolution of artificial intelligence over the next century was issued recently. Led by Stanford University, the first of the ambitious One Hundred Year Study on Artificial Intelligence (AI100) was issued in 2016. The 2021 report was joined by experts from The Alan Turing Institute, Brown University, California Polytechnic University, Cornell, Duke University, Georgia Institute of Technology, Google, Harvard University, LinkedIn, the London School of Economics, McKinsey & Company, MIT, Ohio State University, Okinawa Institute of Science and Technology Graduate University, Oxford, Portland State University, the Santa Fe Institute, Sony AI, University of Edinburgh, University of Melbourne, University of New South Wales, University of North Carolina, University of Pennsylvania, University of Texas at Austin, and University of Toronto. 

Reesha Dedhia
Reesha Dedhia

Technology research and consulting firm Gartner recently published their Market Guide for AI Trust, Risk & Security Management. Cape Privacy is included among the wide-ranging list of vendors who apply artificial intelligence in its various forms to help address the challenges of protecting data and the networks and systems that work with, store, and manage data. According to Gartner, who shortened the category to AI TriSM, the guide “comprises multiple software segments that ensure AI model; governance, trustworthiness, fairness, reliability, efficacy, security and data protection.”

Reesha Dedhia
Reesha Dedhia
Cape Privacy has been recognized as a vendor in the Gartner Market Guide for AI Trust, Risk & Security Management, AI TriSM

In a recent Cape Privacy Webinar, A Discussion on all-Things Machine Learning, Data Science, and Data Privacy, Cape Privacy CEO Ché Wijesinghe and Priceline CTO Martin Brodbeck talk about Brodbeck’s wide range of experiences managing and analyzing data for top companies and innovators like Pfizer, Shutterstock, Diageo, and a number of private equity firms. The pair also focus on his current work with one of the world’s leading travel and e-commerce brands.

Reesha Dedhia
Reesha Dedhia
Learn about a CTO's perspective on encrypted learning.

Over the next ten years, data science roles will change as the skills and tools data scientists rely on evolve, driving 15% growth for the profession, according to the Bureau of Labor Statistics. The ability to extract valuable insights from data is too important for organizations to ignore, and investments and innovations in data science will improve decision-making. And a big part of that evolution will take place through advancements and innovations in machine learning tools that will make it easier for data scientists to do their jobs. Those innovations are already unfolding.

Reesha Dedhia
Reesha Dedhia

Data science is a key field for revealing “what’s next,” and data scientists have a lot of powerful, sophisticated tools for turning data into critical insights. Often what they don’t have is access to high-value data stores they can use to refine their models and make their breakthroughs. In machine learning, better tools and better data produce better outcomes; but data privacy regulations can keep data scientists from rich, fresh sources of insight and optimal results.

Reesha Dedhia
Reesha Dedhia

Machine learning is a powerful tool for driving high performance in a broad scope of business applications. It is a powerful means for gaining insights from data by finding patterns and correlations that might otherwise remain obscured by routine analysis. In fact, what drives improved performance of machine learning (ML) is data, and lots of it.

Reesha Dedhia
Reesha Dedhia

Data science is all about combing through massive stores of data to challenge conventional wisdom or discover new and surprising insights that can lead to better outcomes in business practices, scientific research, public policy, health and safety, and other aspects of living in the modern world.

Reesha Dedhia
Reesha Dedhia