We are big fans of Netlify [1] (it powers our website and blog!) and we wanted to scratch our own itch to comply with GDPR, as well as various upcoming data security regulations [3]. So we, Very Good Security [2], just released an add-on that lets you securely collect sensitive data (e.g. payments, PII, SSNs, identification, etc.) via web forms on Netlify.<p>With the new add-on, Netlify customers are shielded from data liability, breach risk and the compliance issues that come with holding sensitive data. So you can inherit PCI compliance from VGS (a level 1 service provider) and can fast-track other compliances like SOC2, HIPAA, etc.<p>You can read more about our add-on for Netlify on VGS’ blog:<p><a href="https://blog.verygoodsecurity.com/posts/securely-capture-sensitive-data-with-vgs-and-netlify/" rel="nofollow">https://blog.verygoodsecurity.com/posts/securely-capture-sen...</a><p>and on Netlify’s blog:<p><a href="https://www.netlify.com/blog/2019/06/06/very-good-security-add-on-collect-data-securely/" rel="nofollow">https://www.netlify.com/blog/2019/06/06/very-good-security-a...</a><p>Watch a quick video here: <a href="https://www.youtube.com/watch?v=wtYzLdpSeJo" rel="nofollow">https://www.youtube.com/watch?v=wtYzLdpSeJo</a><p>Try it out and let us know what you think! We’d love your feedback.<p>[1] <a href="https://www.netlify.com" rel="nofollow">https://www.netlify.com</a><p>[2] <a href="https://www.verygoodsecurity.com" rel="nofollow">https://www.verygoodsecurity.com</a><p>[3] California Consumer Privacy Act<p>[3] Colorado Protections for Consumer Data Privacy<p>[3] New York’s SHIELD act (<a href="https://www.nysenate.gov//legislation/bills/2019/S5575" rel="nofollow">https://www.nysenate.gov//legislation/bills/2019/S5575</a>)
Very cool, will try this out! I've been doing a fairly extensive integration with their primary VGS tokenization service and it's been a solid, though young platform with a few missing pieces they have promptly addressed. The use of a programmable tokenizing L7 proxy seems to me the best path forward to isolate sensitive data in systems for regulatory and security purposes. If you store sensitive data in your application, you really should look into it.
I am not 100% but I believe that 'Sure name' should be Surname <a href="https://www.screencast.com/t/VmRZ1dlH0T" rel="nofollow">https://www.screencast.com/t/VmRZ1dlH0T</a> <a href="https://en.wiktionary.org/wiki/surname" rel="nofollow">https://en.wiktionary.org/wiki/surname</a>
If I ask someone to place a diamond in a safe at Fort Knox, and then publish the name and password to retrieve the diamond on a billboard, is the diamond safe?
This is interesting, but one thing I didn't understand from the video demo (which shows a background check form and a payment form)<p>Aren't these SaaS tools like Stripe (payments) and Checkr (background checks) already built in a way that allows you to never have sensitive PII like payment info or SSN touch your servers?
Is this new service HIPAA compliant as well? Can I collect patient health info, have it stored in a separate vault from all my other data.. and have it be encrypted at rest?