Blog

At this time of the year, the air becomes crisp and holiday excitement starts brewing. For online retailers, visions of jingle dollars dance in their head as the holiday season represents up to 30% of annual sales. But when sales go up, so does the activity of cyber criminals.

Last week, California voters passed Proposition 24, the California Privacy Rights and Enforcement Act (CPRA). The CPRA expands the existing online consumer privacy protections of the California Consumer Privacy Act (CCPA) that went into effect this year and clarifies some of its ambiguities.

As you consider how to collect payments for your ecommerce business you will also have to consider which form of payments to accept. The most widely accepted form of payment for ecommerce is card payment. As a result, you’ll have to determine how to collect card payment information in a PCI compliant manner.

Here at VGS our mission is to secure the world's sensitive data. We’re thrilled to announce the release of a new VGS Collect CardScan Module for our Mobile iOS and Android SDKs.

Please Vote!

If you are lucky enough to live in a democracy, you should always exercise your right to vote. Today, the U.S. Constitution guarantees every American over the age of 18 the right to choose their government, regardless of race, gender, religion, disability, or sexual orientation.

Payment Card Industry (PCI) compliance is a beast, and implementing data security best practices requires work from hard-to-acquire talent. This can lead to an unintended breach of privacy in even the most security-conscious company.

Have you ever considered the relationship between the PCI DSS QSA and your business? When you are looking to become PCI DSS compliant and protect your consumer’s sensitive data, your Qualified Security Assessor becomes invaluable. Not only does a PCI QSA conduct your PCI DSS audit, but they are also the only person capable of providing you with a Report on Compliance (RoC).

In a world of increasing data breaches, iOS App security and data protection has become more important than ever. Users are now familiar with how it can be easy to jailbreak iOS device and how some applications grab users’ data. Developers need to be able to easily and efficiently build user data protection into each application to prevent sensitive data leakage upon release and during future updates.

Brazil’s LGPD Privacy Law has brought additional attention to information security and data protection.

Europe and California are no longer alone in their recent concern for data privacy. In South America, Brazil will now enforce the Lei Geral de Proteção de Dados Pessoais (LGPD), which is similar in nature to the European GDPR (General Data Protection Regulation) and California Consumer Privacy Act (CCPA). Given Brazil has a population of over 210 million people, LGPD will have global ramifications.

CB Insights today named VGS to the third annual Fintech 250, a prestigious list of emerging private companies working on groundbreaking financial technology.

On July 16, 2020, the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield, a voluntary program that thousands of US businesses relied on for personal data transfers from Europe to the United States. For those of you who follow these things, the case is commonly referred to as Schrems II.

Here at VGS, our mission is to secure the world's sensitive data. The first step toward achieving that goal is to protect data where it’s collected.

With VGS Collect, developers can safely ask users for critical data, like credit card details, over the web or through IVR systems and limit security risk for both themselves and their users. Recently, we’ve added a new VGS solution for securing sensitive data collected from mobile applications - VGS Collect iOS and Android SDKs.

How sure are you that your company’s data security falls outside of PCI scope? Did you know that even if your application never keeps cardholder data in persistent storage, you still might have to meet the PCI Data Security Standard’s stringent requirements.

Data breach stories have been a fixture in the media for several years now, with large-scale breaches making the news on a regular basis. These data leaks have impacted every type of organization, from major airlines to global financial institutions – and the damage they leave behind is massive.

When we think of where the bank stores our money, we think of a vault secured with high-tech locks and multiple doors. Unfortunately, data security has been handled much in the same way - with slap-on safeguards. Securing these digital vaults hasn’t changed much since 2010, with many more companies lagging behind in compliance and ill-equipped to handle cybersecurity threats. Hackers can access these vaults through brute force alone. Or they can simply work their way up the hierarchy, stealing credentials from employees until they hit the jackpot.

