What do LinkedIn, Facebook, Marriott, CapitalOne, and Equifax have in common? All of these companies have suffered massive data breaches that leaked hundreds of millions of customer records. And they probably will again.
Today, data breaches are inevitable despite security ubiquity. It’s not as though internet security hasn’t improved since these attacks started (HTTPS particularly caught on quite nicely), but this reflects very little on how web-based services hold up against leaks and attacks. Padlocks in URL don’t prevent sensitive data leaks. Throwing money at the problem to amplify security isn’t helping much, either. How can it, when the attack surface of organizations stretch across their 3rd party service providers, cloud services, and employees’ private homes?
In the meantime, we have little choice but to continue handing over our information to websites and mobile applications every day. We also have little insight into how this shared data is used, kept, safeguarded, or sold off. Instead, headlines keep us alert to the current state of our privacy—and only in the event of a newsworthy attack or violation.
This doesn’t mean we must throw in the towel, but we desperately need to adapt. Unfortunately, security isn’t enough. Instead, it’s time to reframe the issue and look to other and parallel domains. This is the journey that led us to founding Piiano. Leveraging our experience on both sides of the security fence and the brilliance of dozens of CISOs, here’s what we discovered:
If we want our secrets to remain safe, we need to focus on keeping information private just as earnestly as we try preventing bad actors from accessing it. In other words, good customer security starts with good privacy.
Starting with privacy
Understanding how and why privacy doesn’t conflate with security is important. Where security is concerned with protecting information, privacy is concerned with its use. More importantly, privacy is the failsafe for inevitable security gaps. For example, pseudonymization—the method of segregating and scrubbing customer data—is entirely unique to the privacy domain. With PII (personally identifiable information) stored elsewhere, PII-sanitized datasets virtually eliminate risk to customer privacy. There’s no breach notification required/involved for stolen PII-sanitized data sets per GDPR regulation. Brand damage around such leaks is minimal, and little legal action is required after. However, the spotlight continues to shine so brightly on security that few resources or attention are spared to make this happen.
Privacy regulations like GDPR and CCPA have begun to raise awareness of privacy’s potential and generate demand for privacy-specific features to protect users. The majority of these privacy requirements focus on user agency, with features like “let me download everything you collected on me” (data-subject-access-rights), “delete everything you have about me” (right-to-be-forgotten), and those pesky cookie consent alerts nagging you to define how your data will be collected and used. Nonetheless, privacy awareness remains low, even among large companies. The good news is that we’ve seen this before and know how to fix it.
At the start of our MagicLeap days as head of product security, we recognized the criticality of shifting domains left to ingrain them into the company culture. After having to chase down information about architecture, design, implementation, code quality, bugs, and upcoming features, the SDLC (secure development life cycle) program we built from scratch brought us peace. It ingrained security into every workflow, ensuring that we used products at the right intersections and continuously received alerts of risky events (such as a piece of sensitive code pushed to the website that requires further review first). Shifting security left turned the balance from chasing everybody to tracking everybody. Our efficiency flew through the roof. Now, we’re offering it ready-made in the form of our groundbreaking code scanner.
How to shift privacy left
So, this time, we’re calling for companies to start shifting their privacy left and embrace privacy engineering. Our first product is the Piiano Vault—an impenetrable home for all scrubbed PII and sensitive personal information. We’ve designed it so that sensitive information is easily pseudonymized when placed in the Vault. In other words, we’ve pre-built privacy by design for developers. Deployed within an organization’s own cloud environment (VPC), the Vault squarely addresses the potential liability of engaging third parties to store regulated data. It also keeps core assets (whatever you define as sensitive information) in backend systems, where they can be of most use.
The Piiano Vault is the first step to finally managing PII. We truly believe there’s a way to protect PII for real and gain complete control of it. Unlike extant databases that make data accessible, Piano’s Vault restricts access to its data and offers visibility, management, security, and other privacy features in the user-friendliest console available. From there, we plan to bulldoze all remaining privacy apathy with even more groundbreaking technology. We’re introducing a mind-shift that helps developers know the sensitive information they collect must be stored in its own dedicated space with full visibility into its access and use. Using our Vault reframes how developers—and by extension, anyone who uses their code—fundamentally appreciate privacy’s role in their workflows without turning it into a time-consuming chore.
We are very excited to build out products that make privacy and security much easier and encourage organizations to shift privacy left. After all, we don’t have to fear breaches if the data bad actors encounter is unintelligible. With good privacy engineering, we can finally feel safer when sharing our information online.