Thoughts on data privacy infrastructure for the future?(cipherflow.co)
cipherflow.co
Thoughts on data privacy infrastructure for the future?
https://cipherflow.co
2 comments
This is a good idea! Where is the implementation and technical details?
Here is a project I have been working on which tackles these challenges and more (end-to-end encryption, bring your own key, data ownership, open-source, protection from client-side code in browsers, access control and monitoring, etc.): https://redact.ws
Here is a project I have been working on which tackles these challenges and more (end-to-end encryption, bring your own key, data ownership, open-source, protection from client-side code in browsers, access control and monitoring, etc.): https://redact.ws
Similar to what Stripe did for payments, I think the solution lies in abstracting away implementation details for secure architectures that need to commonly be built from the ground up. To name a few concrete components of a secure SaaS application that can be abstracted:
- end to end encryption (for p2p file transfer and for teams)
- multi-tenancy in data architectures
- secure data stores (with row/column, and even element level obfuscation of sensitive/PII data): obfuscation would be dynamic and highly configurable through an ACL style interface
- data severability: the ability for customers of an application to delete (or broadly, govern) their data should they feel at risk
In summary, a highly secure, scalable, and governable data backend for application developers to use instead of building their own. All accessible through an API which can be used a la carte.
Would love to get some thoughts on this approach from the community? What do you think?
PS. If you’d like to chat directly, get in touch through https://cipherflow.co