4G/ End-to-End Crypto SDK for Deve

From IIW

End-to-end encrypted data sharing for everyone


Tuesday 4G

Convener: Isaac Potoczny-Jones, Tozny ijones@tozny.com

Notes-taker(s): Isaac Potoczny-Jones


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


Developer Need

•       More developers need to handle Personally Identifying Information

•       PII can mean anything from email, phone, and home address to medical info

•       Everyone wants to do the right thing: Protect that data

•       Encryption is extremely effective

•       Many developers even have a regulatory requirement to protect

•       Work in a semi-regulated industry? Want to get European customers?

•       Developers have to do more with less time

•       Expectations for deliverables are always on the rise

•       A solution can’t compromise business requirements

•       Analysis and processing of data is everyone’s business

Problem

•       Developer tools for cryptography and security are terrible

•       “Never roll your own” is typical guidance

•       But the pre-rolled security solutions aren’t available for your specific needs

•       Security works best when it’s built-in at the code level

•       The vast majority of vulnerabilities are developer errors

•       But most security is bolted on at the end

•       There never seems to be time to do it right

•       Security is always a requirement, but developers don’t worry about it until it’s too late

•       The timeline for delivery is always tight

Solution Approach:

Collect and Protect

•       Add a few custom tags to your HTML or mobile form

•       Our client-side SDK encrypts the data and manages keys for you

Store and Control

•       Data is transmitted and stored encrypted

•       Our policy engine lets you configure access based on your business needs

Analyze and Empower

•       SDKs to analyze data with options for no-human-in-the-loop processing!

•       Easy templates to add user visibility and opt-in/opt-out rules for users