Why can’t massive corporations protect their information? This question has been stuck on my mind since Ariel and I began building our first company, NorthBit, together. We worked hard in those days to mitigate and analyze trojans, viruses and ransomware, but huge data leaks continued to hold whatever attention we could spare. It hardly seems fair for us to share our personal data with organizations that can’t keep it safe. With combined experience on both sides of the security fence, we wracked our brains over the best approach to defending systems, which is much harder than finding and exploiting vulnerabilities in code. Empowered by the lessons we picked up in our hacking days, we’ve decided to take on this challenge.
Sharing our data is essential to accessing and improving the services and goods that carry us through life in 2021, but that doesn’t mean that our privacy has to die. We may believe that breaches have become inevitable, or that bad actors will always stay one step ahead of us, but why should that mean that our sensitive information has to remain at constant risk? After thinking it through for years, Ariel and I are ready to bring privacy back and finally keep our sensitive information safe. All we need is developer buy-in and a shift in enterprises’ privacy culture and workflows—a transformation we fully intend to bring to the industry.
This mission lies at the core of our latest venture, Piiano, which has just raised a $9M seed round led by YL Ventures.
Bringing our security and hacking experience to the privacy domain, we’ve designed Piiano with two guiding principles: privacy must start with developers and centralizing and isolating sensitive information (specifically PII) is the only way to truly keep it safe. These days, the complexity of enterprise systems are hurting enterprise security postures, and breaches are a simple matter of time. Fragmented data only increases the potential of sensitive data leaks as a result. So, why don’t we keep all of these “crown jewels” organized in their own specially fortified vault? Why aren’t we scrubbing PII from data sets and centralizing it somewhere with the proper monitoring and audit access these critical assets deserve? Such an approach would essentially reduce the privacy risk of breaches to zero.
Piiano is a data privacy engineering solution for cloud-based applications with the industry’s first self-hosted PII Vault and code scanner. We build privacy infrastructure that developers can immediately deploy and privacy and security teams can interact with as a SaaS. Every organizational team and discipline presents an opportunity to bring new perspectives and practices to the privacy domain. By acknowledging and addressing the intersecting needs of these different domains, Piiano enables true, organization-wide privacy culture. And, by driving awareness to sensitive data isolation by design, our PII Vault and code scanner ensure that good privacy permeates every single organizational workflow.
We looked directly into these different, intersecting needs with dozens of potential customers when we prioritized our order of features to fully facilitate privacy engineering adoption and culture. Our solution’s developer-first design offers fully-built privacy infrastructure that only takes seconds to install. From there, all incoming sensitive data need only be placed in the pre-built PII Vault to pseudonymize data sets and maintain full visibility over PII access and use. Next, our code scanner detects fragmented PII that belong in the Vault across all code bases in order to fully enable sensitive data centralization.
Taking it Further
This technology fundamentally changes how organizations interact with PII by promoting a shared privacy responsibility model, and renders the risk of sensitive data leaks to nothing. In the event of a breach, the pseudonymized data sets remain uninformative, the plaintext data remains isolated in the impenetrable Vault, and all suspicious behavior around the Vault is immediately detectable. We’re very proud of the progress we’ve made on these tools so far, and might be most proud of our innovative decision to keep our entire solution contained to customer environments. In other words, sensitive data never has to touch the internet, and Piiano never gains any access to it.
Ariel and I have been itching to work on a game-changer like this for many years and we’re planning to grow it into something huge. The PII Vault and code scanner are just the beginning of a larger vision to revolutionize the way enterprises interact with and use sensitive data. Piiano enables this without requiring organizations to build out their entire privacy architecture and workflows from scratch, which can take years. The PII Vault enables a privacy-forward approach that stems further PII fragmentation while the code scanner helps locate PII everywhere on a continuous basis to backfill and maintain sensitive data centralization. Soon, PII visibility, management and control will be offered through a SaaS-like platform for security and privacy teams to easily implement policy and maintain compliance.
We’ve been sprinting to launch since we began exploring this solution with potential customer introductions made by our lead investor, YL Ventures. And we’re growing, fast. As we collaborate with old friends and incredible new talent, we’re doubling down on our commitment, as a group, to this new potential for privacy. After all, we want to keep our information just as private and secure as you.