Secure, multi-level access to obfuscated data for analytics

What is claimed is: 1. A computer-implemented method for providing obfuscated data to users, the method comprising receiving a request to access data from a user; identifying an authorization level associated with the request received; in a protected enclave, accessing obfuscated data corresponding to the request received, wherein the data accessed have been obfuscated with an obfuscation algorithm yielding a level of obfuscation that is compatible with the authorization level identified, and providing, from the protected enclave, the obfuscated data accessed to the user, wherein the protected enclave is in data communication with a first database storing non-obfuscated data, in encrypted form, and is in data communication with a second database storing obfuscated data, in encrypted form, wherein accessing the obfuscated data comprises, in the protected enclave, checking whether the data as requested in the request received is already available in the second database, if the data as requested in the request received is already available in the second database, then obtaining, from the second database, encrypted obfuscated data corresponding to the requested data, and decrypting the encrypted, obfuscated data obtained, so as to be able to subsequently provide the decrypted obfuscated data to the user, else, obtaining, from the first database, encrypted data corresponding to data as requested in the request received, decrypting the encrypted data obtained, and obfuscating the decrypted data using said obfuscation algorithm. 2. The method according to claim 1 , wherein the method further comprises prior to providing the obfuscated data, encrypting the obfuscated data accessed with a user key, in the protected enclave, and providing the user key to the user, in addition to the encrypted obfuscated data. 3. The method according to claim 2 , wherein the method further comprises providing, from the protected enclave, an encrypted version of the user key to the user, in addition to a plain version of the user key. 4. The method according to claim 2 , wherein the protected enclave is in data communication with a key management system and the method further comprises generating, at said key management system, the user key used to subsequently encrypt the obfuscated data. 5. The method according to claim 1 , wherein the method further comprises continually encrypting data, in a protected enclave, and continually storing the resulting encrypted data on the first database. 6. The method according to claim 5 , wherein the first database is a data lake. 7. The method according to claim 1 , wherein the method further comprises encrypting, in the protected enclave, the obfuscated data with a management key, and storing the accordingly encrypted, obfuscated data on the second database. 8. The method according to claim 7 , wherein the protected enclave is in data communication with a key management system and the method further comprises generating, at said key management system, the management key used to encrypt the obfuscated data. 9. The method according to claim 1 , wherein the request received specifies a given level of obfuscation; and said obfuscated data are accessed only if said given level of obfuscation is compatible with the authorization level identified. 10. The method according to claim 1 , wherein the request received further specifies a goal to be achieved with the data referred to in the request; and the obfuscated data accessed comprises data that has been obfuscated with an obfuscation algorithm selected in accordance with said goal, provided that the resulting level of obfuscation is compatible with the authorization level identified. 11. The method according to claim 1 , wherein the request received further specifies an obfuscation algorithm; and the obfuscated data accessed comprises data obfuscated with the obfuscation algorithm specified, and the method further comprises selecting the level of obfuscation produced by the algorithm, so as for this level of obfuscation to be compatible with the authorization level identified. 12. The method according to claim 1 , wherein said obfuscation algorithm relies on one or more of: a naive anonymization, a K-anonymity, a differential privacy, a homomorphic-encryption, data aggregation, and data sampling. 13. The method according to claim 1 , wherein the method further comprises, after having provided the obfuscated data accessed to the user, performing analytics based on the obfuscated data provided. 14. A computerized system comprising: a request processing module; a first database storing non-obfuscated data, in encrypted form; a second database storing non-obfuscated data, in encrypted form; and a protected enclave, which is in data communication with the first database and with the second database, wherein the request processing module is configured to: receive a user request to access data; identify an authorization level associated with a user request received; in response to the user request, cause the protected enclave to: obfuscate data with one or more obfuscation algorithms, the one or more obfuscation algorithms yielding different levels of obfuscation, and access obfuscated data corresponding to a user request, wherein the data are obfuscated with one or more of the obfuscation algorithms, so as to yield a level of obfuscation that is compatible with an authorization level identified, wherein accessing the obfuscated data comprises: checking whether the data as requested in the request received is already available in the second database, if the data as requested in the request received is already available in the second database, then obtaining, from the second database, encrypted obfuscated data corresponding to the requested data, and decrypting the encrypted obfuscated data obtained, so as to be able to subsequently provide the decrypted obfuscated data to the user, else, obtaining, from the first database, encrypted data corresponding to data as requested in the request received, decrypting the encrypted data obtained, and obfuscating the decrypted data using said obfuscation algorithm; and in response to the user request, provide to the user the obfuscated data accessed via the protected enclave. 15. The computerized system according to claim 14 , wherein the request processing module is further configured to cause the protected enclave to encrypt obfuscated data that the protected enclave accesses with a user key, and to provide, in response to a user request, such a user key to the user in addition to encrypted obfuscated data. 16. The computerized system according to claim 15 , wherein the system further comprises a key management system adapted to generate such a user key. 17. A computer program product for providing obfuscated data to users, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by one or more processors, to cause said one or more processors to: receive a request to access data from a user; identify an authorization level associated with the request received; via a protected enclave, access obfuscated data corresponding to the request received, wherein the data accessed have been obfuscated with an obfuscation algorithm yielding a level of obfuscation that is compatible with the authorization level identified, wherein accessing the obfuscated data comprises checking whether the data as