A data privacy vault is a technology that isolates, secures, and tightly controls access to manage, monitor, and use sensitive data. In this post, I’ll provide a deep dive into how a data privacy vault helps you to ensure the privacy of sensitive data without sacrificing data utility.
There are very few concepts that have undergone such rapid transformation, both in terms of how it’s understood and the level of public awareness, as data privacy. Although the concept is not new, the meteoric growth of personal data collection over the last two decades has completely altered how people, companies, and governments look at privacy.
If you’re aggregating data from multiple sources into a Snowflake data warehouse, despite your best efforts, you’re likely to end up with sensitive PII in data workloads. In this post, I explain how to use Snowflake’s External Functions with Skyflow’s Data Privacy Vault to de-risk and de-scope data privacy, security, and compliance from your data application infrastructure, so you can leverage the power of Snowflake while protecting PII.
If you’re storing sensitive user data, you’re right to be concerned about the potential for compliance and security risks. One method to secure sensitive data is tokenization. In this post, we break down what every engineer should know about tokenization – what it is, how and when to use it, the use cases it enables, and more.
Today we announced the release of a new MuleSoft Certified Connector for Skyflow on MuleSoft’s Anypoint Exchange and joined the MuleSoft Technology Partner Program. With this connector, MuleSoft customers can leverage Skyflow to ensure data privacy, security, and compliance as they integrate PII data flows with MuleSoft.
Millions of people have been impacted by the exposure of their sensitive data because it can often be found in companies’ log files and database backups. Read on to learn the best practices for keeping sensitive data out of your logs.
Businesses run on data and they’re collecting more and more all the time. But not all data is equally important. Some data, like sensitive user data, requires better protection than others. Some data is special.
Skyflow recently partnered with DarkReading Research to learn how developers view and interact with current data security challenges.
Today we announced our new partnership with Plaid to help developers protect sensitive data and build financial data privacy into their applications.
Data privacy, security, and compliance are no longer only the concern of the security team. Because every person at your company interacts with sensitive data, security has become an “everyone problem”. I recently spoke with Tom Field of ISMG about this shift in priorities.
As Skyflow’s Chief Privacy Officer, I’m excited to help drive a “shift left” in proactive data privacy, making privacy by design easier than ever for companies of all sizes.
We love developers and want them to love using Skyflow. That’s why we’re continually looking for ways to incorporate your feedback and reduce friction across our products. In this post, we highlight a few recent improvements, including our new Skyflow Docs site and our intuitive policy expression language.
While the recent Okta security incident did not impact Skyflow or our users, it does present a great opportunity to share our thoughts – and a few reminders – about security practices.
Many workflows only require partial information. You might only need a phone number’s area code or the year from a date of birth to verify a customer’s location or age. But creating a service that can run privacy preserving computation on data that’s only partially decrypted is highly complex. That's why we created over 50 different data types native to the Skyflow Data Privacy Vault: so you can easily make sensitive data safe and useful while preserving privacy.
Do you meed to store sensitive data like a social security number? In this post, we’ll go over your options for storing this kind of sensitive data, the pros and cons of each approach, and all the requirements and features you should be aware of before tackling this problem.
This certification demonstrates Skyflow’s continued investment in rigorous controls and processes, following our recent completion of SOC 2 Type 1 compliance certification.
If you process transactions using PCI data and ACH banking data, you might have noticed that the regulations around PCI data management are stringent but equivalent regulations for ACH data are nearly non-existent. In this post, we’ll explain why you should still take extensive measures to protect ACH data.
A strong data privacy posture is as important to your company as good posture is to your back — and both benefit from a thoughtful approach.
If your company has a data analytics pipeline to a data warehouse, you’re right to be concerned about the impact of aggregating customer PII, PHI, and PCI on data privacy and security. In this post we’ll explain how you can de-identify data in a pipeline built on AWS so you can use sensitive data while preserving privacy.
The evolution of our technology stack has been a direct result of creative engineers meeting the needs and demands of their users. However, our technology and product processes are ill-equipped to deal with a new user demand, the demand for privacy. In this post, we explore why existing technology is failing to meet new user demands for privacy and what engineers can do to address this problem.
Committing to a solution always feels better when you get the chance to try it out first with no risk. If you’re interested in Skyflow but are unsure how it will fit into your architecture, Skyflow’s new trial environment and Quickstart experience give you an easy way to try it out.
I left a growing team, path to promotion, massages, and free food as Team Lead and Manager of Developer Relations at Google to join Skyflow. This post explains why I made this decision and why I’m so excited for the future.
Many businesses still approach data privacy as a compliance and risk mitigation problem. Instead of viewing data privacy as an operational challenge, leading companies recognize that data privacy is really a technology and infrastructure challenge.
When you’re racing to get to market, storing your PCI data with a payment processor and offloading compliance to them seems like an easy way to save time. But what are the long term risks?
If your company deals with customer data — personal information, credit or debit card details, and so on — you know that you have an enormous responsibility to your users. Beyond the usual concerns around security breaches and the increasing customer expectations of privacy, new regulations from the Reserve Bank of India (RBI) are forcing companies to reevaluate how they handle their customer data.
For many workflows, you need to send PCI, PHI, or PII data to a third-party service for processing. And you need to do all of this while remaining compliant with stringent regulatory requirements like PCI DSS.
Despite your best attempts at preventing it, you likely find that sensitive data ends up in your data analytics pipelines, creating security, privacy, and compliance risk.
We’re excited to announce today the general availability of Skyflow Fintech Data Privacy Vault for PII and PCI data privacy. Delivered as a simple API with support for card issuance, card acceptance, money movement, customer onboarding, and customer data management, it can serve as the data privacy infrastructure for the most important fintech apps and workflows. Leading fintechs are already using the Fintech Data Privacy Vault to get to market faster while ensuring privacy, security, and compliance for sensitive customer data.
