What if privacy had an API with Sean Falconer of Skyflow
APIs are like an electrical plug, Sean Falconer, Head of Marketing at Skyflow, says:
As a user of an electrical plug, all I care about is making sure there’s electricity getting to my lamp so I’m not sitting in the dark. I don’t care about all the wiring that’s going on within the walls. That was done by an electrician with specific domain expertise. This is the same for an API.
Companies with experts that solely focus on a specific problem can focus on solving that problem and then abstract the problem away by providing an API, he continues.
As a consumer of the API, I just need to understand familiar concepts like JSON, REST, API keys, etc. I don’t need to understand how Stripe communicates with card networks to validate whether a credit card is valid. The abstraction lets me leverage the utility of the API for my business or product without needing special expertise. That way my talent can focus on building our core product.
Can we have API-based solution for data privacy?
We have APIs for sending text messages, carrying out money transfers, doing sentiment analysis, and even creating cat memes, but what about privacy? At Shift Conference in Miami Sean shared some unique challenges they had to face at Skyflow when creating API-based solution for data privacy. At Shift Zadar he will speak on a pressing concern for more companies, that of implications of sharing their sensitive data with a generative AI model?
By leveraging the APIs built at Skyflow, you get to take advantage of the domain expertise of the people that built similar systems at Salesforce or someone with over 50 patents in database security and encryption, or people who did PhDs in homomorphic encryption. All you need to understand is how to make a REST API call or use an SDK.
Privacy isn’t a feature or an afterthought
Privacy isn’t a feature, or an afterthought once you’ve built and scaled everything. It should be a day 1 priority; privacy needs to be part of the culture of a company.
It’s everyone’s job within an organization. That means when you purchase a third-party tool, you need to be looking carefully at how that company’s tool secures and manages your customer’s data. Additionally, when you design and build products and features, privacy can’t just be a checkbox in the launch process, it needs to be part of the design cycle.
From a technology perspective, everyone needs to understand that sensitive customer data is special, and as such it requires special handling and treatment.
How would you handle your passport?
He compares handling sensitive customer data to how you would handle your passport: you wouldn’t make thousands of copies, handle it in the clear or give others uncontrolled access to your passport.
Historically, Sean adds, companies have treated all data the same, regardless of whether it’s a click on a website or someone’s personal information, it’s just ones and zeros stuffed into a database somewhere within their infrastructure. Over the past 20 years, companies have built and scaled massive systems with millions and sometimes billions of users, never really paying attention to what they’re storing about users or where the data ends up. It’s all just data.
What ends up happening is that the sensitive customer data is copied and fragmented throughout the entire system. Instead of just one copy of someone’s personal information, you have thousands of copies. Over time, you simply have no idea where and what you’re storing. If you don’t know where it is, or what it is, that makes it impossible to protect it and makes compliance impossible.
To address this, companies attempt to apply various cybersecurity tools to lock down access, control the information flow, and support different use cases. However, this is like applying a bandage to a broken arm, it can’t fix the underlying problem. The arm is still broken, and these patchwork solutions to data privacy and security can’t fix the underlying infrastructure problem.
As a result, even though companies spend millions of dollars on data security, they still continue to have data breaches and compliance issues.
Many companies are choosing to try to solve the problem of data security and privacy themselves. They underestimate the complexity of what they’re taking on, assuming that hashing or encrypting the data within their database will be enough. But solving these challenges is not the prime directive for most companies, so they lack the talent, domain knowledge, expertise, and focus required to really get a handle on the problem.
How did Netflix, Apple, or Google solve this issue?
In his presentation at Shift Miami on May 23rd, Sean will delve into the complexities of ensuring data privacy, and discuss how tech giants like Netflix, Apple, and Google have tackled this issue by creating a pioneering technology called the zero-trust data privacy vault.
Skyflow has drawn inspiration from these leading companies to create a data privacy vault accessible to everyone through a user-friendly API. I will walk the audience through the evolution of creating this API and demonstrate how to control access to sensitive data.