Ep. #1237 - Data Hoarding Business Hazards
In today’s episode, Matt DeCoursey and Anshu Sharma, Co-Founder & CEO of Skyflow, shed light on data hoarding business hazards. Let Anshu and Matt guide you through the complex landscape of current data privacy issues. They highlight how data leaks occur and offer valuable insights into effective prevention strategies. Moreover, they delve into critical discussions surrounding data security, governance, and robust security measures.
Covered In This Episode
About 62% of business professionals admit to data hoarding, a compulsion as destructive as physical hoarding. It is when an organization collects and archives data regardless of their relevance. Skyflow’s Anshu Sharma explains how data hoarding can affect a business negatively.
Listen to Matt and Anshu talk about data collection and privacy. Anshu explains what Skyflow is trying to solve: data access and governance. He provides examples of how companies collect personally identifiable information (PII) and do not ensure their security.
Matt and Anshu discuss Skyflow’s polymorphic encryption, a departure from the typical data access protocols that expose PII. Basically, polymorphic encryption allows businesses to interact with the data without seeing the data. They also discuss how data is currency, but only if it is relevant at a specific time. Keeping old data only uses up resources.
The conversation turns to data hoarding, leading to an increased risk of costly security breaches. Many people have PII floating around that bad actors can use. The organizations collecting them must take security measures to protect personal and business data. Skyflow provides a wall around PII to keep it from the wrong hands and not floating around. They wrap up with the speculation on whether their phones are listening to them.
Do you suspect you are data hoarding? Get insights from the conversation in this Startup Hustle episode now.
- Anshu’s background (1:15)
- What Skyflow is trying to solve (2:04)
- Data collection and privacy (4:45)
- Protecting PII (7:13)
- Data governance (11:16)
- Skyflow’s Polymorphic Encryption (12:57)
- Relevancy and currency of data (15:58)
- Data security (21:10)
- Is your phone really listening to you? (31:42)
- Security measures for both your personal and business data (33:07)
- The cost of having your data stolen (36:12)
Data protection is not always just about security, which is the point solution we have there. It’s not also just about anonymization. It is sometimes about safety.– Anshu Sharma
Zero PII in zero hands most of the time. Unless a customer actively authorizes one user to see one piece of information at one time. We need to go from like, hey, just because I have it, everybody in my company has to. No. You have consent for some very specific thing. And you’re basically a fiduciary of that data. It’s your responsibility to make sure to keep that trust with the customer. You need to be 100% sure that the data is protected at all times and is used in compliance with the consent that you’ve given.– Anshu Sharma
I like to say in sales, if it’s old, it’s cold. Like when you miss that window when people are primed to buy or make decisions. That’s the reason that the top spot on Google is an auction, and whoever wants to pay the most for those clicks gets them because there are so many things in life that most consumers, probably 80%, find that solution; they quit looking.– Matt DeCoursey
We live in a time where I can order my coffee and have it delivered not to the place where I’m ordering it from but where I will be in four hours. We live in times where I can get personalized service for almost everything. In exchange, we are all exposed all of the time.– Anshu Sharma
Do you want to build a software development team quickly and affordably? Leverage what Full Scale can offer! Full Scale provides highly qualified professionals who will work only for you. More importantly, the proprietary platform automatically matches you with a fully vetted team.
Also, check out our Startup Hustle partners that support the startup community. They offer various services for different businesses.
Following is an auto-generated text transcript of this episode. Apologies for any errors!
Matt DeCoursey 0:00
And we’re back, back for another episode of Startup Hustle. Matt DeCoursey here to have another conversation that I am hoping helps your business grow. Data, data, data, it’s everywhere. Do you have it? Do you not have it? Where is it? What is it? What are you doing to protect it? Are you hurting it, and what kind of business hazards could come up with that? We’re gonna talk about that and probably a lot more on today’s episode of Startup Hustle. Before we get started, today’s episode of the show is powered by FullScale.io. Hiring software developers is difficult and Full Scale can help you build a software team quickly and affordably and has the platform to help you manage that team. Go to FullScale.io to learn more. With me today, I’ve got Anshu Sharma. Anshu is the co-founder and CEO at Skyflow. Go to Skyflow.com. It’s spelled just like it sounds. And there’s also a link in the show notes. If you want to give it a click. Straight out of Palo Alto, California. Anshu, welcome to Startup Hustle.
Anshu Sharma 1:03
Hey, great to be here.
Matt DeCoursey 1:05
Yeah, but I’m looking forward to talking about some of this data is everywhere. But before we get into that, how about a little data about your backstory?