Peter Berg is the VP of business development and strategy for Very Good Security (VGS). Peter joined VGS from Visa, where he created and led Visa Ventures, their global venture investment arm responsible for investments in early-stage payment and technology companies including Stripe, Marqeta, Klarna, Chain and more.

Before leading Visa Ventures, Peter helped shape Visa’s product strategy in new and emerging payments, and lead Visa’s relationship with Square. Prior to Visa, Peter was a co-founder or early employee of several successful startups in financial services and technology; two were acquired and one remains privately held today.

A company-wide shift to full-time remote work would typically take months or even years, but in the context of the Coronavirus pandemic, everyone was forced to do it almost instantly. Some companies found this transition quite easy, but the majority felt unaccustomed, to say the least.

2020 has been a year like no other. In response to these unprecedented times, companies are needing help from wherever they can get it as they try to restart. This is why Very Good Security is announcing a special free tokenization solution offer.

So, you’re a small business owner with a startup that needs to demonstrate compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Regardless of your business type, if your organization needs to become PCI compliant, that means you plan on operating on cardholder data and you have a responsibility to protect that sensitive credit card information.

Tokenization has been a hot topic in the payments industry for some time, now used by financial institutions in transaction processing all around the world. Companies implement tokenization systems to keep sensitive data, like credit card payment details, safe while still being able to store and use the information.

Today we are excited to announce that Very Good Security (VGS) has achieved Select Technology Partner status within the Amazon Web Services (AWS) Partner Network (APN). We are thrilled to work with AWS to provide customers modern data security and compliance solutions.

Dubbed “CCPA 2.0,” a proposed initiative called the California Privacy Rights Act (CPRA) is gaining traction – and will likely make an appearance on the November 2020 ballot in California.

The original legislation, the California Consumer Privacy Act (CCPA), only came into effect on January 1, 2020, but we are already seeing potential changes to this data privacy regulation looming on the horizon. If passed, these proposed changes like CPRA could mean businesses will need to further beef up their data security measures.

It’s common knowledge that sensitive information, like payment card data, shouldn’t be sent through email in an unencrypted state. There is simply too much information security risk, and too many opportunities for cybercriminals to intercept that data.

As every engineer knows, software advancements often come with novel risks, regardless of improvements in security. Every new technology that aims to ease the ever-increasing demands of IT operations teams also brings new security challenges along with it.

Do you know how long it takes to become PCI compliant?

Fulfilling all the requirements spelled out in the Payment Card Industry Data Security Standard (PCI DSS) is a complicated process with a ton of moving pieces.

Is your organization connecting to a payment gateway, processor, or other financial institution – like FIS or I2C – that requires you to use ISO8583 to handle payment messaging?

If so, you likely already know that your business needs to achieve some form of PCI compliance in order to handle the sensitive data contained within those messages.

Attaining PCI compliance for small businesses is no small feat, but securing sensitive cardholder data in a PCI compliant manner is easier, faster, and more affordable with an end-to-end PCI compliance solution - like VGS.

Small businesses, from e-commerce merchants to service providers, all need to ask themselves the same question early in the lifespan of their company: do I need PCI compliance?

If you work with payment cards, including both debit and credit cards, then the answer is yes - you do need to comply with the Payment Card Industry Data Security Standard (PCI DSS).

We are taking seriously the risks to business continuity that could be caused by the COVID-19 coronavirus and would like to update you on the measures we are adopting.

A simplified crash course on the Payment Card Industry Data Security Standard (PCI DSS), including the most cost-effective path to securing cardholder data and quickly obtaining PCI Compliance.

Unsure about PCI Compliance? Here’s everything you need to know about PCI DSS and what it takes to obtain – and demonstrate – your company’s compliance.

You can do this yourself or with the help of third parties, which we will cover at the end of this post.

Think your business doesn’t need to worry about the California Consumer Privacy Act (CCPA) because you don’t sell any data for business purposes?

You may want to take a second look.

