Piiano Data Protection – My Startup

Hey everybody,
As much as I love writing, I’ve been moving to write for my own startup Piiano.

Piiano celebrates 2 years this month, and we build incredible infrastructure for backend developers to build their apps securely around sensitive data and complying with regulations like GDPR/CCPA and others at the software level.

Piiano’s name is based on the privacy acronym PII, and we pronounce it just as ‘Piano’ the great musical instrument. PII stands for personal identifiable information – aka our identifiers like full name, email, phone number, address, etc.

At Piiano, we help businesses protect their sensitive data (normally, customer data) with APIs for data encryption and tokenization. So for the first time, backend developers can continue to use their own databases, each team with whatever tech stack they like, and using our APIs they can encrypt the sensitive fields on top of it.

In addition, to the backend developers, the security teams will be happy, for a few reasons:
1. Encrypting data in a robust way over different database requires different skills and expertise.
2. Given that each R&D team has different database, it will require lots of different people supporting securing it, which is hard to do in scale, practically.
3. The security team always chases the R&D teams to fix stuff, and when things get broken, it’s sometimes too late, already in production.

With our approach, at Piiano, security teams ask the backend application developers to use our APIs for encrypting data and decrypting data. Friendly APIs that are designed from scratch to be used by developers with simplicity at mind, thus RESTful APIs for example. This way R&D teams streamline securing the sensitive data. In return, the security teams get to control who can access the data, when, why, etc. And everything gets to a unified control center that lets them manage everything at scale.

Building an encryption system is a very hard task, and require real expertise that most technologists aren’t aware to the complicates of implementing them, unfortunately. “Don’t roll your own crypto”, they say, but most don’t even listen or know it. We try to take away this pain and complication. We also try to provide the developers with privacy-aware infrastructure, so upon decryption, we can do data masking, data expiration, data transformation, and providing even more support for privacy compliance.
And we have lots of other innovations there… Cool stuff really. Like IDOR protection, mitigation for SQL injections, object level security, and many more features. Cause we’re tired of seeing stupid bugs in serious applications, lol.

So that’s my current endeavor for the last couple of years, and the next few years for sure.

As someone who loves security engineering and vulnerability research, starting Piiano was a must. Our dream is to move the needle in the data security industry and help businesses really protect their customer data – eventually our own data, as netizens, for whatever apps we use on the internet.

We want to solve this data breaches problem at the source code level, at the core of where data is being stored and accessed. This is where real data security takes place, with all due respect to more firewalls and WAFs that people like myself just sit down for a few hours and manage to bypass eventually…

Wish us like in protecting the data against the bad guys :)

Leave a Reply