2 comments

[ 5.1 ms ] story [ 16.6 ms ] thread
Security and privacy are complex topics—most developers I’ve come across aren’t deeply familiar with best practices or well trained to architect secure systems. Also, security, privacy, and compliance collectively form some of the most substantial challenges for small and medium sized SaaS companies when selling to enterprise customers. On the consumer side, the massive influx of recent data leaks (https://www.upguard.com/blog/biggest-data-breaches) make this issue critical.

Similar to what Stripe did for payments, I think the solution lies in abstracting away implementation details for secure architectures that need to commonly be built from the ground up. To name a few concrete components of a secure SaaS application that can be abstracted:

- end to end encryption (for p2p file transfer and for teams)

- multi-tenancy in data architectures

- secure data stores (with row/column, and even element level obfuscation of sensitive/PII data): obfuscation would be dynamic and highly configurable through an ACL style interface

- data severability: the ability for customers of an application to delete (or broadly, govern) their data should they feel at risk

In summary, a highly secure, scalable, and governable data backend for application developers to use instead of building their own. All accessible through an API which can be used a la carte.

Would love to get some thoughts on this approach from the community? What do you think?

PS. If you’d like to chat directly, get in touch through https://cipherflow.co

This is a good idea! Where is the implementation and technical details?

Here is a project I have been working on which tackles these challenges and more (end-to-end encryption, bring your own key, data ownership, open-source, protection from client-side code in browsers, access control and monitoring, etc.): https://redact.ws