Under the broad definition of “sale” used in CCPA, you could very possibly be subject to CCPA requirements and unknowingly failing to achieve and maintain compliance. With the financial penalties associated with non-compliance, not to mention the data security risk that results from ignoring CCPA requirements, it’s absolutely vital to make sure that you know whether or not your business activities would be considered to be “selling data” under the CCPA.

Cyber security is wildly unfair. A hacker only needs to succeed once to get what they want, while businesses need to succeed every day indefinitely to prevent that from happening.

For cyber security professionals and other security experts, security is a day-to-day concern that touches many facets of your work life. After all, putting the data privacy of your customers at the top of your priority list is something that simply comes with the job nowadays. This is often true for professionals working for modern companies, as handling user data and ensuring privacy protection is table stakes in today’s data-driven market.

Getting compliant with data protection laws and regulations as soon as possible is vital for startups, particularly if data privacy and information security are core features of the company culture you’re trying to build. Managing compliance at the first opportunity not only comes with a number of both short-and-long-term benefits, but also helps your company avert disasters down the road.

We are happy to introduce Brian Whorley, CEO and founder of Paytient, an innovative health care technology company that leverages our Zero Data solutions to protect sensitive patient data

Tell us about Paytient

Brian: Sponsored by employers, Paytient is a payer for employees' out-of-pocket medical, dental, pharmacy, vision, or veterinary expenses. At a high level, our mission is to remove cost as a barrier to care for employees by offering an innovative way to pay for any out-of-pocket costs of care.

Today we are excited to announce that Very Good Security (VGS) has received a strategic investment from Visa, Inc. We are proud to add Visa to our list of incredible investors, including Andreessen Horowitz, Goldman Sachs, and Vertex Ventures US.

Visa’s founder, Dee Hock, once said: “Preserve substance; modify form; know the difference.” Sensitive financial and personal data are powerful keys to unlock value. However, if compromised, these keys cannot be reissued, and therefore require a proportional amount of protection.

New year, new you!

With the new year – and new decade – upon us, now is the perfect time to start thinking about what we want 2020 to look like.

For small business owners, or really any team member at a modern company, data privacy and information security present major challenges in the coming year. After an uptick in data breach incidents in 2019, we all need to be especially vigilant in the new year.

We’d like to introduce our new Product Manager, Can Duruk, who just joined VGS! With experience helping roll out new app security features during his time working at Uber, Can understands what it means to build meaningful products that keep the end-user – and their sensitive data – in secure hands.

The second Payment Services Directive (PSD2), issued on September 14th, 2019, has introduced new requirements for banks to reduce fraud, called strong customer authentication (SCA) requirements. In this brief guide, we’ll cover all the key facts you can’t go without.

Running a business in the digital age is no easy feat. This is especially true nowadays, when consumer data security is at the forefront of the conversation.

Data breaches have hit even some of the biggest multinationals out there, enabling the exposure of sensitive user data and compromising the privacy and trust of their customers. When it’s payment card data that leaks on a large scale like this, the damage goes far beyond consumer confidence.

The digital era has unleashed endless possibilities for launching eCommerce businesses. From independent home-based Amazon merchants to large-scale online retail operations, the barriers to entry in the eCommerce space have drastically fallen.

Moreover, it’s never been easier for consumers to buy goods and services online. Shoppers send their credit card numbers and addresses to online retailers constantly, even saving their cardholder data in their web browsers for a seamless eCommerce checkout experience.

Over the past year, the VGS team has doubled; to support that growth, we’ve had to evolve how we structure our engineering team. Here we detail the choice to adopt the squads structure as the one to scale with our team.

Very Good Security(VGS) is continuously looking for ways to facilitate security and minimize the potential risk for our users, including when it comes to identity management.

Security and Connectivity for the Fintech Ecosystem

In today’s rapidly evolving fintech ecosystem, foundational building blocks like data security and connectivity to financial institutions are prerequisites for building valuable fintech products. However, these building blocks are rarely companies’ core competencies. Just as modern fintechs are no longer expected to build their own one-off integrations with financial institutions, they shouldn’t be expected to build data security and compliance solutions from scratch when it isn’t their focus.

