Release Notes

Skyflow ensures world-class data privacy protection and regulatory compliance of sensitive data, while providing access to de-identified data for business use cases and continued innovation. Improvements to the Skyflow platform with new privacy innovations are ongoing at a swift pace. The latest release includes two new vault types: Customer Identity Vault and Payment Vault, significant performance enhancements, new features, a brand-new user interface, and features for quick customer adoption.

Customer Identity Vault

The Customer Identity Vault is a multi-object vault designed to store customer identities and profiles securely. The latest design of the vault allows the storage of core identities such as name, email, phone number, SSN, and linkable data such as age range, gender, race, and many more. Here’s an overview:

  • A robust multi-object vault designed to store customer identities
  • Support for linked and linkable PII data
  • Vault-specific REST APIs provide a higher level of security and reliability

image alt text

Screenshot 1:A UI browser view of a customer identity vault

Payment Vault

Payment Vault is a multi-object vault designed to store payment, credit card, and transaction data securely. Businesses can store and tokenize sensitive data using Payment Vault to reduce PCI compliance scope and allocate resources to bring products to market faster.

  • A robust multi-object vault designed to store payment, credit card, and transaction data
  • Vault-specific REST APIs provide a higher level of security and reliability
  • Tokenization REST APIs make it easy to store sensitive data and retrieve tokens

image alt text

Screenshot 2:A UI browser view of tokenized data returned by default on all API calls

Role-based access control

Skyflow supports a Role-Based Access Control (RBAC) model to provide authorized access to Skyflow resources. The roles are categorized as Admin Roles and Vault Roles.

  • Several predefined roles are available with varying levels of access and control
  • Admins have access to the admin console for users and roles management
  • Specifically, Vault roles create and manage vaults and data management

Data Browser Re-imagined

A re-imagined the data browser to make the user experience familiar, clear, and smooth compared to a previous beta implementation. Addition of grid functionality with the ability to resize, hide, rearrange, and freeze columns improve user experience.

  • Color-coded fields indicate the sensitivity of data, and default DLP policies are applied to columns for a better visual representation of the data.
  • Example code blocks help run SQL queries against the data browser
  • The following predefined views are available in the data browser:

    • Default view - the data is shown with default DLP policies
    • Plain text view - the raw version of the data is displayed. Only vault owners and creators can see this view
    • Schema view - the underlying schema of the vault along with the associated privacy data types and attributes are displayed
    • Log view - the logs for vault data transactions are displayed
    • Results view - the results of an SQL query are displayed

image alt text

Screenshot 3:A UI browser action view of schema, log and result views

Administration workflows

Admins control Skyflow instances with a new admin role and a console using administrative workflows.

  • Admin workflows that enable Admins to control user and role management
  • Workspace controls add another layer of security and access controls for Admins
  • View all of the vaults created in each workspace and which users have access to the vaults

Service accounts

Service accounts are machine to machine accounts expressly set up to integrate a service (app or machine) with Skyflow vaults without the context of a human user. Service accounts improve the security of the system and add another layer of access control.

  • API service accounts help create clients that can integrate with Skyflow REST APIs
  • SQL service accounts used with database drivers can connect to Skyflow vaults
  • Policy-based access control provide service accounts controlled access to sensitive data

Authentication and authorization enhancements

Enhanced authentication and authorization with interview-based login and security best practices further protect users and their data.

  • Signed JWTs via asymmetric key encryption are used to authenticate access to APIs
  • Interview based login ensures additional security
  • Session timeout implemented for inactive users

Enhanced Documentation Support

A new developer micro-site makes it easier for developers to get started with the Skyflow API.

  • Updated documentation makes it easier than ever for developers to understand Skyflow
  • New step-by-step guides on how to use Skyflow vaults
  • Updated API swagger documentation with Vault specific APIs

Workspaces

A Workspace is a dedicated cluster infrastructure to deploy vaults. Workspaces allow logical groupings of vaults and resources geared to a specific goal make it easier for developers to test and validate their workflows.

  • Each Skyflow account is pre-configured with a Production and a Sandbox workspace
  • Each workspace has configuration controls for sharing permissions and role-based access
  • Each workspace has management APIs that allow developers to manage vaults using REST APIs

Platform enhancements

New platform features make it easier for users to manage notifications, vaults, and resources

  • The Events Service allows Skyflow resources to communicate its event-driven state
  • The Notification Service can trigger email notifications for state changes on specific resources
  • Create and manage new Vaults from the UI or API
  • Browse and preview the Vault templates
  • Sharing of the vault with other users using RBAC defined roles
  • Availability of Customer Identity Vault

PrivacyDB enhancements

PrivacyDB is the core of the Skyflow platform with new features for enhanced SQL queries and operations, with privacy data types to give developers more flexibility to develop customized applications.

  • Introducing Skyflow objects and privacy data types to support a variety of data models
  • Enhanced support for SQL queries and operations
  • Simplified and consistent URl patterns

Privacy Preservation Engine enhancements

The privacy preservation engine (PPE) drives core encryption capabilities on the Skyflow platform. New features improve stability and flexibility for a highly secure privacy platform.

  • New credential management engine can store encryption keys
  • Built-in credential versioning
  • Expanded support for data types including unsigned integers, floats, and int_64

Deployment Architecture Enhancements

Enhancements to the deployment architecture make it faster and more secure for customers to get vaults and data services running.

  • A customer is set up with PrivacyDB and account in a separate cluster
  • Simplified URL naming schemes for workspaces