Duality powers cross-border cancer research using AWS Nitro Enclaves

Since its founding, the company has focused on helping organizations meet regulatory compliance while protecting sensitive data. Duality’s customers require capabilities that maintain privacy, even during complex analytical processes, while supporting almost all types of computation and data formats. These organizations also need their sensitive information to remain inaccessible—not only to external threats but even to system operators who manage the infrastructure. As it matured and the demand for its services grew, Duality sought to expand beyond traditional privacy-preserving methods, such as full homomorphic encryption, federated learning, and differential privacy. It aimed to offer customers an even more robust solution for data protection during processing.

To address these needs, Duality’s leadership team saw an opportunity to use confidential computing capabilities on AWS under the AWS Shared Responsibility Model. The team wanted to incorporate computing environments with advanced security features to create isolated processing spaces for sensitive-data analysis. This decision would help the company offer its customers a secure collaboration mechanism that works seamlessly with other privacy methods. Data would be processed in an isolated and hardened compute environment that even Duality’s operators couldn’t access.

The company wanted to keep sensitive data protected and inaccessible even during processing. So, Duality incorporated AWS Nitro Enclaves into its solution to create isolated compute environments andfurther protect and securely process highly sensitive data. This way, the company can provide a hardened clean room for organizations to collaborate without exposing their underlying datasets to each other, Duality, or AWS. In addition, this approach streamlined adoption for customers that were already using AWS.

Duality’s engineering team developed a product by working closely with AWS solutions architects and AWS Support, which companies engage to accelerate business outcomes in the cloud. This helped the team validate its approach by demonstrating the enhanced data-protection capabilities to clients before building the full commercial solution.

For centralized encryption-key management, Duality’s infrastructure relies on AWS Key Management
Service (AWS KMS) to create and control keys used to encrypt or digitally sign data. And for data storage, the infrastructure uses Amazon Simple Storage Service (Amazon S3), object storage built to retrieve virtually any amount of data from anywhere.

The enhanced solution operates through two primary collaboration models: federated learning and centralized secure processing. In federated scenarios, organizations run analytics or train machine learning models locally on their data. Only local results or mathematical parameters that represent the learned patterns are encrypted and transmitted to the secure environment. Using AWS Nitro Enclaves, Duality aggregates these results without exposing local results, helping prevent potential data leakage. For centralized collaborations, multiple parties send their encrypted data to the isolated enclave, where data is decrypted, analyzed, and processed entirely within the protected space before returning encrypted results.

Benefiting from the enhanced security that AWS Nitro Enclaves provides, Duality accelerated the legal approval process for data collaborations from months to days. Organizations can now support new use cases and train nearly any type of model on various data formats while protecting and isolating data from multiple parties. Most importantly, customers can initiate secure collaborations with the click of a button rather than requiring extensive technical implementations or data movement between organizations.

Using Duality’s platform, NHS England, the National Cancer Institute, and the Department for Science, Innovation, and Technology jointly analyzed datasets of rare pediatric cancers. Each institution retained full custody of its patient data while participating in federated analytics workflows. Researchers completed more than 450 queries to study incidence, survival, and demographic patterns—all while securely running aggregation without exposing data or moving it out of local environments. This cross-border collaboration reduced analysis timelines by 91 percent (from 23 months to about 2 months), uncovering insights that would not have been achievable using isolated datasets alone.

The platform empowers institutions in different regulatory jurisdictions to collaborate and unlock new insights while maintaining strict privacy, security, compliance, and data-sovereignty controls. Governance features—including workload approvals and differential privacy—help research advance without risking patient reidentification or data leakage. The success of this pilot is now shaping a scalable framework for future multicountry research networks in healthcare, government, and other regulated sectors.