Success Story: Realizing a new level of secure data collaboration with confidential computing

by CoCEM/CanaryBit team

The Challenge

CanaryBit is providing a solution for confidential data collaboration. Today, data owners that do not have the necessary data analysis capacity (for example software or expertise) often choose to transfer data to a third-party business intelligence actor for processing. This means giving data away in clear text, with no verifiable technical way to prevent it from being used for other purposes, transferred to other parties, or simply being stolen. In rare cases, business intelligence actors transfer their data processing setup to the data owners, at the risk of losing control over valuable intellectual property.

The Solution

CanaryBit’s Confidential Cloud platform enables users to maintain ownership over their digital assets (data, code, algorithms) whenever they are being used. The solution developed within the DAPSI program will help situations when two or more parties need to establish a trustworthy relation for confidential data analysis. This means that they can collaborate, process data sets, and obtain the results without having to give away either their digital assets: data sets, software applications, machine learning models, and algorithms. Fundamentally, Confidential Cloud helps establish an automated, mutual, cryptographically verifiable trust relationship between entities that want to collaborate for data processing. What makes this solution unique is the combination of the latest Privacy Enhancing Technologies and Confidential Computing for verifiable security, along with the strong focus on usability.

DAPSI support

The DAPSI experience was fundamental to the formation of our team and formulation of the service. The training sessions from the business coaches were particularly valuable, they helped us understand how to deconstruct the customer pains and systematically use this knowledge to build our product. Likewise, the one-to-one sessions with our assigned business coach helped us deep-dive into the problems that we were facing in the very early months of setting up our businesses and focusing on a target market.

DAPSI journey – Achievements from first phase of the DAPSI programme

In the first phase of the project, our effort focused on assessing our assumptions about the product and the market.

1) Product Development: We managed to successfully create an environment where data and applications were able to be executed in a safe and trusted environment with no possibility for any external entity to access either resources during the computational phase.

At the same time, we defined a first version of the solution’s architectural description in order to make it easy to use for our customers. We then used the outcome of this activity to define the product APIs https://api.confidentialcloud.io and documentation https://docs.confidentialcloud.io/.  Also, we integrated a toolbox of services to constantly monitor and evaluate the status of our services.

2) Market research: The solution we are providing can be applied to several industries from energy production to fashion, from banking to automotive. Hence, we have spent many hours performing deep analysis of the market and finding early adopters. All in all, the market is likely to grow exponentially over the next few years, projected to reach 54 billion USD in 2026.

We invest heavily in community-driven efforts and for this purpose we have also joined the Confidential Computing Consortium (CCC) and The Linux Foundation (LF) in addition to local hubs like Gaia-X and Cybernode Sweden.

DAPSI journey – Achievements from second phase of the DAPSI programme

On the technical side, during the second phase of the DAPSI programme, CanaryBit has made significant progress in deployment automation and reproducible builds of confidential enclaves.  We also introduced multi-cloud support, allowing end-users to deploy confidential enclaves on several cloud back-ends. Our implementation is done using Infrastructure-as-Code best practices (see Figure below). These steps were primarily done to put end-users firmly in control over their data and workloads and be able to obtain attestation reports to verify the trustworthiness of their infrastructure.


We have also made some important community contributions. During the second phase of the DAPSI project, CanaryBit became a member of the Confidential Computing Consortium (confidentialcomputing.io) and of the European Cyber Security Organization (ECSO). Moreover, CanaryBit has been actively involved in IETF standardization related to confidential computing, in particular the Trusted Execution Environment Platform work group (TEEP WG) and the Remote ATtestation procedureS work group (RATS WG), in collaboration with the StandICT 2023 project. This helped us both align our service to the on-going standardization efforts and contribute our insights to help create a better and more complete IETF Request For Comments document.

Finally, we have made significant progress in the business validation of our solutions.  By collaborating with partners in a range of verticals (energy, manufacturing and IoT, pharmaceutical, e-commerce, public administration and cybersecurity) we identified repetitive challenges that can be solved using CanaryBit’s confidential cloud platform. We further identified the challenges with respect to data governance and data quality that often need to be addressed to enable data portability and data collaboration projects. This also led to several insights that we subsequently patented to ensure we can develop the Confidential cloud platform unhindered. All in all, the second phase of the DAPSI project helped CanaryBit evolve its product and get closer to a product market fit.

Lessons learnt

The biggest hurdle throughout the programme was to challenge our vision of customer needs and instead analyse them through a structured approach. We addressed this using the tools obtained through the DAPSI training sessions. Another challenge was to identify common collaboration points with other DAPSI teams, but we managed to overcome that and hope to work together in the near future. If we were to go through the DAPSI programme again we would do the same once more – go all in and make the best of it!

What’s next

Besides extreme usability, our long-term goal is massive scalability both in terms of the number of users and in terms of data collaboration capacity. We will be working on all these aspects for the foreseeable future.

More information

You can find out more on our website: https://canarybit.eu

You can also follow CanaryBit on LinkedIn: https://www.linkedin.com/company/42421795