facebook noscript

Preserve Privacy, Promote Progress: The New Data Paradigm

December 16, 2018
data-security-default

Do you think you deserve the right to privacy? The United Nations does. December 2018 marks 70 years since the U.N. ratified the Universal Declaration of Human Rights. Article 12 states:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Is that even possible in an era of cyber attacks and data breaches?

preserv-privacy

In mid-November, the social platform Quora reported account information and private messages of some 100 million users may have been exposed when its computer systems were compromised by “a malicious third party.” That came less than a week after hotel chain Marriott announced that hackers had stolen personal data of up to 500 million guests. Quora doesn’t collect sensitive personal information like credit card or social security numbers, but Marriott does. In the Marriott breach names, addresses, phone numbers, birth dates, email addresses and encrypted credit card details of hotel customers were stolen. In some cases, travel histories and passport numbers were also taken.

As the New York Times stated in its coverage, “The [Quora] incident serves as another reminder that a vast and expanding swath of our lives is vulnerable to digital intrusion.”

But does our sensitive information have to be vulnerable to digital intrusion? The answer, quite simply, is no. We can continue to enjoy the benefits of technological progress, while retaining our digital privacy.

Today’s Shared Data

Today we are surrounded by data that validates who we are. Name, address, date of birth, and Social Security number are just the start. However, security questions often also include the names of first pets, maternal grandmothers, and high school mascots. Then there are all the ways you identify yourself online: emails, usernames, lots and lots of passwords. Or the way you verify your financial information: bank account numbers, routing numbers, pins and payment cards numbers. To add to all this, increasingly, even our health data is going online.

Progress provides benefits. Once upon a time, people stashed their cash under their mattress, in a cookie jar, or buried it in a hole in the backyard. Was that safe? Fire, theft, or neglect made it vulnerable to loss. Banks became a safe haven, initially just storing money. We validated our identity in person by going to the bank with a photo ID. Eventually, banks evolved and the account holder could interact with their money to pay mortgages and bills without ever having to physically touch cash. Today, it’s difficult to imagine life without electronic payments.

More and more, the keys to our wealth, health and safety — is floating around cyberspace 24/7. Each time you enter data into a field, do you know where it’s going? Do you know who can access it and how they are planning to use it? A wide variety of technology companies want access to your data for legitimate reasons. Companies ranging from startups to established financial and health institutions can utilize your data to help make your life more efficient. However, many of these companies are not security or software experts in the field of data technology. Is the answer to just turn our backs to technological progress? The answer, again, is no.

A Better Solution: Collect, Protect, Exchange the Data Safely

A similar paradigm is available in data security.

Instead of completely managing their own data security, companies can leverage security experts like Very Good Security to enhance their security and assume liability.

VGS collects and stores sensitive data in its own highly-secure vaults. When customers require access to that data, VGS identifies the sensitive data in transit and—in real time—swaps it out with aliased or surrogate values that retain the same format and functionality of the original data.

Once customers have fully integrated VGS, they’ve removed their system from any direct exposure to sensitive information. This eliminates most customer data liability and drastically reduces risk exposure and compliance responsibility.

Similar to how payments work today, with VGS data is securely collected and stored, yet still can be exchanged safely with partners. By shifting secure dataflows to VGS, customers can also manage how third parties interact with sensitive data without worrying about data breaches. This means customer dataflows inherit VGS’ security posture and that customers can use VGS as a central control surface to manage and evidence the security of their data. That makes compliances like PCI, EI3PA, SOC 2, and HIPAA fast and easy.

Privacy with Technological Progress

In addition to securing sensitive information, VGS’ approach to data security promotes rapid technological progress. Companies that require safe and compliant systems can now quickly integrate security without removing focus on growing their own businesses. What once took six months to a year now takes less than a month. It’s a compelling option for a wide range of tech companies, particularly those in fintech and healthtech.

There is no reason why we cannot achieve the things we do today without sacrificing user privacy. It's a fundamental human right that’s not only in the U.N. article, but also alluded to in the 4th Amendment of the U.S. Constitution. Which is why we are building a company to power the world’s secure operations and safeguard privacy.

marshall-jones-r Marshall Jones

CTO at VGS

Share

You Might also be interested in...

engineering-default

How to securely capture your users’ sensitive data with VGS Collect

Irina Ziakhor February 4, 2019

kubernetes

Kubernetes Multi-AZ deployments Using Pod Anti-Affinity

Max Lobur December 4, 2018

engineering-default

How to Avoid Using Components with Known Vulnerabilities

Bohdan Khablenko November 27, 2018