Embedded content is an ingrained part of the modern online experience – from YouTube videos and like buttons to advertisements and so much more. The average internet user may not realize just how much third-party content is embedded into each page they visit.
Apart from the dynamic user experience and revenue-generation that embedded third-party content can provide, there is an additional benefit that doesn’t get quite enough attention: data security.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

The fintech sector has brought consumers an endless stream of modern offerings that have enabled them to ditch several outdated banking and lending products from legacy financial institutions.

Consumer data breaches are a dime a dozen these days, with massive, highly-public cyberattacks hitting our newsfeeds on a nearly weekly basis.

From social security numbers and credit card numbers to other types of sensitive data, it seems like several popular global corporations have failed to keep their customers’ sensitive personal information safe time after time.

And, unfortunately, earlier this month it was confirmed that enterprise-scale cybercriminals are successfully executing newer, sneakier, and increasingly dangerous cyberattacks that are becoming increasingly difficult to detect.

These days, it seems that companies are having to navigate increasingly complex data compliance regulations. From following PCI DSS rules to maintaining HIPAA, GDPR, and CCPA compliance, the complicated web of global regulatory frameworks for data protection just keeps getting more and more tangled.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

In the context of data protection, modern digital businesses realize the dangers that come with using sensitive information in its raw form. Figuring out a way to collect and use the original data without putting it at risk remains a challenge, and organizations must channel a lot of their resources into IT security that protects their users’ sensitive data like credit card numbers and other cardholder information.

With so many highly-publicized data breaches hitting newspaper headlines in recent years, including a massive Capital One data breach in 2019, it has become more important than ever to protect sensitive consumer data and limit its exposure to data leaks.

In a previous article, we discussed how to authorize resource access in a distributed environment and what challenges doing so poses in terms of architecture. In this article, we detail how our engineering team dealt with some of these challenges to build a fine-grained permissions system.

Three years ago, Very Good Security (VGS) embarked on a mission to prove a novel concept in the data security landscape: the best way to protect sensitive data is to not possess it in the first place. Since 2016, we have enabled our customers to adopt a “Zero Data” approach to de-scope their systems from interacting with sensitive data, while allowing them to maximize data utility and quickly achieve compliance certifications.

Imagine you need to get from your home to the airport to catch a flight. You open the Lyft app on your phone and see that Lyft is surging and the ride will cost you $75. You, almost subconsciously, open the Uber app and it’s $55 for the same ride. You then confirm your Uber ride and you’re on your way.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

On January 1, 2020, the California Consumer Privacy Act (CCPA) will - at long last - go into effect. For anyone following the journey of this soon-to-launch privacy law, this has been a long time coming.

In recent months, major adjustments have been coming together as California regulatory authorities have been waiting on the approval of certain amendments to the core characteristics of the upcoming data privacy framework.

The next era of data security is already upon us, and it involves washing our hands of sensitive user data entirely.

Imagine a world where your business doesn’t have to worry about managing its own Payment Card Industry Data Security Standard (PCI DSS) compliance, simply because sensitive cardholder data never passes through your systems in the first place.

It’s a concept we call Zero Data.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Achieving compliance with the Payment Card Industry Data Security Standard (PCI DSS) is a lengthy and expensive process.

For Level 1 compliance, which is required for businesses that handle high volumes of payment card data, upfront costs can easily run you $1.1m and the journey to your certification can last between 9 and 12 months if you opt to build your compliant infrastructure by yourself.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

TravelBank’s innovative, all-in-one trip expense platform - protected by VGS

In our last blog post about CCPA, we went into the details of California’s comprehensive privacy law, more formally known as the California Consumer Privacy Act. Coming into effect January 1, 2020, the new privacy law pertain to companies that collect data from California residents, regardless of the location of the company - both within the United States and globally.