Anshu Sharma 1:15
Sure. You know, I’m a classic immigrant engineer-turned-founder. I came to this country, I know, 25 years ago with the proverbial $200 in my pocket. And I think what’s exciting is, when you start with nothing, there is unlimited opportunity. And this country has proven that to be true for me. So, I’m very excited that this is my third startup. I got to do some amazing things with companies like Oracle and Salesforce. We built one of the earliest Salesforce platforms. And even before Apple had an app store, we had an app store, so we can talk about some of that fun stuff.
Matt DeCoursey 1:57
Well, that’s cool, man. So what made you, like, what’s the problem you wanted to solve at Skyflow?
Anshu Sharma 2:04
Yeah, so let’s take a step back, right? In the morning, you get out 20 years ago. You go buy coffee, okay? All right, nothing happens. You go, then read your newspaper, and you know what, nothing bad happens. Then you go file your taxes, and you know what you meet an accountant, and he fills up the paperwork at the door. Today, you do those three things. Somebody somewhere is collecting data on you. You know, if you’re going to Starbucks every day, they have your credit card number. In fact, if they want a free cup of coffee, they have your date of birth, and they have points. So Starbucks may have more data about where you live and how you live than your closest friends because they know where you’re picking up coffee four times a day. When you read your newspaper, the newspaper now knows you more than you know the newspaper. Because if you haven’t signed up for a subscription, you’re not reading it. They’re tracking you they know what’s going on. They may be writing long articles about how capturing data about customers was terrible while capturing data about you. When you go to your tax guy, well, he’s actually taking your social security number and giving it to Intuit TurboTax, which in turn is giving it to somebody else, which in turn is giving it to the IRS. And guess what IRS actually has your social security number audited. So, why are you sending it to 234 Different people before sending it to them? So my realization working at companies like Salesforce Nautical was everybody is in the business of personal data. Like it or not, doesn’t matter what you’re selling. These days, you could be selling fruit or meat on the internet. And you still end up with personal information. And all these laws, like GDPR and stuff, make it such that if you screw it up, you’re going to be paying hundreds of millions of dollars. So my insight was, well if there’s Stripe for credit card data, there is Twilio for sending text messages. why hasn’t somebody paid the equivalent for sensitive personal data? Like why can’t they just take customer data and keep it in the cloud service? It’s 100% protected, never visible to anybody without right permissions, and always encrypted. That would be a holy grail of security. But unfortunately, nobody had built this thing. Except the largest companies have built some of this in-house. That’s how Apple works. So my insight was whatever this thing Apple has inside. Why can’t we make it available to all the founders, developers, engineers, and large companies? So, we started this company four and a half years ago. It’s been a great journey.
Matt DeCoursey 4:45
Well, I’d say you get some validation from outside investment. According to my notes, you raised over $70 million. So congratulations with that. And you know first for so many of us out there in the startup space. You know, the funding is validation, but obviously, user flow and revenue come with that as well. You know, and you know, the data thing. It’s I’m very interested about, well, you know, when we talked about like the title here, data hoarding must be a lot of people don’t know this. But you know, if you have your any site or any SaaS product or anything, you’ve got, like Marissa data in your server that I’ve talked to early-stage founders, they don’t even know it’s there. They’re like, Oh, I wish we had tracked all this. I’m like you probably did. And you didn’t even know it. That’s the kind of stuff that becomes the most dangerous, right? Like the sensitive information you might just have sitting out in the open or fairly out in the open. And that’s really what we need to start by protecting, right?
Anshu Sharma 5:43
Yeah, so I think it surprises people how much personal data they end up collecting. It also surprises them, what is personal data 15 years ago, you would say, you know, maybe your email addresses personal data. Today, according to most laws, your IP address is considered personal data. In fact, Apple shut down that cookie tracking thing, because they consider your anonymized tracking ID to also be personal data. So the laws have changed. So you may think, Hey, I don’t really collect anybody’s social security number, I don’t have anybody’s date of birth, well, if you’re engaging with a user, you atleast have an email address, most likely you have a phone number. If you’re running a business, you probably have a credit card number two. And then as we move to new forms of payments, we’d start collecting people’s bank account information because guess what, you can save 2% on that transaction, if you actually do a direct debit, rather than sending that money to Stripe or Visa. So I think no matter what kind of business you’re building, you don’t have to be in a regulated business. You don’t have to have billions of users, you end up with this data. And in fact, one of the challenges is just knowing what data is sensitive and not. And, you know, we help our customers with all of that stuff and take care of the problem end-to-end.
