Data protection company Piiano has released Piiano Vault, a secure database that’s designed to give enterprises the ability to store safely sensitive personal data in compliance with the EU’s GDPR, California’s CCPA and other privacy and security standards. Piiano Vault is designed to deployed into an enterprise’s existing cloud environment, where it can control access to sensitive personal data.
While Piano Vault has been designed for use by any enterprise, it’s also designed to support developers, allowing enterprises to meet their security and privacy requirements in-house with their own development staff. This allows developers to incorporate the secure database as their applications are created, avoiding the common practice of trying to retrofit security and privacy into an environment not originally designed for it.
The use of a separate secure zero-trust vault is already a growing practice in large enterprises. Piiano Vault builds on this best practice by keeping all sensitive data in one place where developers can build their systems using building blocks such as field-level encryption, tokenization, masking, data retention and granular access control. Piiano says that Vault provides developers with out-of-the-box support for requirements such as GDPR and CCPA and other security standards.
“Until now security chased everybody and now for the first time, we want to empower developers and to give them the tooling to be able to become the new data protectors,” said Gil Dabah, CEO of Piiano. “This is how we call them. Because only they can do the privacy by design or security by design changes to the product itself when they develop it. And that’s why developers are so important to stop the next or to fight the next data breaches when it comes to sensitive data.”
Dabah said that the difficulties in retrofitting security into an existing environment played a major role in the development of Piiano’s Vault. “It’s a database that is built from scratch to answer the regulations requirements and data protection requirements, and compliance functionality that companies are now building all over the world.”
“We are an infrastructure for developers to save them the time and the effort and the pain and the expertise they need to understand privacy regulations,” Dabah explained.
Dabah draws on his experience in the Israeli intelligence services to watch for and recognize patterns in security requirements. He said that the GDPR was a major part of the patterns he’s seeing in which more attention and thus more regulation involving security is emerging.
Dabah said that one advantage of Piiano’s approach to security with the Vault is that it’s cloud native. “Since Piiano is about cloud native infrastructure technology, then we are there even if you have some Amazon account where you run all new applications.” He said that by having the Piiano Vault, developers now also have a secure place to store the personally identifiable information when they’re creating or developing software.
In addition, Piiano uses the Vault to tokenize the information it contains. “Just like if you are familiar with the term tokenizing credit card numbers in PCI vaults,” Dabah explained, “So we want to bring the same mechanism and the same value, which is huge with tokens of payment information.”
“And now inside the backend system you can start streaming the tokens instead of the plain text PII. And what you get is a concrete, a pragmatic or practical reduction in the exposure and footprint of these sensitive information unique systems,” he said. “So the likelihood of some developer dumping all the passwords in plain text to log is now really reduced. So that’s part of what we are trying to achieve with privacy by design.”
Ultimately, Dabah said that security by design is his goal for developers. Such a practice has been discussed for years, but because of the difficulty in implementing it, security by design is rarely done. With the Piiano Vault, developers and enterprises have another tool to help it happen.