DSG Vault: Award Winning Platform for Privacy, Security and Governance

By Prakash Baskaran

Barely a month after SecurelyShare emerged as one of the winners of the NASSCOM Emerge 50 Awards 2020, there’s more good news for us! SecurelyShare has successfully cleared the second stage of the DSCI Cyber Security Grand Challenge, thereby qualifying for the final stage of the Challenge. The second stage – the Minimum Viable Product (MVP) Stage – showcased our MVP, through our patented platform, DSG Vault.

But first, how did we get here?

Let us take a step back and understand the problem we’re here to solve. Imagine a situation in which you have a prescription for some medication, which you upload onto a pharmacy’s app. The back-end of the app processes your prescription and proceeds to enable delivery of the medication to you. What’s happened here is, simply put, an exchange of data. In your case, data include your personal details, address, prescription and related medical records. In the pharmacy’s case, data include inventory, distribution channels and customer records. From both sides, one can surmise that the information represented by the data is private and not only  needs to be secured against any breach but the data needs to be guarded to ensure that the privacy of the consumer is handled as per the laws. It is with situations like these that SecurelyShare comes in.

Are there any safeguards right now?

Governments across the world have understood the need to have safeguards for critical data in order to protect citizens from losing control over their personal data. The European Parliament adopted the General Data Protection Regulation (GDPR) in 2016 (made enforceable in 2018) for ensuring data security and privacy in the European Union and the European Economic Area. Two aims were achieved with this move: individuals gained greater control of their data, and organisations were regulated centrally and in a unified manner. Along similar lines, the California Consumer Privacy Act (CCPA) was adopted in the United States in 2018. Data privacy laws have also gained traction in countries such as Russia, Japan, China, Brazil and Australia.

A brief about our patented DSG Vault platform

SecurelyShare has taken a patented approach to embed security, access controls, usage policies, consent and constraints at the data level.  This unique approach is the foundation for our platform DSG Vault.  This platform provides for a robust API Gateway and comes with dynamic and policy-driven encryption, tokenization, masking, watermarking and built-in Information Rights Management (IRM) capabilities, and provides the flexibility in deployment (either on premise or over a cloud), everything any organization would look for in the vast labyrinth of data security options. This “Inside Out” approach towards the data is what makes our platform solve any number of use cases around security, privacy and governance. 

So, where does SecurelyShare come in here?

Through its MVP – built with the DSG Vault platform – SecurelyShare has developed an automated system that enables privacy-preserving analytics and forensics. The primary aim of this MVP is to demonstrate how organisations can quickly comply with regulations that cover data security and privacy, such as the PDP Bill, GDPR and CCPA.

As the next step, SecurelyShare will build and offer data security software as a service to ensure rapid compliance by organisations to these regulations. A significant off-shoot of this service would be the provision of a secure environment that enables organisations to store, share and process Personal Information (PI) and Personal Identifiable Information (PII) data. The generally accepted definitions are that PI refers to data that can be linked with a consumer or a household, while PII refers to data that can be linked to a wholly unique identity.

Our vision is to cover all aspects of Privacy Management answering concerns of consent management, security, access, control, operations, maintenance, monitoring and auditing – through a unified platform.  The platform becomes the foundation for privacy-enabled analytics, computing and sharing of the data.

For whom is this solution?

Any organization that deals with critical and confidential data, really. These could be organisations in the banking and financial services sector, the healthcare industry, the pharmaceutical sector, manufacturing industries… to name a few.  With the world connected digitally in a big way, governments have found the necessity to find common ground as far as regulation of data is concerned, so it was only logical to come up with a one-stop-shop to address all these compliance needs.

DSG Vault ensures that PII data remain anonymised and encrypted while being a subject of analytics, thereby preventing the risk of re-identification and consequent exposure of confidential information. We see great value in working alongside data management, analytics and infrastructure providers to on-board a wider variety of organisations in need of such a solution.

We built the MVP to demonstrate the core competencies of our platform and to meet the objectives of the DSCI Challenge. The MVP was particularly based on the data-sharing and privacy-enabled computing for the food delivery industry. 

For the final stage of the competition, the MVP will be enhanced to handle multiple use cases across multiple industries. We will introduce connectors to multiple sources, an ability to dynamically select attributes, an ability to set attribute-based access controls and anonymisation, among other things. Our vision is to make the DSG Vault platform capable of handling any type of use cases in secure data analytics, privacy-enabled data sharing and data management. This will enable quick compliance to regulatory requirements through our final product offering, so it echoes these regulations as far as maintaining the integrity of data and data protection measures are concerned.

After all, as 2018 Global Chief Information Security Officer Of The Year Stéphane Nappo said, “It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.”

India is well on the way to bringing in stringent regulation with regard to data security and privacy. In 2019, the Ministry of Electronics and Information Technology tabled the Personal Data Protection (PDP) Bill, 2019, which is expected to be enforced in early 2021.

So, what does the PDP Bill oversee? As it stands, the PDP Bill aims to provide safeguards to individuals’ personal data, thereby ensuring privacy. The PDP Bill also calls for regulation of flow and use of personal data with the objective of protecting the fundamental rights of individuals who are owners of such data. In addition, the PDP Bill seeks the establishment of a “Data Protection Authority of India” to oversee its implementation when it has been through the discussions leading to it becoming a Law.

The industry has witnessed tremendous disruption after GDPR and CCPA came into the picture, drastically changing how organisations handle data. These regulations are aggressive in the way they protect private information, and have strict compliance requirements, leading to organisations scrambling to achieve full compliance. The necessity for speedy compliance will likely be seen here in India too with the PDP Bill.

In short, the PDP Bill, like its European and US counterparts, looks to ensure individuals retain some autonomy on the data they provide organisations, so that organisations can only make use of the data they need for operation, while “anonymising” the source of the data.