Matt DeCoursey 7:07
Is the main thing that we’re trying to prevent here fraud, or is it? Is it something else?
Anshu Sharma 7:13
That’s a great question. I think there’s a lot of companies that provide what we call a point solution. Right? So what’s the point solution? Point solution is me selling you extended, extended warranty, basically, for your newest TV, it doesn’t really protect you from everything, it has very limited clauses, blah, blah, blah. That’s how cybersecurity industry has traditionally been, hey, I’ll protect your thing from API detection by giving you a firewall for API’s. I’ll give you this other thing that does this other thing. But as a CTO, as a founder, as a business owner, as a CIO in an ideal world, you don’t want to buy 15 different things, stitch them together. And then you don’t even know whether they’re stitched together correctly. So Skyflow’s viewpoint from day one was view or build a solution. We are not focusing on this one type of attack one type of problems. So the problems are, from the moment you try to onboard a user, you will have a be doing things like KYC, or maybe at least just checking whether the email address is valid. So it’s not spam. While you have to store and protect that information somewhere. If we do that, then you may be sending text messages or emails to the customer over time. Well, you don’t want that email address and customer phone number to fall in the wrong hands or the wrong team in your company. So Twitter just got fined $150 million because they collected phone numbers for two factor authentication, you know those codes that you get on your phone, but decide using those same phone numbers for marketing purposes. Well, that’s illegal. Well, how does your company know which phone number is legal to text to fn codes on in which phone number is legal to sell marketing? Well, somebody has to track that. Well, we can do that. Well, what else can you do? Well, sometimes you want to basically take historical data and analyze you have more customers in 408 area code, or do you have more customers in Germany? Well, how do you do that? Well, you’re going to be loading that data into something like Snowflake or Data Bricks. While when you do that you just created another pool of data. And Skyflow will make sure that data doesn’t contain personal data again. So in fact, these days, everybody’s rushing towards large language models. Guess what? A model, when you build a model to fine tune a model, or even use a model. The first thing you have to do is give it some historical data. Hey, here are my last 15 emails with Matt, can you tell me what I should write next? Well, those 15 emails will have things like email addresses, may have phone numbers, device IDs and such in certain cases, or you may be sending historical data. One of our customers is building an LLM for doctors. That means they want to take all the patient records, build this fancy model that can then tell you Hey, if somebody walks in with knee pain, what are the likely causes? Well, to build that model, they need to feed the machine, more data. But you can’t have people’s personal data or any other sensitive information, just go into a model, otherwise you’d be liable. So they use Skyflow for that. So independent of the use case, our mission is to protect what we call PII, Personally Identifiable Information. Whether you’re building an app, whether you’re analyzing the data, whether you’re marketing with that data, whether using the data to build models, or doing AI, we are providing you a single stop solution that takes care of all of those needs. By building what we call a data privacy wall, a data privacy wall basically sits in the cloud, just like you put your most important jewelry, and other stuff in a bank vault, you should be putting all of the personal data in a Data Vault. And that’s what Skflows built and that’s what we offer to customers through an API so that from their perspective, it’s as easy as using Twilio or Stripe, but behind the scenes, we’re doing some magical things.
Matt DeCoursey 11:05
So get the concept of the of the Cloud Vault, how do you mitigate the issue of like a bunch of developers or other people at the company just having the same lists?
Anshu Sharma 11:16
Well, that’s where data governance comes in. That’s why you can’t have just the Walt, you need to have governance around it. You need to have rules, you need to have role based access control, you need to have attribute based access control. So give you an example. You may be running a tiny company, but maybe you have, you know, out of the 5000 users, you have a 5 million, there’s 25 users in Indonesia and 23 users in Germany, guess what, both of those countries have rules around where that data can be stored. And who can see the data? Well, how do you set that up? Well, in Skyflow, it’s very easy. You basically say, you know, column number c, that country stores, phone number of these customers, let’s make sure that’s only viewable by German citizens. And column number D is never viewable by anybody who’s not from Vietnam. So you can actually put down rules around columns, rows, you know, even value, you can say, for high net worth clients, only certain set of people will be able to see the data, all of this complexity, we take it away, you just basically create a wall, set up the rules, and we take care of everything else.
Matt DeCoursey 12:25
So I think one of the things that I’ve learned with, you know, date, I’ve had several shows in the past that were data related. And you know, there’s lots of opinions on it. Now, I think the thing I’ve really come to realize is the data isn’t worth anything, if it doesn’t create some kind of actionable outcome. Do you also help the your users determine like what actually matters? And how to arrive at something valuable rather than just locking in the data? Or to the platforms that you integrate with do that?
