We don’t want your data
Tons of companies out there are scrambling to collect as much customer data as possible (remember that time when you looked something up on Amazon and later saw an ad for that on your Facebook wall?).
And it makes sense.
After all, the more data that a company collects, the easier it is for them to understand their customer needs — which can help them improve their products and target their messaging.
When I first started with SafeStack, I questioned why we collected so little customer data. So I spent some time doing competitor analyses, researching offerings similar to Dfend that provide ways for managing cloud security. Turns out that collecting more customer data is essential in order to provide information that is relevant to your organization’s cloud security needs. Let me explain.
On one end of the scale, we have the news aggregators.
You don’t have to give them much personal information — just sign up for an account and insert some broad topics. In return, they give you tons of information about the tech scene and provide great in depth articles for learning and personal growth. The disadvantage for security analysts is that this comes with lots of noise and little context. Unless it’s a huge breach, chances are you might miss it.
Then we have the enterprise solutions built to protect and manage your SaaS products.
These help to look after your SaaS tools — anywhere from managing user accounts to helping with the implementing of policies based on the traffic that is monitored. Which is awesome.
Here’s the catch. You either have to purchase a very expensive box that sits on your infrastructure, then funnel all your traffic via that box.. or you hand over admin access of your SaaS tools to your SaaS security provider. Essentially a middleware platform (physical or cloud-based) that holds all your keys and reads all your traffic, terminating your TLS. (For all you non-techy people, TLS termination basically means that your encrypted data gets turned back into plain-text. Which anyone can read.)
That’s like handing over all your keys, safe combination, email and social media passwords to your lawyers so they can handle your paperwork in the event of an accident. That means that you’re also giving them the ability to read through your private emails and stalk your social media accounts (whether that’s legal or not is a different story). Not creepy at all.
Or what about when your cloud security provider receives a court order ̶d̶e̶m̶a̶n̶d̶i̶n̶g̶ requesting full access to their backend?
As a security company, that scares us.
The basic theory is this — The more you store, the more valuable your database is, and the more likely someone will attempt to steal it from you.
A wise fictional uncle once said with great power comes great responsibility.
And that is why Dfend’s model is to find ways for us to collect as little information while providing you as much value as possible.
We don’t want to hold the keys to your castle.
In fact, Dfend strives to store as little information as possible. For every functionality we add that encourages ease of use, we weigh it against the cons of holding that data.
Despite all the precautions we take, we know there’s always a risk of someone walking off with our database. That’s why we store as little information as possible. We request for an email address and password for sign up. Then for you to tell us what SaaS tools (such as Slack, Trello, Github, etc) you’re interested in. And domain names that you’d like to monitor. That’s it.
In exchange, we provide timely, actionable security alerts that are specific to cloud applications and domain names that you’re interested in — for current or evaluation purposes — classified according to importance. With expert recommendations on how to handle these security risks. In a language that you can actually understand because it’s not shrouded by a cloud of technical jargon with no context.
We also throw in additional security news in case you’re in the mood for getting tidbits on what else is up (or crashing) in the security world.
One of the largest advantages that we’ve found in not having to fully integrate with SaaS services is being able to add cloud services to our repertoire extremely quickly. Which is why we can monitor hundreds of popular and obscure apps, and add new apps daily on request.
We think that’s a good bang for your buck. But we’d like to know if you think otherwise. Do you think that a security-focused approach or a functionality-based approach is more important? We have Twitter. And email. There’s also the comments section below.
Psst! If you know of someone else doing something similar to Dfend, please prove me wrong. I’d love to hear about them!
