Companies are collecting more sensitive data than ever before. And with more data, there is more risk. The risk associated with managing sensitive data forces companies to make a tradeoff: data privacy or data utility.
How can developers get the best of both worlds? That’s where data vaults come in.
The concept of data privacy vaults was born at companies like Apple, Google, and Netflix. A data privacy vault is a secure, isolated database designed to store, manage, and use sensitive data. Let’s break that down:
Skyflow empowers developers at companies of all sizes with a state-of-the-art Data Privacy Vault delivered through a seamless API.
The Skyflow Data Privacy Vault consists of four pillars that each contribute to the secure storage and usage of data:
Skyflow vaults have a sophisticated governance engine built in, which allows you to enforce granular, policy-based access controls at the data layer itself.
Skyflow exposes a simple policy-expression language that is used to define policies. The example below shows a policy with rules to mask social security data.
ALLOW READ ON identifiers.ssn WITH REDACTION = MASKED
Policies such as this one can then be attached to roles, which can be assigned to both users and machine identities. This ensures governed access to the data from both people and downstream applications.
Visit the Governance documentation to learn more.
Skyflow vaults enable developers to leverage the value of sensitive data when working with third parties or even when working directly with sensitive data itself without bringing this data into their infrastructure or services, and without having to provision or manage the compute infrastructure themselves.
To securely interact with third parties, Skyflow offers connections. These proxy functions help you build your own connections to any third party API to securely send and receive sensitive data. For instance, suppose you want to send credit card data to your payments processor. With connections, you can make a call to Stripe with tokenized credit card information. Connections will route the request through the vault, where the tokenized data will be swapped for real values, and then sent to Stripe. Visit the Connections documentation to learn more.
Vaults store data in isolated databases that have a number of privacy preserving technologies built in. These technologies include (but are not limited to) polymorphic encryption, data de-identification, and tokenization.
In addition, Skyflow vaults are built on top of a highly scalable, enterprise-ready RDBMS system. You can bring your own customizable schema, and a robust key management option allows you to manage your own encryption keys. You also have the ability to use multi-tenant or single tenant with VPC and privatelink.
The infrastructure that is the foundation for Skyflow vaults meets all of the following qualifications:
Create your first vault to get started.
In this article
© 2022 Skyflow, Inc. All rights reserved.
Skyflow.com
Cookie Policy
Terms and Conditions