Anshu Sharma 12:57
Good question. So traditionally, cybersecurity people have solved security in a very simple way. They’re like, Look, if you want to protect your data, give me the phone number, email address, date of birth of your customer, I’ll encrypted and you’ll never be able to see it. Well. The problem with that is exactly what you said, Well, if I encrypt or tokenize, my data, and I can’t use it, it’s worthless to me how I’m going to serve a customer who calls me up and says, Hey, I forgot my, you know, a ticket, can you help me replace it and you’re like, Well, I can’t see your name, I can’t see your email address, I can’t see your number, I can’t search for you, I can’t analyze you. Well, that’s useless. And that’s how most security worked before Skyflow entered the market, you had a choice between being able to use the data to interact with the customers are protected. we broke that by basically creating something called polymorphic encryption, which is basically our engine. In layman’s terms, what it does is it allows you to do things like search for somebody and send them an email or text without even looking at the email address. It allows you to do things like send text messages to 3000 customers that have had a downtime issue without looking at their phone numbers. So we basically turn what would have been catastrophic security situation where you either let everybody see the data, or you can’t even engage with them. By integrating with cloud services like Salesforce and SendGrid, and SnowFlake and everybody else, you can have your cake and eat it too. And that’s really what makes Skyflow fundamentally different and why we were able to raise $70 million for a company of our size because there’s a holy grail and security, which is can you do everything you need to do without decrypting the data because decrypting the data creates risk, but not decrypting it means you can’t use it while we broke that sound barrier. And as a result, we can do certain amazing things with our customers.
Matt DeCoursey 14:57
So one question that’s going through my head like this last15 minutes of chat, as you know, we, okay, the biggest rule of economics revolves around supply and demand. And we have already acknowledged that our data is out there everywhere, whether it’s been collected ethically or stolen, it’s out there, right? It’s for sale out there. If iall of our data is out there in so many different places, and it’s accessible in so many different ways, shouldn’t that disturb the supply and demand equilibrium? Meaning like the value that is the data still is valuable? When it’s not as, you know, if it’s not as accessible or available? It should be worth more, but if it’s everywhere, shouldn’t just be worth pennies on the dollar.
Anshu Sharma 15:43
Yeah, so it’s true and false. So what does that mean? Well, well, and
Matt DeCoursey 15:49
I understand that in some places, you may be getting it unethically in this model I’m talking about but it’s still out there.
Anshu Sharma 15:58
Yes, so good point. However, there is something called freshness of data, significance of data value of data. So yes, there is data out there about like, you know, on, she used to live in Foster City, it’s part of public records. Now you can find that information. You can even find my last four passwords probably on have Ihavebeenphoned.com, right. So there are these pieces of information about us floating around, which makes actually everything else a little bit more dangerous. The thing that’s missing usually is, Matt, most likely your social security number is not on the internet, or it’s not easily accessible. The funny thing is actually, if your social security number was accessible on the internet, let’s give you a fake social security number 449327489. Okay, if that social security number is floating around on the internet, you know what, there’s not much a bad guy can do with it. Unless they also know that that Social Security Number attaches to your name, and your phone number and your email address. So it’s not just the fact that data is floating around, it’s actually the fact that we call it against one human being, and then I can file a credit reporting is to take a loan against your name. That’s what makes it dangerous. And what Skyflow’s mission is to basically put a wall around all the sensitive data, most of the time at most of the businesses. So two things. One is we making it less likely that more of our newer data ends up in the wrong hands, and B, the data that is lying around everywhere. If they can’t call it to your personal information, it’s less valuable, you know, thief is more likely to use a credit card number when they also know the date of birth. Because sometimes validation requires that than somebody whose credit card numbers is lying on the internet, without the date of birth. So the job is to make it harder and harder. And it is an arms race. And that’s what makes cybersecurity so interesting.
