Data Security where it all starts

Data security infrastructure refers to all the components you need to process and use data with privacy and security in mind and implement "by design" principles in (data) systems. This includes encryption to secure data, applying privacy-enhancing technology like anonymisation and pseudonymization to make sure data is consumed lawfully, and exposing specific data interfaces for every purpose. The general goal of Privacy Infrastructure is to protect personal information and data privacy.

Yes, we are privacy-enhancing technology. But we do things differently than traditional methods like data synthetics or secure-multi party computation. We use a more balanced approach to treat data specific to your use case and embed it in your organizational process. This makes STRM much faster to set up for new cases, deeply embedded in the privacy process, and often much cheaper to run.

That depends on your context, use case, and even policies. No organization is the same. What they need and how they define the data risk profile may vary. STRM offers you the option to choose how you want to anonymize data. This can be anything between applying key rotation, simply masking or tokenizing, and k-anonymous data transformation.

No, we don't. That would mean we could always decrypt your data. We create a safe, or key vault, where you can retain the keys.

In a way: yes. We structure privacy through data annotations. And because it's annotated, you can trace data and enforce critical data controls.

In another way: no, as we take a different approach than most privacy-as-code solutions. We’re not implemented in your codebase or pipelines where we look at the locations where data is handled. We take it a step further and touch the data itself: our annotations (we call them data contracts) instruct our platform on handling the data, not just identifying where data privacy risks might hide in your codebase.

The way we see it, STRM and privacy-as-code can perfectly co-exist as supplemental solutions. Together, they offer you a comprehensive view of the sensitivity of data and the tools to process and exchange data safely.

Absolutely! We have implementations inside Bigquery, Redshift, Snowflake, and Databricks.

In data warehouse setups, dedicated interfaces with safe data are translated into views of your data. Instead of replicating data for a purpose, you store the fully encrypted privacy stream in your data tables. The (native) query time decryption of your data warehouse can then work with STRM-generated keys. Integrated into your access model roles, you then have Purpose Based Access Control, as we call it. You also have all data available and only plain text for those records that fit within the view purpose.