The hard-to-face reality is that billions of personal records are exposed each year. A commonly used, yet incomplete solution, is tokenization. Tokenizing sensitive data does not eliminate the need to achieve and certify PCI DSS compliance.
In order to completely descope from PCI, a business can partner with a data custodian (VGS) that handles 100% of data capture and vaulting – removing any compliance risk and completely avoiding data leaks.

What is the California Consumer Privacy Act (CCPA)?

The California Consumer Privacy Act (CCPA) is a comprehensive data privacy law that will go into effect on January 1, 2020. The new consumer information security framework will have a major impact on both consumers and businesses because the regulations apply to any companies – no matter their location – that collect personal information and other consumer data from residents of California. This includes handling names, addresses, social security numbers, credit card numbers, IP addresses, and more.

Very Good Security is excited to announce its official membership in the American Chamber of Commerce (ACC) in Ukraine. The ACC in Kyiv is a non-governmental, member-funded, non-profit organization representing the largest investors and multinationals that operate inside Ukraine.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Most companies don’t collect data for the sake of hoarding it – they collect it as an input to achieve some business objective. In other words, they need to do something with their data. This typically requires sharing data with a third party to operate on or enrich the data (e.g. processing a credit card; running a background check; getting a FICO score).

Learn how you can make sure that your company’s cardholder data environment (CDE) is compliant with PCI DSS.

Storing PCI cardholder data can make business much easier, for both you and your customers. Unfortunately, stored cardholder data puts your business at risk of a data breach - which is why the Payment Card Industry Data Security Standard (PCI DSS) was put in place.

Ensuring a company’s cardholder data environment (CDE) is compliant with PCI standards is no easy task, however, and often requires unanticipated additional resources and ongoing efforts to maintain.

3D Secure (3DS) is a set of security standards in place to reduce fraud and add online payment security, while also creating a liability shift in terms of fraudulent activity and chargebacks.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

SteadiPay optimizes cash management with data security from VGS. Learn more about how VGS helped SteadiPay seamlessly integrate their apps to be PCI compliant.

The General Data Protection Regulation (GDPR) is a set of laws regarding data security that affect companies based in the EU and those with customers in the EU. Brexit is the proposed withdrawal of the United Kingdom from the European Union.

You may be aware of one (or both) of these subjects, but what may not be completely known is how one will affect the other. Understandably, there are reasons for concern for those doing business in or with the EU — since, as you likely know, the UK is part of the European Union — so let’s take a further look at GDPR and Brexit to see what effect they may have on how you run your company.

Very Good Security (VGS) is excited to announce its participation as a launch partner for Visa’s expansion of their Fast Track program to the U.S. The program is part of Visa’s global strategy to open its network and to support a broad range of players that are developing new commerce experiences. The Fast Track program makes it easier for fintechs to partner with Visa and access its global payments network. The VGS team is pleased to work alongside Visa and our fellow launch partners to provide premier services for emerging fintechs.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

United Naturals - With VGS, we take data security as seriously as your wellness. Learn how United Naturals smoothly integrated with VGS in record time.

In 2011, Google’s Alberto Savoia proclaimed that “Testing is dead.” Many tech trends have changed since that notable opening keynote at the Google Test Automation Conference 8 years ago, including the adoption of DevOps culture, and there’s one thing we can say for sure: testing is not dead. In many ways, it has actually evolved — the classical tester’s role has just become spread out between engineers while quality assurance has remained an essential part of the software development culture.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

“PCI, including our yearly certification, has now become a breeze”

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Truebill - Securing customer data with “beyond bank-level” security.

Today’s Zero Data Hero is Idris Mokhtarzada, Founder & CTO, Truebill.

When it comes to a robust, open-source, and fairly secure database system, Amazon RDS PostgreSQL monitoring tools is often a top choice for developers. That’s why we wanted to get under the hood to better understand the PostgreSQL monitoring tool and its performance.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Streamline using VGS to differentiate itself and remove risk from its business

Today’s Zero Data Hero is Chris Spears, Executive Vice President and Chief Information Security Officer (CISO) of Streamline VRS.