Skyflow is the world’s first data privacy vault delivered as an API. Here’s how zero trust informed our approach to authentication and authorization.
Apple now securely manages your driver licenses in its phone vault. Not only that, they have figured out how to do this while preserving your privacy even when you have to show your proof of driver license to a cop (or any validating entity).
[Earth had] a problem, which was this: most of the people living on it were unhappy for pretty much all of the time. Many solutions were suggested for this problem, but most of these were largely concerned with the movements of small green pieces of paper, which is odd because on the whole it wasn’t the small green pieces of paper that were unhappy. — Hitchhiker's Guide to the Galaxy
We’re excited to announce another major compliance milestone: Skyflow is now SOC 2 Type 1 certified.
What is zero trust?
Some of the most difficult challenges that healthtech companies face today involve the handling of highly sensitive PHI data. How can you build an app that ensures data privacy and security but also lets you use PHI data to provide services and drive health outcomes? How can you ensure that data is available only in the right places, used in the right ways, and shared properly with third-party partners? How can you ensure compliance with all the rules and regulations that govern healthcare data?
Securely storing sensitive data is not enough. The real value comes when you can store and use the data securely, both with a privacy-first design. Today, we’re excited to announce Skyflow’s new Governance Engine, a set of platform features (shared across all our data privacy vaults) that will help you get the most value out of your sensitive data while also ensuring it is kept secure and private. We’re rolling it out today for all customers as part of our launch of the new PII Data Privacy Vault.
We’re excited today to announce Skyflow’s new PII Data Privacy Vault. This new vault, delivered via our API, makes it easy for any app or workflow to safely and properly handle highly sensitive personally identifiable information (PII) (i.e., customer data). With Skyflow’s PII Vault, developers can quickly solve the difficult problems inherent to PII data--including regulatory compliance, data security, data governance, data residency, secure data sharing, and more — freeing them to innovate on features and UX.
Over the last few years we’ve seen a massive increase in the amount of PII data being collected as well as a proliferation of user data regulations. As a result, large enterprises like Google and Netflix have started using proprietary data privacy vaults to manage and secure sensitive data. A new paradigm in the security and compliance world, the data privacy vault combines security tools and best practices with sophisticated access management to provide strict limits on how much sensitive data is shared by internal systems.
Skyflow is one of the 24 fintech companies selected for the program.
In this day and age, data is the key to building amazing apps. Successful businesses rely on insights derived from datasets to serve their customers better, whether it's Starbucks personalizing your drink order (order your usual) or Netflix predicting the likelihood of you liking a movie that just came out (53% match for you!)
Customer data platforms helped us collect all this personal data to help us serve our customers better. Now we need to protect it.
It’s been the case for at least the last ten years that software developers write less and less of the code in their apps. And yet, over the same time, apps have gotten increasingly sophisticated and complex, and run more code than ever. How can both be true?
One of the main reasons I joined Skyflow was because I had experienced the privacy-versus-personalization tradeoff first-hand in a prior role at Google.
Today, we’re excited to launch the Skyflow Payments Data Privacy Vault, a new product designed to help fintech companies quickly build and bring to market, privacy-first fintech applications.
Over the last decade, businesses have significantly increased the amount of sensitive data they collect in order to create personalized customer experiences and unlock new growth opportunities. During this time, numerous high-profile data breaches have shined a light on the outdated data privacy and security practices of most businesses.
Okta surprised a lot of people with the news that they were acquiring Auth0 for $6.5B. Why was Auth0 so successful and why did almost everyone miss their rise?
With the increasing vaccination rates of recent months, we are beginning to see the spread of Covid-19 come under control, bringing hope that the pandemic era may soon come to an end.
I just joined Skyflow to help fintech companies ship faster while protecting customer’s sensitive data.
As consumers continue to adopt e-commerce and e-commerce providers streamline the ecommerce buying process, the systems used to process online card payments become popular targets for hacking and fraud. To combat this, in 2001, the PCI SSC was created. The PCI SSC is a joint venture between Visa, Mastercard, American Express, Discover, and JCB which created the Payment Card Industry Data Security Standard (PCI DSS). This standard sought to require any company that works with payment card information, whether collecting it, storing it, processing it, or transferring it, to take certain actions to protect that data.
Personally Identifiable Information, or PII, is data that can be used to identify an individual. For a user of your product, their PII is the data that they input to identify themselves when creating an account, such as an email address or a phone number.
At Skyflow, our focus is on radically simplifying how companies manage, access, and govern sensitive customer data. In the last 12 months, we have seen the emergence of a new category: the data privacy vault, with Skyflow as its flag bearer.
One of the many tricky things about running a startup in stealth mode is picking the perfect time to say “Hello, world”. Introductions are tough, particularly when you’ve spent two years building a company in secret. However, I’ve been dreaming about writing this blog post since we built our first prototype and I didn’t want to wait any longer, so without further ado, let me introduce myself and share what we’ve been working on.
Snowflake seems like such an obvious winner today with the likes of risk-averse Berkshire Hathaway taking an unprecedented stake in their IPO. But it wasn’t always the case.
We can create a queryable federated Coronavirus health data store that’s locally controlled and managed by providers ensuring privacy of individuals. By solving the problem of data ownership, governance, and privacy, we can truly enable the interoperability we so desperately seek.
Email is at the heart of your online identity. We use it everywhere — to log in to our banks, our health records, and even our social networks. But why do I have to give my email address to all these companies who can then turn around and spam me for life?