How do you handle incredibly sensitive information as a startup that has no resources for full opsec, cybersec? ## Example Venture Assembly - *Actual* Finances - Salaries - Bonuses - Shares - Funding - *Actual* KPIs - Lifetime Value - Monthly Burn - Net Revenue - Customer Acquisition Cost - Monthly Gross Revenue - Total Users - Paying Users Given the nature of such data, a hack and exposure could be desastrous for participants and VCs alike. A hack would also destroy our reputation. So how can you minimize your own and your customer’s risk in case of a breach? > What *if* you assumed you’re already hacked? ### The answer for our MVP: Pseudonymization and Outsourcing Identity - https://github.com/akaalias/ventureassembly/blob/staging/app/models/participant.rb - Uses a customized Devise - Pre-generated name - Identity (Email) stored off-site with state-of-art security (Google) ### Alternative: Encrypted Relationships > What if identity wasn’t the issue as much as the relationships to the data points? - When creating new entries, the user has to enter a PIN that only they know and that only resides client-side in memory - All foreign keys that would connect a `User` to a `Salary` are encrypted with this PIN - Were someone to hack into the database, they’d see a table of users and a table of salaries, each with a foreign (:belongs_to) key. - But because the keys are encrypted, the hacker couldn’t make the connection. ## Related - Similar meta-design challenge as [[The Clock of the Long Now (Book)]]