Hey Danny, I completely agree. Full end-to-end encryption is the ideal scenario.
The biggest challenge is how we can bridge the gap between how companies build software today (very little, if any encryption) and how companies will build software in the future. End-to-end encryption is great for scenarios where it's a closed ecosystem (e.g. messaging apps like Signal — although Signal actually trust Intel SGX as a single point of failure[0]), but modern web applications are not that. They interact with third-party APIs, they have UIs; they are not built in complete isolation.
Things like Fully Homomorphic Encryption are exciting (and FHE is ultimately the endgoal for how we built Evervault), but still a long way off being practical for a typical company to build general purpose software with. It also doesn't solve the data sharing scenario — certain companies just can't escape using third-party APIs and services.
Our mission is to encrypt the web, so the first hurdle we have to cross is getting developers who would normally not think about encryption to bake it into their software from day one. We think TEEs, and specifically Nitro Enclaves are the best way to make that happen.
If a better solution comes along, we'll be the first ones to pounce.
Yep, I think that makes sense. Certain use cases will have a need for some kind of on-prem/HSM approach, less from a practical perspective but more from a "doomsday modelling" perspective. Reminds me of the "nobody ever got fired for buying IBM" adage :)
The biggest challenge is how we can bridge the gap between how companies build software today (very little, if any encryption) and how companies will build software in the future. End-to-end encryption is great for scenarios where it's a closed ecosystem (e.g. messaging apps like Signal — although Signal actually trust Intel SGX as a single point of failure[0]), but modern web applications are not that. They interact with third-party APIs, they have UIs; they are not built in complete isolation.
Things like Fully Homomorphic Encryption are exciting (and FHE is ultimately the endgoal for how we built Evervault), but still a long way off being practical for a typical company to build general purpose software with. It also doesn't solve the data sharing scenario — certain companies just can't escape using third-party APIs and services.
Our mission is to encrypt the web, so the first hurdle we have to cross is getting developers who would normally not think about encryption to bake it into their software from day one. We think TEEs, and specifically Nitro Enclaves are the best way to make that happen.
If a better solution comes along, we'll be the first ones to pounce.
[0]: https://signal.org/blog/secure-value-recovery/