Not rendering correctly? View this email as a web page here.
Newsletter Header - July 2020

Twitter's Trust Model Failed Them, But It's a Common Issue We See in SaaS Businesses

Cringe

We recently learned that nearly 1 in 4 Twitter employees can access private data in customer accounts. That sounds pretty standard to me. 

The dirty secret across SaaS companies is that many employees have access to customer data for legitimate business reasons like support or tracking down bugs. The problem is the lack of transparency and accountability. Access without accountability is problematic. It invites curious administrators and other employees to peek at that data. The truth is software companies need to rethink everything about employee access of data and their customers need to demand better.

My blog post has more details, but here are a couple of highlights:

  • Twitter users have no way of knowing if people are looking at their private messages, and they have no way to protect themselves.

  • It isn’t just Twitter, but most cloud companies operate in the same way. And even when access transparency is offered, as with Google Compute, only select customers have the option and it isn’t turned on by default.

  • The root problem is the “full trust” model where SaaS companies have no checks on their behavior and therefore no incentives to do better.

  • It’s time to move incrementally, if not in jumps, to stronger trust models. Customers should demand these changes. Have I mentioned often enough yet that trust models matter?

You may remember I wrote a blog post about SaaS trust models and now it’s even easier to share with others. You can download our trust models eGuide here. We hope it will help you think through what you want from vendors or what you want to offer to your customers.

Just don't be like Twitter.

➡️ Download the SaaS Trust Models eGuide


Thanks for Joining Our July CMK Webinar

Webinar July 23 @ 12 PM ET (3)

Watch a replay of our 15-minute (not including Q&A) webinar on why SaaS businesses are turning to customer managed keys, a privacy feature that gives customers control of their encryption keys.

➡️ View the Webinar Recording

 

 

That's all for now. If you care about data privacy like I do, let's connect on Twitter. If we can help with end-to-end encryption or customer managed keys, reach out to me via email.

Until next month.

Patrick_Headshot_Closeup-01-01

 

Patrick Walsh
CEO, IronCore Labs

 

Keep Reading

Deidentifying Data: The Fool's Trap

Find out why re-identification is trivial when joined with other data sets.

Read More

 Deidentifying data

IronCore Labs

1750 30th Street #500 Boulder CO 80301 United States

Preferences | Unsubscribe