4G/ End-to-End Crypto SDK for Deve
End-to-end encrypted data sharing for everyone
Tuesday 4G
Convener: Isaac Potoczny-Jones, Tozny ijones@tozny.com
Notes-taker(s): Isaac Potoczny-Jones
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Developer Need
• More developers need to handle Personally Identifying Information
• PII can mean anything from email, phone, and home address to medical info
• Everyone wants to do the right thing: Protect that data
• Encryption is extremely effective
• Many developers even have a regulatory requirement to protect
• Work in a semi-regulated industry? Want to get European customers?
• Developers have to do more with less time
• Expectations for deliverables are always on the rise
• A solution can’t compromise business requirements
• Analysis and processing of data is everyone’s business
Problem
• Developer tools for cryptography and security are terrible
• “Never roll your own” is typical guidance
• But the pre-rolled security solutions aren’t available for your specific needs
• Security works best when it’s built-in at the code level
• The vast majority of vulnerabilities are developer errors
• But most security is bolted on at the end
• There never seems to be time to do it right
• Security is always a requirement, but developers don’t worry about it until it’s too late
• The timeline for delivery is always tight
Solution Approach:
Collect and Protect
• Add a few custom tags to your HTML or mobile form
• Our client-side SDK encrypts the data and manages keys for you
Store and Control
• Data is transmitted and stored encrypted
• Our policy engine lets you configure access based on your business needs
Analyze and Empower
• SDKs to analyze data with options for no-human-in-the-loop processing!
• Easy templates to add user visibility and opt-in/opt-out rules for users