We have news to share!

We’re thrilled to announce that Karin B. Turchin, former Vice President of People at Roostify, has joined Very Good Security as our Head of People to build and scale our people operations.

“The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect.” - Tim Berners-Lee, Inventor of the World Wide Web

We’re excited to announce some improvements we have made to the accessibility of VGS Collect. But first some background on the topic of accessibility.

We’re excited to announce that we’ve partnered with our friends at Netlify to develop an add-on that effortlessly and securely collects data via webforms.

"DoNotPay is the hero the world needs." - TIME Magazine

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

“To Infinity and Beyond” - Trim - Automatically improving the financial health of Americans at scale

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Design is the first thing a customer will notice when they visit your website. A beautiful design is not only attractive to the visitor, but it makes your business look more legitimate. As you build and improve your website, it is important that third-party UI elements work well with, and look similar to, your own user interface. To make the building and programming process easier, here at VGS we put in work to make our forms as flexible and user-friendly as possible for you.

It was just another Monday morning. Our engineering teams were getting ready for their standup meetings, the sales team was going through the customer priority list, and HR was checking the schedule of performance reviews and promotions for the week ahead. The sun was shining brightly (what a difference after the record rains in SF in February!), well the Spanish sun kinda always shines brighter.

It was just another Monday morning. The only thing that was different. We were all in the same room.

Today, we’re happy to announce the introduction of our new Compliance Academy, a resource where you can learn all about compliances and regulations such as PCI, SOC2, GDPR and CCPA.

In the last 2 years at VGS we’ve seen a significant uptick in interest regarding regulation. Every day we field multiple questions from people trying to understand if their company is “in scope” and if so, what they need to do about it. There are a number of reasons for this interest but primarily it appears to be driven by uncertainty. Both startups and established companies alike face the prospect of a world with increased regulation and significantly stiffer penalties for failure to comply.

Yofii is laser-focused on its mission to bring financial freedom to people in debt.

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Last month, Toyota disclosed that it had suffered its second data breach in just five weeks. The most recent breach exposed the personal details of over 3 million of its customers. This is but one of countless breaches that have affected the security of sensitive customer information in the past couple of years.

Brex building the next generation of B2B financial services

Our Zero Data Hero Customer Spotlight series highlights the stories of VGS customers who have joined our Zero Data mission to protect the world’s information.

Today’s Zero Data Hero is Henrique Dubugras, CEO and Co-Founder of Brex, Inc. Henrique is an engineer who previously co-founded Pagar.me, one of the largest payment processors in Brazil reaching over $1.5 billion in GMV in its first three years. His new startup, Brex, is backed by Ribbit Capital, Y Combinator, Greenoaks, DST, and fintech insiders including Max Levchin and Peter Thiel (PayPal), and Carl Pascarella (former CEO of Visa).

No one starts a business to get audited, but today, any company that comes in contact with sensitive data (like payment cards, health information, or personally identifiable info), is forced to do expensive, time-consuming work that is not core to their business so that they can achieve certifications like PCI, SOC2, HIPAA and more, just to stay in business.

What if companies didn’t actually have to deal directly with sensitive data? What if they could interact with sensitive data, exchange it, and use it to meet their business objectives, without having to actually possess the data themselves, thereby staying out of compliance scope?

If you had one million dollars in cash, how would you keep it safe? Would you leave the pile of money on your kitchen counter? Or, would you put it in a bank? Most people would choose to deposit their money in the bank for safekeeping, or at the very least put it in a safe. We immediately feel the power of its tangible value. But what about data? If the data your organization has accumulated was worth one million dollars, how would you store it? You may think that there’s no way your data could be worth so much, but the reality is that you are probably severely underestimating the value it truly holds - and is still waiting to be unlocked.

