Skyflow today revealed it has added a data governance engine to a data privacy vault that enables developers to build applications that access encrypted personally identifiable information (PII) in a way that eliminates the need for them to be concerned about compliance requirements.
The PII Data Privacy Vault incorporates a Skyflow Data Governance Engine that provides access to data via a REST application programming interface (API) using fine-grained controls based on roles, policies, or other attributes defined by an organization.
Creating a Column Level Policy in Skyflow
The SkyFlow platform is based on a polymorphic encryption engine that leverages large numbers of independently generated keys to encrypt messages with blocks of variable size. That approach enables Skyflow to, for example, break a phone number into its components and encrypt each one individually. An algorithm enables the PII Data Privacy Vault to, for example, find records in its database that have the same area code without decrypting data. Another encryption algorithm then might be applied to income data. The platform is then able to employ multiple algorithms to, for example, generate a table that matches income data with area codes. Data stored in the PII Data Privacy Vault, as a result, can be accessed without ever requiring that it be decrypted, says Skyflow CEO Anshu Sharma.
The PII Data Privacy Vault is based on the same zero-trust concepts that both Apple and Netflix employ to secure customer data, adds Sharma. The platform has its own built-in data loss protection tools, a customizable data schema, and a fully configurable governance engine. Now organizations don’t have to build and maintain their own data vault, says Sharma. “It’s a customer data management system,” he says.
The goal is to eliminate the dependency developers today have on IT and security teams to secure data, notes Sharma. As the responsibility for security continues to shift left toward developers, there’s a clear need for a programmatic approach to ensuring the integrity of data that doesn’t require developers to continuously engage an IT operations team, notes Sharma.
As a movement within developer circles, the whole notion of managing compliance as code is an extension of the ability to manage infrastructure as code. Open-source technologies such as the Open Policy Agent (OPA) being advanced under the auspices of the Cloud Native Computing Foundation (CNCF) make it possible to programmatically ensure that infrastructure has not been inadvertently misconfigured. Skyflow is taking that compliance as a code concept to the next level by applying it to data using cloud services that are invoked via a REST API.
Compliance, of course, isn’t always a top-of-mind issue for developers. However, most organizations that operate in any kind of regulatory environment are generally obsessed with it. There is any number of regulations such as the General Data Protection Rule (GDPR) that can lead to substantial levies any time it’s determined that data has been mishandled, stolen, or accidentally shared with individuals that are not authorized to view it. If there’s a way to eliminate the need to devote substantial resources to protecting data, the odds are more than good developers will discover most organizations are more than willing to fund it.