What comes to mind when you hear the term ‘privacy’? Data leaks? Fines? New regulations? How about engineering? That last one raises a lot more eyebrows than we like to see. As discourse around privacy gains momentum, headlines and op-eds have primarily focused on it as a fundamental human right. Today’s privacy narrative is dominated by legal experts exploring privacy laws, detailing organizational privacy obligations, and debating the ramifications of non-compliance.
More in-depth discussions might include best practice frameworks with a security twist, such as the NIST Privacy framework, to strategize the tasks necessary for ‘Identifying’, ‘Governing’, ‘Controlling’, ‘Communicating’, and ‘Protecting’ information. However, we should note the marked absence of those responsible for executing these suggestions and bringing these theories into operational practice.
What about developers?
The practical application of privacy laws, regulations, and frameworks ultimately distill into bite-sized tasks and problems for architects, engineers, and developers to solve. This alone should earn them a critical place at the privacy table—if only to provide necessary insights into the operational viability of the privacy laws and frameworks their organizations must follow. However, their role in privacy is far more fundamental.
If we look to the more mature cybersecurity domain, from which privacy heavily borrows, we can see that engineers are essential to keeping user data ‘safe’. Shift left has demonstrated the critical impact of developer buy-in on accelerating and innovating the cybersecurity domain. Privacy can absolutely benefit in the same way. Though we shouldn’t further conflate these two domains—they ultimately serve different objectives—we can architect privacy in the same way we do security.
After all, developers hold the secret knowledge and singular technical appreciation for building strong, future-proofed privacy infrastructures that can streamline and reinforce the entire privacy process.
Why developers are the key to good privacy
Privacy requires far more than protecting sensitive information—it requires a deep-rooted understanding of how to classify and work with data. Only people with specialized and dedicated knowledge have this. They are the only ones capable of building practices like pseudonymization and data segregation directly into system architectures. As breaches become inevitable, keeping data unusable or private through methods like these is the only remaining remedy to the very real limitations of cybersecurity when keeping our information safe.
Though cybersecurity and privacy are certainly intertwined, ‘privacy engineers’ are necessary to fill these inevitable gaps that lead to sensitive information leaking. Expanding the privacy narrative to include engineers is key to ensuring that relevant regulations and frameworks are truly actionable. It is also key to preventing these regulations from overwhelming those actually charged with implementing them.
Finally, encouraging developer buy-in is critical to boosting privacy awareness organization-wide, as developers are the brains behind everything enterprises use to interact with our information today. They have the power and influence to spread privacy appreciation and awareness as well as encourage privacy workflows.
Bringing all hands on deck
Privacy does not have to feel like a complicated house of cards that organizations scramble to uphold. It should certainly be more than an ephemeral process that cannot translate into meaningful action.
It’s time to bring in the technical experts capable of demystifying the unique operational details behind making privacy work. It’s time for engineers to join the conversation and show what they can do in the privacy domain. Piiano’s on a mission to make that happen by offering them the tools they need to make their mark. Our ready-to-deploy privacy infrastructure provides the necessary technology and paradigm shift to empower engineers in the privacy domain.
It’s important, however, to acknowledge knowledge, technical and resource gaps that prevent developers from joining the conversation. Zeroing in on issues of data fragmentation and lacking visibility into the whereabouts and use of PII, Piiano’s new platform helps developers build out systems to find, centralize and manage sensitive information once and for all with a self-hosted vault, easy pseudonymization and a code scanner that locates PII across code bases and find data leaks.
Bringing privacy right to the source of all organizational workflows, developers can now easily lay the groundwork for better privacy and compliance in just a few clicks.
Spreading privacy culture
Cultural shifts towards privacy may be radical, but that doesn’t mean that the process of getting there has to be. Developers shouldn’t have to anticipate years of dedicated labor to build out privacy organization-by-organization.
By offering tools that save them substantial time and costs, we’re making it easier than ever to achieve organization-wide privacy engineering and share their voice in keeping our most sensitive information private and safe.
Gil is a software ninja who loves both building software (companies too) and breaking code. Renowned for his prowess in security research, including notable exploits of the Microsoft Windows kernel that have earned him unusual high bounty awards. He has written a couple of very successful open source libraries. And he likes to talk publicly in conferences.
It all begins with the cloud, where applications are accessible to everyone. Therefore, a user or an attacker makes no difference per se. Technically, encrypting all data at rest and in transit might seem like a comprehensive approach, but these methods are not enough anymore. For cloud hosted applications, data-at-rest encryption does not provide the coverage one might expect.
Senior Product Owner