At Very Good Security (VGS), our seasoned engineering team works hard to successfully solve complex technical challenges - while keeping security our top priority. One of such security challenges is access control to resources we store in our microservice architectures.

With current payment card industry (PCI) regulations and growing numbers of sensitive and personal data leaks, there is increasingly high demand for dependable security solutions that protect your customers’ personal data. It’s imperative that companies shield their users’ information from the very first interaction with your application, when customers often enter their most sensitive data.

Do you think you deserve the right to privacy? The United Nations does. December 2018 marks 70 years since the U.N. ratified the Universal Declaration of Human Rights. Article 12 states:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Is that even possible in an era of cyber attacks and data breaches?

Very Good Security (VGS) uses Kubernetes, hosted on AWS, to speed up application delivery and optimize hosting costs. A common issue is ensuring replicas are evenly distributed across availability zones making applications resilient and HA.

By default, the Kubernetes scheduler uses a bin-packing algorithm to fit as many pods as possible into a cluster. The scheduler prefers a more evenly distributed general node load to app replicas precisely spread across nodes. Therefore, by default, multi-replica is not guaranteed multi-AZ.

Imagine that a local library has hired you to help with the development of a web service to expose its library catalog (which, in essence, is an SQL database) on the Internet. Nothing fancy required — a simple REST API will do the job. It shouldn't be too difficult for a seasoned Java developer like yourself, now should it?

Rotating access credentials such as passwords, certificates, or keys is a universally accepted best practice for security. Very Good Security’s new Access Credentials Rotation feature makes it easier for you to switch (or rotate) from one set of credentials to another to keep your cloud assets safe and secure.

We’ve enabled you to leverage VGS Access Credentials to manage/rotate access credentials, create new pairs or deactivate old ones, and send data to third parties faster. This makes it easier to manage multiple access credentials, leaving you with extra time to focus on more valuable business priorities.

Very Good Security CEO and co-founder Mahmoud Abdelkader took to the stage at the National Press Club in Washington, D.C. on November 8, 2018 to present at the annual SINET Showcase. Each year the Security Innovation Network (SINET) evaluates the technologies and products of hundreds of emerging cybersecurity companies from around the world and selects the 16 most innovative and compelling companies. The winners are then invited to outline their company’s unique approach to addressing the most pressing needs and requirements in cybersecurity.

On the heels of our recent announcement of our series A funding led by Andreessen Horowitz, we have some more news to share:

We’re excited to announce that Peter Berg, former head of Visa Ventures, has joined Very Good Security as our VP of Business Development and Strategy. He will lead our strategic partnerships and new business initiatives.

Access Logs are an essential aspect of the web environment. With so much information to distill, and so much to know about when it comes to eliminating bugs in the development process, they provide additional data that is useful for debugging and auditing. As you might imagine, with the growing popularity of VGS as a stand-out cyber security solution for startups, small businesses and other companies that are trying to do more with less, we are constantly innovating on our security paradigm and products. It’s time to explore VGS Access Logs at length. That is--what is it, how to read it, where it can be found, how to debug logs and even configure routes directly from the Logs page.

Wherever there is sensitive data, there is also motivation for malicious third parties to try and steal it. In order to ensure your company's sensitive information never gets leaked, it's essential to take steps for securing it.

Let's consider the scenario of sending sensitive data from an Android mobile device to your API server. How do you make sure that the data is safely received by the server?

No one goes into business because they want to do data security. But whether you’re a brand-new startup or a Fortune 500 giant, effective data security is essential to be – and stay – in business. The only thing less fun than data security and compliance is a data breach.

If you’re anything like us, you’re tired of hearing about data breaches, and you’re tired of them happening, over and over, at the expense of your own privacy and security.

If you have an API that interacts with credit card data, before using your API in the wild you'll need to make sure it is secure and PCI compliant.

One straightforward solution for this is to redact every credit card number that goes through your API. If you have a Java-based web application that uses the Spring framework, what would you do? Would you use a third party or find your own way to solve this problem?