Keeping User Data Truly Private

Hosted services, driven by APIs, such as Twilio for messaging, Zendesk for help desk support, and SendGrid for email have been an integral part of the explosive growth in the online ecosystem, enabling companies to quickly offer incremental services, without having to code such services themselves. The problem is, as the reliance of these services has increased, so has the probability for increased misuse of user data.

Recently, I heard from a company in a highly regulated industry that was accutely concerned about keeping their user data private, that they were sending out their emails via a third-party email service. What intrigued me was that their emails, which would have some personal information, however slight, would be available to this third-party service. This is less than ideal.

Sending emails through a third-party service is a non-starter if data privacy is paramount

First, sending emails through a third-party service is a non-starter if data privacy is paramount. That's too much information in someone else's hands. As much as I might trust the third-party, they may (and likely) have holes in their security, so I can't promise to my users, since I can't be sure, that their information is secure.

Sending emails is just one example, but a good one, since setting up your own email service is very doable, and over the long term (you have development hours incurred), likely cheaper. Now email services offer lots of nifty features, including tracking, spam protection and ability for recipients to easily unsubscribe, but all of these features are within reach to develop in house.

At NUKU, we are highly concerned about client data, and have a policy of not sharing our data with any third parties (unless required to by law). As such, we develop internally all of the services we need, including our CRM, emailing, logging, and monitoring. It did take us longer to get up and running with the services, but now with them all running, we are confident in knowing the security of our client data.

There are an increasing number of hackers working on accessing your data.

The world will only become more digitally-connected, which means we need to be increasingly vigilant on how and where we are connected. There are an increasing number of increasing smart hackers working on accessing user data.

Only recently, we implemented a new internal logging, tracking and countervention system (I highly recommend Kibana using the ELK stack (ElasticSearch, Logstash, Kibana)), and we were astonished at the number of ongoing attempts on our servers, particularly from China and Russia.

Of course, it might not be possible to develop in house every service you need, which might be a goal over the long-term, but at least fully understand how much your user data is actually exposed and how dependent you might be on your third-party providers.


Carson R Cole