Blog

Feb 16, 2021

Three Outcomes of using Skyflow for Sensitive Data Access Governance

Ashley Jose

Ashley Jose

Product Manager

Skyflow provides a set of vault capabilities to securely leverage sensitive data for key business processes while preserving data privacy. In this blog post, we will be discussing the 3 key outcomes you will achieve out of the box when you use Skyflow to govern access to your sensitive data.

1. Multi-Party Data Sharing with Confidence

Skyflow enables the “isolate, protect and harness” approach to manage sensitive data.  In order to harness the value of this data, applications often need to talk to each other and share data. When it comes to sharing sensitive data - your organization’s crown jewels, it becomes even more important to ensure responsible stewardship of this data. This responsibility hinges on the following capabilities:

1.1. Privacy preserving data sharing

Privacy preservation is one of the key value propositions of Skyflow. By employing data loss prevention techniques such as tokenization, redaction, masking and encrypted computing, we can ensure that the same data is shared differentially based on the identity of the end consumer and the specific business use case. 

Example Use Cases

  • A credit card applicant seeing her own PII including SSN in plain text as opposed to a customer support agent seeing only the last 4 digits of her SSN (Masked) for identity verification purposes. 

  • A front-office staffer can leverage the power of encrypted computation to match the SSN number of a customer without ever viewing the entire SSN column in plain text.

1.2. Consent-based data sharing

Enforcing consent before sharing data is paramount to build customer trust. Customers trust your organization with their PII and they deserve to know and control how that data would be used and processed. By enforcing row level data access control, Skyflow can check the consent field value for each individual before sharing any PII data with third parties.

Example Use Case:

  • Sharing COVID-19 test results and PII of patients with state officials for contact tracing purposes, only if the patient has given consent to share their data.  

1.3. Data Minimization with granular access control

Enforcing principles of least privilege is an effective way to reduce your attack surface area when governing access to sensitive data. User accounts and apps should only have access to the specific fields that they need to perform a legitimate business function. Using column-level and row-level access control, support for SQL WHERE clauses and Common Expression Language, Skyflow enforces very granular and condition based access policies. 

Example Use Case

  • A physician should have access to view and edit medication information of only those patients she treats and not the entire patient database.   

2. Zero-Trust Access Control

Continuously evaluating the context and the intent of each data access request is a core principle of the Zero-Trust(never trust, always verify) approach. Skyflow’s dynamic policy engine can enforce attribute-based contextual policies across a slew of parameters — IP range, geolocation, time and day of access, number of records requested per unit time and so on. The goal is to validate the intent of each request that comes in before authorizing access. 

Example Use Case: 

  • A database admin user can log in only during work hours on weekdays and only from company approved IP ranges.

  • On a read SSN request, an MFA (Multi-Factor Authentication) flow is triggered and access is granted only after a high assurance session is established. 

3. Accelerate data compliance 

The Skyflow environment is compliant with PCI and HIPAA out of the box, it also follows NIST security standards. Many of the compliance regulations specify rules that dictate how you should store, display and process sensitive data. Such rules are digitized and then templatized by the Skyflow policy engine so that customers can accelerate their path to compliance. 

Example Use Cases: 

  • Enforcing ‘Right To Process’ consent for GDPR when sharing data with third parties.

  • Displaying Primary Account Number (PAN) in a masked format for PCI compliance.

If you are interested to see all of this in action, please sign up for a demo!

If building a world-class data privacy solution sounds exciting to you we would love to talk to you. We are hiring.

Ashley Jose

Ashley Jose

Product Manager

Follow Us

Contact Sales

195 Page Mill Road, Suite 111
Palo Alto, CA 94306

© 2021 Skyflow, Inc. All rights reserved.