[curious_curios]

Two options I’ve seen:

Customer Managed Keys - You have everything encrypted in your database via a key the customer has. You request (likely automated) that key every time you process the data. They can revoke at any point, and have an audit log of every access.

Self Hosting - Let the customer host your solution themselves or automate spinning up a cloud environment for them that they have full control over.

Both are kind of a pain to implement, but that lets you charge more for these enterprise features.

[alliewithane]

I see, I heard about "fully homomorphic encryption" which is faster to implement and allows you to run code on encrypted data but the time complexity is O((10^6) * n) which is insane.

[bobbiechen]

Confidential Computing also provides data-in-use protection and has a significantly more realistic overhead, often <10% in real-world workloads I've seen. However, in this case you might want to combine it with customer managed keys (BYOK) or self-hosting anyways - otherwise the customer has no opportunity to perform remote attestation and prove you're really running in Confidential Computing.

The visualization about halfway down https://www.anjuna.io/solution/secure-ai (my employer) is an example of the self-hosted flavor of this. Happy to discuss deeper, my contact info is in my bio.

[roetlich]

> O((10^6) * n)

Isn't that O(n)? Is there a typo or am I missing something?