Matt DeCoursey 17:58
Yeah, and I wanted to add something you mentioned the relevance or currency, meaning how current not like cash, but how current is data. And that just break this down even simpler. So if you are, if you have just announced on Facebook, that you have been engaged to be married. You are a prime lead for a whole lot of different stuff, everything from travel, to catering to gift registry to a whole lot of different stuff. Now, I like to say in sales, if it’s old, it’s cold, you know, so like, so if you miss that window that people are primed to buy or make decisions. And and there’s so many things, there’s a reason that the top spot on Google is an auction and whoever wants to pay the most for those clicks get them because there are so many things in life that wants most most consumers, probably 80%, find that solution. They quit looking. So you get this like, you know, I don’t want to throw any platforms under the bus. But let’s just say you were looking for a, quote, home improvement project and you needed a contractor, and you fill out a form. And next thing you know, you’re gonna get 17 phone calls in 20 minutes, and you don’t even have the capacity to answer all the calls that you get. That’s because sometimes when you have a need and some needs are urgent, like say you need a plumber, for an emergency plumbing issue as water pouring out of your ceiling, you typically aren’t going to wait around and call seven different places. See who’s got the best review. You’re like, can someone just come get this fixed? So there are a lot of things that and you have a great point with that. And then there’s some things that aren’t now I look back at like when I think about data, so I recently needed to contact someone that I that had a property near mine. I was able to find 250 data points on this person in about an hour for under $20. And emails, phone numbers past addresses. I mean, you name it. And I was able to contact that person and guess
Anshu Sharma 20:13
Yeah, just think about talking about somebody who’s gone through a personal or difficult situation, right? Somebody who’s an abusive, former family member trying to track them down. Yeah. And
Matt DeCoursey 20:24
I thought I’ve thought about that. I’m like, if I find this about you, and I’m not doing anything nefarious. If I was a stalker, or someone wanting revenge, like I mean, I look at when I look at, like that list of everything I’m like, damn, I mean, it not even didn’t just tell me who a person was. It tells me who their relatives are, who their known associates are with their addresses. I mean, it is just like an unbelievable, but you have all of it. Yeah.
Anshu Sharma 20:52
That’s 100% true. But let’s go back to your example of, you know, a Yelp like service, let’s say are all of us here have used Uber, right. Or, if you remember, 10 years ago, if you were using Uber or Lyft,
Matt DeCoursey 21:09
we were looking on your phone,
Anshu Sharma 21:10
They had your phone number. And not only did Uber have your phone number, which they need, they also would pass it on to the driver. And the driver could later on text you or or call you. And that became a huge issue, especially with women. But in general, who likes their phone number to be passed around. It took over a couple of years. But eventually they released this thing, which is basically one way anonymization of phone numbers. So today, when your Uber driver calls you or you call your Uber driver, there’s a level of redirection, so you don’t really see their real phone number, you see what’s what we would call a token, right. And that’s actually changed lives. Because now, a woman is more likely to feel comfortable calling an Uber than prior to that function being released, but took them a year. Now, what Skyflow enables is, if you’re starting an Uber like product today, let’s say you’re building a dental service, which can extend tests to patients or, you know, people looking to buy land to people looking to sell land, you can turn that on. And with Sky flow, you can actually turn the anonymization process on day one, such that you’re actually making it safer. So data protection is not always just about security, which is again, the point solution we have there. It’s not also just about anonymization, it sometimes is about safety, sometimes it’s about you know, there was a story out there where ex girlfriends and boyfriends of people working at Uber, were just for the fun of it, looking at where their exes were going, again, huge personal hazard. There was some Hollywood people also getting tagged that way, just for kicks, but it’s horrible, horrible stuff happening. Now, if you put out data privacy water architecture in place, whether you used F or not, if you have that architecture with those capabilities in place, you’re basically preventing your internal employees from willy nilly being able to see somebody’s data. It’s not your data, it’s not your employees data to see. You need controls in place. And the only way to do that is actually putting your arms around sensitive data and separating it from all other data. And that’s what we’ve been preaching to the customers. And finally, I think we’re seeing a lot of traction in that space. Because people get it people get that they don’t want the Uber driver to know their phone number.
