Your question has two specific parts that I want to address:
1) Single Point of Failure
2) Larger target for malicious actors
Regarding point #1:
- We have invested significant amount of resources in making our product as stateless as possible and our core product can live on different cloud providers' edge networks.
- We conduct failover tests every 2 weeks to ensure we have the capability to respond to any blips in downtime. Our SOC2 Type2 report is available to discuss the availability and disaster recovery items in detail.
- As a side note: We solve the issue of the "vendor is down" problem -- for example, we have customers who seamlessly switch between providers, say credit score checks, when one of them is down without the liability of storing that data themselves.
Regarding point #2:
- This is our core focus. We take on the liability. The idea here is if this is the core focus, we can do this better than a lot of folks out there.
- We also broker access to different Fortune 500 institutions that visit our offices and constantly pen-test us, audit us, etc.
I think it's important to acknowledge that as developers security is always important, but never prioritized until its urgent. We are trying to change that @ VGS.
Please, email me directly and I'm happy to have a further chat: mahmoud @ ${COMPANY_NAME}.com
You had me at "cloud providers". If you store the data on some cloud provider, then you are just as bad as what your prospective customers are doing.
I don't want any of my sensitive data stored on "some cloud provider".
Also, your security strategy apparently boils down to "we'll be REAL CAREFUL, pinky swear!"
That strategy does not work, and has never worked before. The whole reason why you think your product is needed is because your prospective customers do it just like that.
I'm stunned you found investors with this proposition.
Here in HN, we all know what happened whenever a large actor took on the liability. The answers here are almost insulting given the category of the service provided; dismissive even.
agreed, imagine the ability to look at all of the data they have and find a dump on that.
idea time: Cryptographically store this data on physical cards that can fit into wallet and be managed by the user and 'revoked' if they lose the card. obviously things like backing up and storing will still need to be done, but that does not necessarily need to be reachable via an API or on the internet all after it has initially been created.
mahmoudimus|7 years ago
Hi robert204,
Your question has two specific parts that I want to address:
1) Single Point of Failure
2) Larger target for malicious actors
Regarding point #1:
- We have invested significant amount of resources in making our product as stateless as possible and our core product can live on different cloud providers' edge networks.
- We conduct failover tests every 2 weeks to ensure we have the capability to respond to any blips in downtime. Our SOC2 Type2 report is available to discuss the availability and disaster recovery items in detail.
- As a side note: We solve the issue of the "vendor is down" problem -- for example, we have customers who seamlessly switch between providers, say credit score checks, when one of them is down without the liability of storing that data themselves.
Regarding point #2:
- This is our core focus. We take on the liability. The idea here is if this is the core focus, we can do this better than a lot of folks out there.
- We also broker access to different Fortune 500 institutions that visit our offices and constantly pen-test us, audit us, etc.
I think it's important to acknowledge that as developers security is always important, but never prioritized until its urgent. We are trying to change that @ VGS.
Please, email me directly and I'm happy to have a further chat: mahmoud @ ${COMPANY_NAME}.com
fefe23|7 years ago
I don't want any of my sensitive data stored on "some cloud provider".
Also, your security strategy apparently boils down to "we'll be REAL CAREFUL, pinky swear!"
That strategy does not work, and has never worked before. The whole reason why you think your product is needed is because your prospective customers do it just like that.
I'm stunned you found investors with this proposition.
grenoire|7 years ago
fosco|7 years ago
idea time: Cryptographically store this data on physical cards that can fit into wallet and be managed by the user and 'revoked' if they lose the card. obviously things like backing up and storing will still need to be done, but that does not necessarily need to be reachable via an API or on the internet all after it has initially been created.
I spent two minutes on this idea, be nice :-)
toomuchtodo|7 years ago