HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dgul2tor

no profile record

Submissions

Thoughts on data privacy infrastructure for the future?

cipherflow.co
8 points·by dgul2tor·há 5 anos·2 comments

[untitled]

1 points·by dgul2tor·há 5 anos·0 comments

comments

dgul2tor
·há 5 anos·discuss
Security and privacy are complex topics—most developers I’ve come across aren’t deeply familiar with best practices or well trained to architect secure systems. Also, security, privacy, and compliance collectively form some of the most substantial challenges for small and medium sized SaaS companies when selling to enterprise customers. On the consumer side, the massive influx of recent data leaks (https://www.upguard.com/blog/biggest-data-breaches) make this issue critical.

Similar to what Stripe did for payments, I think the solution lies in abstracting away implementation details for secure architectures that need to commonly be built from the ground up. To name a few concrete components of a secure SaaS application that can be abstracted:

- end to end encryption (for p2p file transfer and for teams)

- multi-tenancy in data architectures

- secure data stores (with row/column, and even element level obfuscation of sensitive/PII data): obfuscation would be dynamic and highly configurable through an ACL style interface

- data severability: the ability for customers of an application to delete (or broadly, govern) their data should they feel at risk

In summary, a highly secure, scalable, and governable data backend for application developers to use instead of building their own. All accessible through an API which can be used a la carte.

Would love to get some thoughts on this approach from the community? What do you think?

PS. If you’d like to chat directly, get in touch through https://cipherflow.co
dgul2tor
·há 5 anos·discuss
I envision a world where all sensitive data is secure, governance protocols are built into products by default, and access & control procedures are transparent. One way to do this is empower developers to deploy zero trust solutions without the burden of complex security and access infrastructure.

For the developer: get software to market faster without needing to build things like encryption key and certificate management systems, secure storage with element-level ACLS, multi-tenant backend, etc.

For the customer: have fine-grained control over who accesses your data and severability controls if needed.

I'd love to get feedback and learn about your potential use cases - please reach out through the site if you're interested!