Matt DeCoursey 23:41
Yeah, and I want to expand on the human nature of things but once again with me today, I’ve got Anshu Sharma and he is the co-founder and CEO at Skyflow. Go to Skyflow.com. To learn more about what they’re up to over there while you are visiting Skyflow, why don’t you go over to FullScale.io where finding expert software developers doesn’t have to be difficult, especially when you go to FullScale.io. And you can build a software team quickly and affordably use the Full Scale platform to define your technical needs and see what available developers testers and leaders are ready to join your team. Go to FullScale.io Now I’ve got three so I’m the CEO and founder of Full Scale I got 300 employees in the Philippines we talk about data all the time, because clients are that there’s immediately a concern once that leaves the US borders. And I will tell you from a development standpoint, something like Sky flow is a much better option than some of the classic things Oh, you got to use dummy data or do this or do that. Well, I mean, it’s there’s a lot to lock down and a lot to deal with. Now. You know, one of the things you mentioned you were talking about Uber and Lyft and, you know, and how that connects to some of Apple’s recently recent privacy lock downs. It’s you know, if you there is a I think it’s six or seven episode series called Super pumped that was originally on Showtime and it’s all about the Uber story. And man, were they looking through your phone, for a ton of different stuff, they’re looking through your phone, they’re looking through the drivers funds to see if they were also driving for Lyft. They were looking through their customers funds to see if they were using Lyft. And like, and this is the stuff that these are the things that that so it’s not as those kind of I don’t want to say data theft, because it wasn’t really a no, no. But here’s the thing, it’s like one of those things is once that doors open, you can see it all you don’t just see like two things, there could be a myriad of different things in there. Now, here’s the problem. The human nature, the nature of people in general, is when given access, you say, hey, Anshu here’s this box. Inside this box are some really interesting things, maybe even about people you know, and love, or maybe even people you hate, but you can’t open the box. Because if you open the box, you’re gonna see a whole lot, you might have a hard time closing the box. And who knows what else might be in there. Nine out of ten people are going to eventually open that thing for God knows how many different reasons I mean, it’d be hundreds of different reasons. So you could be curiosity. And what a curiosity do to the cat? It killed the cat, right? You know, and there’s like you then you get through Tigers cat, is there a live cat in the box? Or? I don’t know, but you start looking into this. And that’s what happened is human nature took over. So like in the Uber situation, like, they had it right there. And this Docu drama, which I thought was great. By the way, I thought it was
Anshu Sharma 26:34
- If you think about first of all it was some of the stuff was downright illegal by today’s law, certainly
Matt DeCoursey 26:41
for sure. Yeah, I didn’t want to say I didn’t know.
Anshu Sharma 26:46
Yeah. And then I think, look at what happened, right? They didn’t really get away with it. They got thrown out of the AppStore. If that had happened, you know, we will be all riding Lyfts. Rather than Uber, their CEO got fired, essentially, as we see in the Docu drama. A lot of customers left or tried leaving. It can do real damage. So this is just like, you know, from their perspective, it’s just taking a right now think about this apply to your life insurance apply to your health insurance apply to your banking. We have so much data that we willingly engage with companies on and I think the critical part where you have to sort of wrap your head around it is there is activists out there who say, hey, no data should be ever held by any company. Well, how is a bank going to give you a loan, if you don’t share your personal information? How is a coffee company going to deliver a coffee to your office if you don’t share your address? The reality is we all demand personalized experiences in real time, which has a presumption that the company that’s serving us knows way more about us than we are willing to actually accept, wow. So then is the trade off that I give you my data, my personal information and in exchange, I get a hot cup of coffee delivered to my home. But now you can take my home address and paste it on the internet. No, I think that’s what you know, Skyflow is all about, we were like this, this is not the right way to think about it. This is a false choice, you can actually get hot coffee delivered to your home or a cake on your birthday without the company that’s doing that, then having access to the data for the rest of the year. You can actually wall this information and still use it. The choice is not between not getting great service in exchange for personal data and then losing it versus not getting great service. The choice is actually having a terrible architecture, doing things the old fashioned way, having all this information and upon the internet. You just heard about the MGM information leak read recently. You know, casinos like you would think casinos are as well protected as banks are and they are actually they spent way too much money on cybersecurity and digital. But you know what? It wasn’t top of the mind for them, we’ll find out how it actually happened. But it’s hard. This stuff is so hard to do that only a few companies in the world like Apple and Netflix and Amazon have truly nailed how to protect personal information. And, again, coming back our view is very simple. Why don’t you apply the same architecture those guys to irrespective of whether you believe in using a vendor’s product or not? The right thing for every company to do out there is to adopt the Apple Architecture. Zero PII in zero hands most of the times. Unless a customer actively authorizes one user to see one piece of information one time, so you can interact with that user that one time, we need to go from like, hey, just because I have it, everybody in my company has, to no. You have consent for some very specific thing. And you’re basically a fiduciary of that data, it’s your responsibility to make sure to keep that trust with the customer, you need to be 100% sure that the data is protected at all times and is used in compliance with the consent that you’ve given, right? You in the old days, you walked up to a baker and said, hey, it’s my kid’s birthday. You didn’t expect the baker to come to your home next day and say, Hey, knock, knock, knock. I know you’re a year older, would you like to have a new car, we will be like, Oh, my God, what the hell just happened? The baker is showing up at my house trying to sell my teenager a car. Well, that’s what’s happening today, when we give our date of birth to a bakery online, and it sells real to a third party or misuses and a car ad shows up on your homepage. Well, that’s what basically happened, the baker showed up to sell your car. Well, we don’t want that. We want the baker to be able to give us a discount next year. But we don’t want the baker to sell my kids date of birth to everybody else for $4 or 40 cents or four cents, unfortunately, sometimes.
