Talking about privacy and security with Eligma’s Chief Security Officer
Eligma is on its way to become a commerce platform that will offer anyone a simple and convenient way of shopping online. It will enable storing and tracking bought item data and reselling those items. Users will be able to use a unified loyalty program with our ELI tokens. To give our users an experience, customized for their needs, we will need to collect their personal and behavioural information. We take information privacy and security very seriously, so we asked Timotej Polach, Eligma’s Chief Security Officer, how we will ensure them in Eligma’s case.
Welcome, Timotej. I think an introduction is in order. What kind of background do you bring to the project?
In my 10 years of working as an operations and systems analyst for lawful interceptions and anti-fraud processes I have gained plenty of experience in solving complex problems and preventing security threats in different fields. Large-scale operations helped me see the big picture and gain a strong technical background in the system development lifecycle.
You cannot build a safe platform in an unsafe work environment. How do you ensure security of the company itself?
We started building a healthy security culture from the very beginning of the project. My goal was to engage everyone in this process. Some team members were not aware of all the potential vulnerabilities, so I made everyone feel as a security person. We have regular security meetings and although we realise how serious these issues are, we tried to lighten the mood by introducing office security bounty games. I am happy to say that no penalties were handed out yet, which means that everyone is following the rules.
What is the main security focus regarding Eligma?
We are mostly focusing on user privacy and data integrity. Our users’ personal data is extremely important to us and every disclosure is treated as a breach. Eligma will gather all the user data in one place, meaning it will not be scattered in different places on the internet and we will be able to secure it more efficiently. We will also give our users the option to depersonalize the data, so no one will be able to connect it with users and personally identify them.
Eligma will create and maintain user inventories and enable sales on the second-hand market. We will have to ensure that this data is unchangeable as any tampering with it would mean that sellers would be able to falsify used item conditions, warranties and other data. For this purpose, we will create our own sidechain and its hashes will be written into the Ethereum blockchain, so that changing the data will not be possible.
How will you ensure that Eligma is a safe platform?
We will apply all available security measures (encryption and authentication) to prevent any kind of vulnerabilities. Servers will be deployed in a controlled environment with limited communication between them and the outside networks. We will also use best practices and regularly deploy security patches from respective vendors. Using system performance monitoring with auditing will ensure that our administrators are alerted in case of any discrepancies.
How are you treating the crypto aspects of the project?
We needed to establish a secure environment for token storage and correct procedures for tracking all incoming transactions. This was a prerequisite before the smart contract can correctly distribute all ELI tokens to our buyers after our crowdsale ends. To make everything transparent, our smart contract will also be publicly published on GitHub for user auditing.
In our Elipay cryptocurrency system we use cold wallets in secure locations for safe storage. We only keep a certain amount of cryptocurrencies on exchanges so that we can complete the necessary transactions. That means that in the unlikely event that our platform gets attacked, the vast majority of the funds is stored safely.
Timotej, thank you for your time and we wish you a lot of success on the path ahead of you.
Join our community:
