Trace Id is missing
November 13, 2023

BeeKeeperAI delivers the secure future of AI development with Azure Confidential Ledger

BeeKeeperAI has developed EscrowAI™, a solution that powers AI algorithm development within a Zero Trust framework. The solution allows the use of sensitive data, without deidentification, to be part of the AI training and testing process. It does this by creating a trusted execution environment in which content is not visible to either data stewards or AI developers, but which delivers verifiable results. By adding Azure Confidential Ledger to EscrowAI to record algorithm and data set relationships for each run, BeeKeeperAI enhanced the solution’s ability to verify results to regulatory bodies.

BeeKeeperAI

“We needed to provide a record that, by its very nature, could not be changed or tampered with. Azure Confidential Ledger met that need.”

Alan Czeszynski, Vice President of Product, BeeKeeperAI

Regulated industries have a data sharing problem. To innovate, financial, government, and health sciences organizations need to embrace novel AI. To build novel algorithms that perform well, AI developers need access to highly protected data. The process of granting access to regulated data across organizations is a slow, arduous process that stymies innovation and slows AI development. Yet data privacy will continue to be of paramount importance.

BeeKeeperAI was created to solve this issue using confidential computing—to the benefit of both data stewards and AI developers. “One of the challenges of implementing confidential computing is that it is built on a foundation of Zero Trust,” says Alan Czeszynski, Vice President of Product at BeeKeeperAI. “The entire computing framework must be proven and verified, and that can be complicated for the casual researcher.”

EscrowAI™, the company’s Zero Trust collaboration platform, provides a fully encrypted, containerized collaboration environment using Trusted Execution Environments (TEEs). Data stewards and AI developers can rest assured that their data and intellectual property remain not only secure but private. The solution works by bringing an encrypted, containerized AI algorithm into a TEE, and then bringing in the encrypted proprietary data. Once within this space, the algorithm and data are decrypted and can interact, all while remaining inaccessible to anyone. The algorithm generates its results and produces a confidential report that details its performance and the generalized characteristics of the data it interacted with. Importantly, only this report may leave the secure space, as the TEE holding the data and the algorithm is destroyed after the process is completed.

Everyone benefits from this process. AI developers get to train and test their models. Data stewards, such as academic medical centers, maintain the privacy of patient-protected health information (PHI). Regulatory bodies are served too, as they can easily verify that their standards are being met.

How it works

EscrowAI is a Software as a Service solution using Microsoft Azure, and has since its early development made extensive use of Azure confidential computing and Intel SGX virtual machines. EscrowAI makes the process of implementing its TEE collaboration environment in the customer’s Azure tenant quick and simple. “To be successful, BeeKeeperAI had to have confidential computing assets, attestation services, and application security services all in one place,” says Mary Beth Chalk, Co-inventor, Co-founder, and Chief Commercial Officer at BeeKeeperAI. “We would not have been able to address this problem without all of those things coexisting in Azure.”

Czeszynski, together with Sudish Mogli, Vice President of Engineering at BeeKeeperAI, next created a collaboration interface built around the concept of a project, with distinct functionalities for data stewards and AI developers. Algorithm developers can encrypt their models locally and upload them to EscrowAI for entry into their project’s container registry, ready to deploy into a TEE. The data steward encrypts the data set locally and uploads this data to Azure Blob Storage. A secure link is then generated that will allow this data to be pulled only into the project’s TEE once it is spun up in the data steward’s Azure tenant. In this way, the data never leaves an environment under the data steward’s direct control. The data only interacts with an algorithm within the TEE that additionally provides total memory encryption, locking out root access and hypervisor access. “We’ve implemented a single push-button that automates the entire process, using an Azure DevOps pipeline, that makes the confidential computing process easy for our customers and eliminates the need for their IT resources to get involved,” says Czeszynski. “Researchers are iterating all the time, so pulling IT resources into this development process for each iteration would cost them dearly, both in terms of money and time.”

A focus on reliable results

One of the solution’s newer innovations has been to incorporate Azure Confidential Ledger, a highly secure way to manage sensitive data records that runs exclusively on hardware-backed secure enclaves, and a minimalistic Trusted Computing Base (TCB). With Azure Confidential Ledger, EscrowAI can deliver even stronger proof points to regulatory bodies. “We needed to provide a record that, by its very nature, could not be changed or tampered with,” says Czeszynski. “Azure Confidential Ledger met that need.”

EscrowAI can now prove, with an extremely high degree of certainty, that a new algorithm meets regulatory standards. Algorithm owners can pull together reports that identify the exact version of a given algorithm that was used, along with the exact data set the algorithm ran on. In addition to this, because everything in EscrowAI is done in its trusted execution environment, algorithm developers can prove that they have not tailored their AI to deliver favorable results with a given data set. “In our system, we can prove with absolute certainty that the algorithm owner has never seen the test data set before they ran their final algorithm on it,” says Czeszynski. “With Azure Confidential Ledger, we take that question off the table. There's no way to dispute it.”

Powering a new wave of innovation

As Czeszynski frames it, there are two challenges the life sciences industry is up against. First, the status quo of deidentifying data to hand it over to researchers harms results by removing the finer details that may be most important to identifying disease. Second, because of an increase in cyberattacks, more and more institutions are refusing to share their data at all. “Our system takes these concerns off the table,” says Czeszynski. “Nobody is taking possession of, or even viewing, sensitive data. Meanwhile, new algorithms can be verified on data sets that have their fine details intact.”

Without a confidential computing solution like EscrowAI in the marketplace, the leadership at BeeKeeperAI believes that increased data security could someday force innovation in the medical industry to slow down dramatically. “With Azure Confidential Ledger and the rest of our Azure tools, BeeKeeperAI lets people develop medical algorithms in a Zero Trust environment,” says Chalk. “For people living with the 5,000 rare diseases for which we have known treatment plans, that means faster diagnosis and more effective care.”

In the future, BeeKeeperAI expects to see its technology adopted in the government security and financial services sectors as well, where data security plays a similar role. Perhaps the search for financial fraud could benefit from new AI tools. Maybe someday soon the laborious task of manually redacting government documents could be a thing of the past. “As our needs for data security and access to specific information both increase, the use cases for a trusted execution environment broaden,” says Chalk. “We started in healthcare because of our company DNA, but confidential computing benefits anyone operating in a highly regulated space.”

Find out more about BeeKeeperAI on Twitter and LinkedIn.

“To be successful, BeeKeeperAI had to have confidential computing assets, attestation services, and application security services all in one place. We would not have been able to address this problem without all of those things coexisting in Azure.”

Mary Beth Chalk, Co-inventor, Co-founder, and Chief Commercial Officer, BeeKeeperAI

Take the next step

Fuel innovation with Microsoft

Talk to an expert about custom solutions

Let us help you create customized solutions and achieve your unique business goals.

Drive results with proven solutions

Achieve more with the products and solutions that helped our customers reach their goals.

Follow Microsoft