Matt DeCoursey 31:23
Is your phone really listening to you? Because that’s always been such a hot topic. Maybe you can, maybe you can settle some of that because people I mentioned the word Snickers and now I have a Snickers ad on my Facebook. I’m well, I mean, some of that. Yeah, you know, is it really lessening?
Anshu Sharma 31:42
Well, I have no idea. But we do know two things. We know they’re what I call zero day attacks that can actually do things like turn on microphones and stuff. They’re usually very targeted and sophisticated actors involved in this. Most of the time, most of your devices, especially if you’re buying the latest version of Android or latest version of iOS and have patched it like you should. It’s unlikely they can listen in to your conversations. But you know, we leak so much data so much of the time willingly, that I don’t have to turn on the microphone, for me to figure out that you actually like chocolate or you hate chocolate. As you said, you know, for a few bucks, you can find so much information. Why would a social network company try to turn on your microphone phone when you’re willingly posting your entire life secrets on the social network? So I don’t think that’s going on in nefarious way from the leading vendors. But there is a long list of applications on a lot of these app stores, especially the ones that are not very carefully curated, which haven’t been security tested, where all kinds of nefarious things do happen.
Matt DeCoursey 32:53
Yeah, I’ve had that people ask me that question a lot like I hold the answer. And I always say no, I say your phone isn’t listening to you yet. You’re just that predictable? Yeah, it’s true, it’s true.
Anshu Sharma 33:07
Some of the phone companies have done some neat work now to actually make it even harder. So imagine there’s a hardware button that turns off the phone and the light, a tiny light on your camera. So the moment the camera is on, there’s a green light actually turns on in my iPhone, for example. They’ve made it such that actually, it’s close to impossible. Nothing is impossible, obviously, but it’s close to impossible for you to have the camera on without that light on. So things like that have been added in the latest releases of these operating systems and phones, which weren’t available previously. So people are trying hard. It’s an arms race, and you’ll never be 100% secure. But guess what, most of the data breaches don’t happen because someone has a zero day attack. The Equifax breach famous, you know, lost everybody’s social security number, credit scores, and addresses was caused because their support portal had a default password that the hackers just accessed. And they could just drain all the data refund. The Target breach happened because they had some access to contractors that was not covered. Most hacks happen the way most car accidents happen, not because something very sophisticated is going on because you’re being careless, and someone accidentally gets access to something which they shouldn’t have. And once they recognize the value of it, they trade on it. So if you actually did 90% of the basic common sense to protect the data, you would be better off. It’s not that hard as an individual. There’s a few things everybody listening to this podcast should be doing. Turn on two factor authentication on your primary email address, and secondary if you want. Make sure that you’re using this thing called A basket is the courts that actually generate a new phone rather than relying on the text message to factor because that’s these days stealable using SIM card theft. A few such things can actually protect you and your personal life a lot. And there’s an equivalent of that, in the business world. There’s a set of things we know, keep the data always encrypted, never decrypt unless absolutely necessary, put role based access controls around it, store the data in the right country at the right time. So comply with laws, make sure that when somebody changes something, it gets logged and audited, make sure that nobody can bypass that mechanism. That’s what SkyFlow does. And if you do those top 10, top 20 things, you are actually 99% safer than most of the world. And that’s that’s the job both in your personal life turning on two factor authentication, and in your business life, making sure that you adopt a zero PII arhitecture.
Matt DeCoursey 35:59
Okay, I don’t want to get I don’t want to end this episode without asking this and addressing this. What happens if I ignore all this stuff as a small business, what’s likely to occur if my data is stolen?
Anshu Sharma 36:12
Well, the good news is, if you’re really a small business, you’re probably relying on bigger companies, like you know, Intuit and Salesforce and HubSpot and they actually do take care of their data better than most companies do. If you’re one of those small businesses, that’s actually keeping a server in your closet, you are absolutely the worst shape, and you will get hacked, and somebody’s already has access to your data. And then if you’re a startup, which is different than a small business, running a dentist shop, if you’re a startup, and you don’t take precautions, you don’t implement a key manager, you don’t implement a zero trust vualt, you may lose your business. If the Uber crisis of data theft had come to front, in the first two years of their existence, they may have been banned, and they may have never recovered from it. So, don’t leave it to chance. And the good news is, if you’re running a business, you’re most likely serving another business or consumer. Apple is running ads, teaching consumers about the value of privacy, and your business customers will pay for better security. The reality is, we live in a beautiful world today where privacy has actually become a key concern of consumers because they watch all those ads by the likes of Apple and Google, teaching them about the value of privacy. And, then the business world because I know this from my days at Salesforce, there is so much money to be made by being enterprise-ready. Well, what does enterprise ready mean, if you’re running an online tool for, say, email marketing for insurance companies? Well, enterprise readiness means you’ve proven that you can scale and that you have the best data security in place. That can turn a $40,000 deal into a $60,000 deal. Which means you’re leaving money on the table if you’re not doing the right thing.
