We consider many things valuable in our lives: money, freedom, and homes, for instance. Yet all of these are now in danger because of stolen identities. In the modern digital era, criminals are not just targeting our wealth or property but our very identity itself.
Sadly, the software development methodology of many corporations has aided this new breed of criminals by failing to be good stewards of the information entrusted to them. We’ve all seen the news headlines: “Millions of Identities Stolen” and “Corporation Left Secure Data on Open Server.” This sort of headline is now all too common, often dominating the news cycles. People are left wondering if their data can ever be safe or if the software can ever be trusted.
Most of this goes back to a quirk of human nature—namely, that security often becomes an afterthought to functionality. For example, the first cars built didn’t have door locks or even an ignition key. It was more important the vehicle be able to drive and go places. It wasn’t until years later that automobile companies began offering door locks and ignition keys as a standard part of the cars they sold.
We see this same opinion in many industries, which has led to the situation we are in today. Criminals will always look for the easiest route to make money. When infamous bank robber Willie Sutton was asked why he robbed banks, he answered, “That’s where the money is.” But after decades of work to vastly improve security, criminals rarely attempt to rob banks anymore. It’s far too risky.
But if only legitimate customers can get money out of banks, then the criminals need to find a way to convince the bank that they are legitimate customers. Achieving this level of deception used to be complicated. First, you have to know secret information about a person, information only that person should know. But the very companies that would validate this information were like the banks of Sutton’s day. These modern corporations kept all that information in the equivalent of inadequately guarded safes. Some of these data breaches involved putting their customer’s information on a public display board in the figurative front lobby, thinking no one would ever look there.
This may seem like an odd article for a company dealing with precisely this sort of customer information to publish. But that’s because, at Prove, we believe in a different philosophy: Security by Design.
Imagine that instead of security being something bolted on at the end, security is the primary goal that we plan for from the very beginning. We add functionality to our systems only after ensuring that the data used is secure at all times. That way, data can never be compromised because it is always secure.
This philosophy has led Prove to several standard models that form layers of security within all our systems. The first and most robust is that Prove does not store any Personally Identifiable Information (PII) in our storage systems. After all, if you don’t have the data, you can’t very well lose it.
Whenever PII data is required, we retrieve the most recent and accurate data from our providers, ensuring that our data is never stale. We use that data only for the requested transaction, after which the information is forgotten on our systems. Discarding sensitive information means that, even if someone had direct access to our servers and storage, they would still be unable to compromise any customer data.
Secondly, we rely heavily on encryption in all of our systems. All connections to and from our data sources and interacting with our clients use modern cryptographic techniques to ensure that the data cannot be intercepted or compromised. As a result, only the intended recipient of the data can receive it.
Additionally, we also use encryption internally. When data moves within our systems, it is encrypted, ensuring that the data, even internally, cannot be read while in transit between systems. This kind of protection is mandated by the highest security requirements of government agencies and the military. Data simply does not move in a useful format. Even an employee of Prove could not read the confidential data.
Finally, in rare cases where we need to know if data has changed over time, rather than store the data for comparison, we keep a version that has been mathematically hashed in a way that the original data cannot be recovered from the hashed value. This way, we can determine changes without needing to store the actual data on any of our systems.
Rather than security being an afterthought, like we see at the compromised companies, all our systems are designed first and foremost to be secure. At no time do we expose the data of customers in any way.
I’m sure you’ve heard these promises before, but as the original system architect, I ensured security by using my personal data as the first record run through the system. After all, if I wouldn’t trust it with my data, then why would you trust it with yours?
Prove believes in security by design and ensures that all your data is always safe from compromise. Don’t you wish all corporations worked this way?
Top comments (0)