There are tens of billions of Internet connected devices and a litany of software runs on them. As we all know, many of the apps running on that hardware handle our data at rest differently. HTTPS has solved a massive gap in protecting data in transit but data at rest still needs a bit of help. We also now know there will continue to be more Internet connected devices on the planet storing some level of data than there will be humans in existence at any one point in time.
Our civilization is creating Internet connected devices faster than we are creating humans.
In many cases it’s not just about securing data at rest in all of these devices but about enabling privacy for end users ensuring their data only goes to third parties who are capable of protecting it. That’s a trend I personally think will continue until it’s solved by a company or a protocol, but more likely some combination of both.
I co-founded Basis Theory with Colin (CEO) & Brian (COO) to offer a product to developers globally to help make protecting data easier. Brandon (Tech) & James (Product) really stepped in to make the idea a reality. Rad (Design) made it beautiful. I think the company home page does an excellent job of explaining what the product does.
The team has done a great job recruiting and enabling a talented group of people all around the world who have built with everyone from Starbucks to the Department of Defense. Colin wrote a nice Introduction to Basis Theory entry if you’d like to learn a bit more about how he’s thinking about the problem.
Over time, my hope is that Internet connected products will become more self aware about whether or not the apps you’re using are protecting data correctly. I’m imaging self awareness similar to when you visit a website that doesn’t use HTTPS.
The right technology should continue to shift to on-device and in-app processing where the data on a phone and in an app is only available on that phone or on that app. My hope is that the trend also enables more in-session or in-browser data management where data is never put on a machine that doesn’t need to be there. The good news is that browsers have come a long way over the last 10 years and things like in-browser encryption which enable an end user to input information the website owner never sees, and get it to an authorized third party, is now totally possible.
Maybe just a token exists on the machine, in a session, or any device for that matter to reference where that data lives but requires the right permissions to access but only when needed. For example, here is a token that represents my passport:
bfc82ec6-b103-44ef-a6c8-eef6f2ec0f51
The token was generated using the Basis Theory sample app that the company made public yesterday. Here’s me using the app to encrypt my passport using my own key-pair to generate the token above.
The app walks you through an easy set of steps for encrypting information, defining where they keys are, generating a token, and decrypting it when needed.
The app uses the Basis Theory SDK which can be embedded into your app to manage encryption in or out of the app. You manage the keys and the company doesn’t have the ability to decrypt whatever you encrypt. This feels important for everything from health care data to taxes to personal photos.
Basis Theory makes a high performance vault accessible to any developer.
Whether or not you’re implementing a vault in a company big or small, into an app or into a website, into an operating system or something else you’ve conjured up, the features of a good vault are remarkably similar. The initial feature suite is all included as a part of the company’s $0 developer plan.
There are many future forward questions to answer and I don’t pretend to have all the answers. I can’t count how many times I’ve been asked how this competes with Very Good Security, Evervault, Hashicorp vault, or Tokenex and my general answer is that I’m not sure it does. The Basis Theory team isn’t focused on taking market share from anyone but it is focused on enabling developers to build more secure apps and securing Internet connected devices. We believe both will continue to grow at such exponential rates that the more important question for us is “how do we make sure to enable any data coming and going from any other service more secure?”
You can see a number of the early formulas (The Basis Theory vernacular for integration is formula) in the portal that has evolved from early discussions about where data comes from and goes to.
The team is doing a lot of building in the open now that early design clients are coming online. I think the initial vault looks exactly like what a world class team would build if given 8 months to build it. We know that and we don’t think teams should have to spend this much time rebuilding a vault so it’s been made available. Token creation, encryption, and decryption is totally free so teams can start implementing it now.
Like one of many SMTP or SMS services for developers, our feeling is that an agnostic vault should just be there to use off the shelf. Basis Theory opened up the alpha product this week so developers can start using it. The sandbox, sample app, and postman libraries reduce a number of barriers to testing it.
It’s always exciting to see a team ship their first product in alpha and this is no exception.