Matt DeCoursey 38:17
Well, you can also turn that $80,000 deal into a $0 deal because I’ll tell you right now, because I go through this with clients all the time, if you don’t have this stuff in place, and you can’t just put it in place because you have a new client that doesn’t look right. It’s like, oh, well, we didn’t care about any of this until you came along. Now our experts know you need to show that you have the ability to do that. And what we have the ability to do is our founders freestyle, at the end of today’s show, which was brought to you by FullScale.io. If you’re having a hard time, hiring software developers Full Scale can help you build a software team quickly and affordably and has the platform to help you manage that team along with security protocols in place, and stuff like that. That’s important. We think about a lot of that because you might not know. You need to go to FullScale.io to learn more. Once again, Anshu Sharma is my guest today, co-founder and CEO at Skyflow. Go to Skyflow.com. Anshu, what do you want to say to everyone on the way out?
Anshu Sharma 39:17
I would say we live in the times that are special. Everything is available to you through a simple cloud-based service, even things like ChatGPT. We live in a time where I can order my coffee and have it delivered not to the place where I’m ordering it from, but where I will be in for hours, including taking flight sometimes. We live in times where I can get personalized service for almost everything. In exchange, we are all exposed all of the time. And if we come together and do the right things, it makes everybody’s lives better. And you know what, you can make money doing that. So that’s the best part of capitalism. Sometimes, doing the right thing actually leads to everybody making more money. And that’s what makes America great. And that’s what makes being a founder so awesome because you’re solving a problem that’s net positive for society.
Matt DeCoursey 40:14
For my freestyle, I have a couple of things that I wanted to do for all of you startup hopefuls, all you people in the early stages, or all the people who have gained traction. This is not something you can ignore. It’s not going away. It is actually becoming more complex and more detailed and required. I mean, it’s if you, if you have a b2b platform, as I mean, you’re gonna lose a deal sooner or later if you don’t have this kind of stuff in place. Also, this is a really dumb reason to lose your business over it. And Anshu’s right, like, if you get out there. So, to even get your business insured. And if your business isn’t insured, go get it insured because it needs to be. But you have to agree. You have to basically do a whole waterfall checklist of all these things that you do. And if you are, I mean, this for me, this started 20 years ago when payment cards at PCI compliance came out. And I remember knowing other business owners like, oh, I just check, put all the boxes down the line. I’m like, Okay, that’s a bad idea. Because if you’re saying you’re doing something, and you’re not, and now comes up, you lost. Your insurance isn’t going to cover you, court isn’t going to cover you, none of it is gonna cover you don’t assume that the people that you want to trust at your business are trustable with the data because human nature takes over. And certainly don’t trust that your platform is secure without the right tools and integrations, and just you know, you got to gate it off, people, because it’s a wild world out there. And there are people and programs and bots that are constantly looking through the entire internet for known loopholes that you didn’t patch up. So, it’s shocking how quickly an effective hacker can cut through your server protocol like a hot knife through butter. If it’s not updated, it’s not patched it’s not secure. And here’s the thing: it only needs to happen once. One time. One time. That’s it. It’s not like, hey, it happened it happened twice. Oh, we should fix this. Let’s put it on our list of things to do. It only needs to happen once, and it is the reputational damage, the financial damage, the ethical damage, like, especially for those of you who deal with healthcare stuff. If you want to really lose in a hurry, let someone’s healthcare data out there, you know, and then you bet you know, one of the you mentioned, like Netflix being good at securing it. I’ve been watching Netflix for 15 years, wondering, I bet you could really tell a lot about someone by what they watch. So, you know, it’s all out there, and you should do the right things. You want other people to do the right thing. This is the new standard. So get with it. Anshu, I am going to run now because I have to go tell everyone about how important it is that they lock down their data. I think we just did that, but it’s good to know again so I’m going to catch up with you down the road.
Anshu Sharma 43:17
Thank you so much. This was a blast.