Join
1
0 Comments

Shared Insights, Private Data: Why Secure Analytics Is Moving Into Everyday Use

by Donald Greene

Modern analytics runs on context, and most organizations find they never have enough. But the richest signals sit in the most sensitive systems. Banks won’t risk pooling their transaction histories, and hospitals can’t expose patient records. Even the largest tech firms tread carefully when stitching internal data together. At the same time, fraud models, clinical tools, customer analytics, and today’s AI models all perform better when fed broader, more varied signals.

That tension is why secure analytics is crossing into everyday use. As the appetite for context grows, and rules governing data become more strict, privacy-preserving computation offers a way for organizations to compute together without revealing sensitive context.

Yang Yang is a leading machine learning specialist and distributed systems architect who helped set the pattern for usable privacy tech. As principal architect for Secure Collaborative Query Language (SCQL), and co-founder and technical lead behind the open-source SQLFlow project, Yang pushed for a familiar entry point, SQL, paired with serious privacy guarantees. SCQL compiles standard queries into secure multiparty protocols, while SQLFlow compiles model-training jobs into reliable, distributed workflows. The stack brings database ergonomics to privacy tech, so teams can collaborate across organizations as if they were querying one database, while each party’s raw data stays put.

What Secure Computation Does & Its Stakes

Suppose several institutions want to know how many customers they share. With secure multiparty computation (MPC), each party keeps data on its own systems and participates in a protocol that yields the same answer a trusted intermediary would produce. What travels over the network are encrypted or secret-shared fragments, and only the authorized, agreed-upon output is revealed.

Standards bodies such as NIST describe this as protecting data “in use,” alongside the familiar safeguards for data at rest and in transit. With breach reporting rules and the GDPR’s headline penalties (up to the higher of €20 million or 4% of global annual revenue), ad-hoc sharing has turned into a major liability for many data-driven organizations. MPC narrows exposure by making computation the boundary for risk.

Turning Collaboration Into A Database Problem

SCQL hides the cryptography behind SQL, a common data management language. SCQL lets an analyst write ordinary queries even when the relevant tables live at different institutions. Behind the scenes, SCQL compiles those statements into an execution plan built on MPC protocols. Each party computes its own tables and no raw data has to change hands. The experience is intentionally familiar, with the security plumbing underneath.

Yang’s view is that developer experience often decides whether a security technology gets used. SCQL treats secure collaboration as a database problem. Its compiler and protocol optimizations keep the low‑level math out of sight while making real‑world datasets tractable. SQLFlow complements it by compiling model‑training tasks to run reliably across distributed infrastructure. Together, they offer SQL-level ergonomics with cryptographic confidentiality, so teams that already live in databases can collaborate without rewriting their stack or relaxing their privacy posture.

This focus on usability has opened the door to wider adoption. When Ant Group open-sourced its broader privacy-preserving computing framework in 2022, teams in finance, insurance, healthcare, and other regulated fields gained a way to evaluate and extend the stack. In that ecosystem, SCQL acts as the database-like entry point, while SQLFlow targets end-to-end machine learning workflows.

Secure Analytics in Practice

Policy has finally caught up with practice. Recent federal guidance in the U.S. stresses controls on data access and information flow for AI and cybersecurity, while NIST’s AI Risk Management Framework has formalized practices many enterprises were already piloting. Exceptions for "temporary" data sharing are much fewer, and scrutiny of how data moves during computation is greater today than ever before.

At the same time, cloud platforms saw wider adoption and matured. Public clouds can now offer the elastic resources and auditable infrastructure suited to MPC and related protocols. That brings low‑latency collaboration within reach for organizations already running distributed analytics. With compliance regimes penalizing casual data movement, privacy‑by‑design workflows are becoming the safer default.

Today, finance teams can check whether a loan applicant appears on overlapping default lists across lenders without exposing the lists. Insurers can compute shared statistics to spot coordinated claims while keeping policyholder details local. In healthcare, consortia can study rare conditions by running statistics across sites while patient records remain behind each hospital’s firewall.

These are familiar cases where collaboration improves accuracy and quality, but moving or exposing raw data would be unacceptable. Yang explains that SCQL is built for these horizontal and vertical data-distribution patterns, so teams can improve models with broader context while keeping sensitive columns where they belong.

Looking Ahead

Yang believes that secure collaboration should feel routine to the people who already write SQL. If the entry points stay simple and the guarantees stay strong, secure analytics becomes the default way organizations work together on data and AI.

The next major gains in AI are expected to come from context, and the ability to join signals across owners without trading away confidentiality. Secure SQL pipelines make this practical as cloud providers and open-source stacks converge on common interfaces, and the cost and latency of these workflows keep dropping. Regulators continue to reward designs that keep data local. Taken together, these trends point to secure analytics becoming the standard way organizations compute together while keeping private data private.

Avatar for Donald Greene Donald Greene
on October 28, 2025
Say something nice to DonaldGreene…
Post Comment
Trending on Indie Hackers
I'm a lawyer who launched an AI contract tool on Product Hunt today — here's what building it as a non-technical founder actually felt like User Avatar 142 comments “This contract looked normal - but could cost millions” User Avatar 54 comments 👉 The most expensive contract mistakes don’t feel risky User Avatar 41 comments The indie maker's dilemma: 2 months in, 700 downloads, and I'm stuck User Avatar 39 comments A simple way to keep AI automations from making bad decisions User Avatar 31 comments I spent weeks building a food decision tool instead of something useful User Avatar 28 comments