CIO Bulletin

A Radically Sensible Approach to Data Privacy: Skyflow

Skyflow was founded in 2019 to radically transform how businesses handle their users’ financial, healthcare and other personal data – the data that powers the digital economy. Skyflow’s inspiration was the zero trust Data Privacy Vaults pioneered by companies like Apple and Netflix to protect, store, and manage the sensitive customer information that’s critical to their businesses. Skyflow’s mission is to solve the world’s ever-growing data privacy problem by delivering Data Privacy Vaults via a simple and elegant API, so that every app, system, and workflow can provide best-of-breed data privacy.

Skyflow’s API makes it easy to add data privacy to an app – like adding payments to an app with Stripe. This lets companies protect sensitive data without sacrificing data usability, so they can focus on their key features and innovate faster.

Fine-Grained Access Control

Sensitive customer data is essential to nearly every business and is closely associated with a business's most valuable asset – customer trust. This makes it critically important to carefully manage access to this data. Data that could be used to identify an individual – things like a customer’s name, email address, and date of birth – is more sensitive than general-purpose data. To protect sensitive data from misuse, it should be governed by fine-grained access controls that limit its use to authorized purposes. Fine-grained access control is a method for providing highly granular control over who can access certain data, and in which format. Because fine-grained access control provides more nuanced control over data access than generalized (or coarse-grained) access control, it is well-suited for managing access to sensitive data, such as PCI data or PII.

A rule implemented with fine-grained access control can be simple – consider the following examples:

Restrict access to only the last four digits of a customer’s social security number (SSN) for identity verification.
Limit which phone numbers customers or gig workers have access to, and for how long, preventing potential misuse.

Fine-grained access control can help avoid overly-broad access to data. For example:

In a school with fine-grained access controls, instead of giving all teachers access to all student data, a teacher can only access their student’s records for the classes that the student has with them.
In a medical clinic with fine-grained access controls, instead of giving all doctors access to all patient data, doctors can only see the data of their patients, not all patients who visit the clinic.

This approach to access control avoids broad access to sensitive data (known as “coarse-grained access control”) that can compromise your privacy posture and lead to data breaches.

Fine-Grained, Highly Flexible, Scalable Data Governance

Because customer trust is critically important to any business, it pays to put in the effort to govern sensitive customer data thoughtfully and effectively. Skyflow helps you do exactly that.

It’s much easier to protect sensitive data when you have fine-grained access controls that you can manage with an intuitive policy expression language. This is especially true when these policies are enforced in data-level CRUD operations, not in downstream systems that serve data to clients.

The best way to accomplish all of this is to isolate and protect sensitive data it as soon as it’s collected and stored in Skyflow Data Privacy Vault.

Isolate Sensitive Data, Centrally Manage it in Skyflow

With all of your company’s sensitive data elements – names, SSNs, etc – isolated in a vault, you can centrally manage sensitive data access by creating policies that use a combination of common attributes. These attributes can include roles and assignments, but they can also include never-before-available attributes like consent, IP address, and time from other systems to precisely define the sensitive data governance rules your business needs to both protect and use sensitive data.

You don’t have to settle for all-or-nothing access anymore. Instead, you can provide differential access to sensitive data for various roles based on business workflow needs. This lets you handle each type of sensitive data differently, so you can easily provide plaintext bank account numbers to money movement services but only the last four digits of account numbers and SSNs to customer support agents (CSAs).

Easily Configure Fine-Grained Access Controls with Skyflow

How easy is it to configure these types of fine-grained access controls? Skyflow’s intuitive policy expression makes what could be an onerous task as simple as possible. Let’s take the example of granting CSAs read access to only the last four digits of customer SSNs. With Skyflow, you can set this access with an intuitive, easy to read policy. With a policy like this, even a compromised CSA client application won’t reveal full SSNs, because all but the last four digits of SSNs are redacted by Skyflow under this policy. This keeps full SSNs completely out of the CSA workflow.

Now, let’s say that you need to make this policy specific to residents of California. This could be complex if you’re using a less intuitive fine-grained access control system.

Meet the leader behind the success of Skyflow

Anshu Sharma is the Co-Founder and CEO of Skyflow, the data privacy vault company. A serial entrepreneur and startup investor, he co-founded two startups in security and healthcare AI. Previously, Anshu served as vice president of product and strategy at Salesforce leading identity, security and user data management. As an angel investor and venture capitalist, he has invested in over 50 startups including leading startups like Nutanix, Algolia, Workato, Tekion, and RazorPay.