Privacy-Enhanced Certification Management

HomeCertification Management
Background

Human capital is the single most important resource for global consultancies, service providers and resellers.  These enterprises rely heavily on certified software professionals to provide expert advice and services across a wide range of business fields, and must allocate massive budgets to obtain vendor certifications from companies such as SAP, Microsoft, Oracle, Salesforce, Cisco, EMC, and IBM, for millions of their employees.  

 

Knowing and managing the precise number and status of vendor-issued certifications held by employees at any given time is of paramount importance for businesses. It not only provides a quantifiable way to differentiate consultancies from competitors, but it also serves as a key metric in determining a company’s bidding capacity and helps executives create sound budgets to accommodate new growth. In addition, it helps companies strengthen vendor partnerships and qualify for alliance programs that offer marketing budgets, dedicated resources and other benefits.

 

Until recently, consultancies, as the primary financiers of training courses, could rely on vendors to readily share information about who passed their exams.  However, since the introduction of data privacy regulations like the GDPR, things have become much more complicated.

Compliance with the GDPR has indeed become a significant barrier to global enterprises seeking clarifications about employee certifications.

Compliance with the GDPR has indeed become a significant barrier to global enterprises seeking clarifications about employee credentials. Large companies can no longer depend on company personnel or vendors to stay apprised of certification results, and it has become increasingly difficult for them to determine:

  • Whether an employee passed his or her certification exam
  • How many employee certifications have been allocated on a per country basis
  • Whether a certificate was attributed to an individual or company
  • When the validity period of a vendor-issued certificate ends

Privacy regulations, coupled with attrition rates, have not only made certification tracking and management nearly impossible, they’ve instilled a strong sense of ambiguity in the validity of staff qualifications.

 

The growing inability of large consultancies to accurately manage certifications within their group has severe commercial consequences.  Since professional accreditation is a key criteria for RFPs that are geared toward large service providers, consultancies with unverified data pertaining to their staff’s qualifications stand to miss out on substantial business opportunities.   Hence, the ability of consultancies to accurately track and efficiently manage accreditations has become a competitive advantage.

How can large enterprises work with accreditors to track staff qualifications without violating user privacy?

How can you efficiently grow a business practice while you are unsure about your capacity to deliver?  How can you keep track of staff qualifications with a regular flow of employees joining and leaving the organization within any given month?

Solution Description

QEDIT’s certification management solution leverages a cryptographically-secure technique called ‘private set intersection’ to help consultancies instantly assess the quantity and status of certifications held by their personnel. At its core, private set intersection allows parties to compare two or more data sets and identify matching elements within the sets without revealing any information about the data, except for the fact that certain elements match.

 

In order to verify employee certificates while remaining compliant with the GDPR, vendors and consultancies upload cryptographic commitments of their respective databases to the QEDIT-powered certification platform. These commitments are generated by one-way functions that cannot be decrypted to reveal the original data. The vendor shares cryptographic commitments of all valid certificate owners and the consultancy shares cryptographic commitments of all company employees.

 

Once the cryptographic commitments are uploaded they are instantly scanned for set intersections.  Matches between data sets provide the consultancy with an accurate head count of how many individual certifications are at the company’s disposal at any given time. The names attached to a certificate would only be revealed if an employee had given prior consent.

By using cutting-edge, privacy-enhancing technology to address core business issues at scale, QEDIT helps you solve a broad range of challenges surrounding certification management in the GDPR era.