Instead of forcing developers to learn about managing public and private keys, we give them toolkits so that they can do their standard operations like create, read, update, delete, share, and query data instead of dealing with the complexity of encryption – Isaac Potoczny-Jones.
Here is the lightly edited version of our interview with Tozny CEO and Founder Isaac Potoczny-Jones.
Q: What does Tozny do?
Issac: Tozny is a security and privacy company. We provide software development kits for computer programmers to embed high-end, end-to-end cryptography into their applications for identity management, data storage and security.
Q: How would you define identity management?
Issac: To us identity management is really about authentication – sign in. It’s about access control and permissions. It’s about single sign on so users can log into one application that authorizes them to log into other applications as well. In an enterprise context, this could be an organization’s internal services or services running in the cloud. From a developer perspective, you can embed this into your application so that your end users have a single identity that’s well secure across any of your microservices or your entire architecture.
Q: Is your product targeted at a specific workload or it can be used in any environment?
Q: Identity management is a solved problem, there are so many solutions already out there so what unique value do you bring to the table?
Issac: What we really bring to the table here is the first of its kind end-to-end encrypted storage platform with an Identity Manager basically integrated directly into that. Not only do you get all the encryption features that I mentioned above, you also get a cryptographic key. This cryptographic key might be on your mobile device or it might be inside your browser. You can use the key to encrypt, decrypt, sign and share data that allows a lot more application layer control over user privacy, and over application data than any other identity management platform can provide.
Q: Why did you create the company? What problem did you see in the cryptographic space that you wanted to solve?
Issac: Developers face big challenge in picking up off-the-shelf or open source cryptographic toolkits, because the cryptographic community has not done a great job in providing easy to use toolkits. I have given talks about how the defaults for using encryption in Java are all insecure. You will actually be building vulnerabilities in your application if you just pick those toolkits and follow the documentation, thinking that you are adding a strong layer of cryptography. So what we try to do instead of forcing developers to learn about managing public and private keys, we give them toolkits so that they can do their standard operations like create, read, update, delete, share, and query data instead of dealing with the complexity of encryption. We hide all that behind the toolkit and just provide those higher-level primitives that a programmer is used to. Developers can vet the toolkit, if they want to, it’s all open source on GitHub.
Q: Can you give us a quick overview of the products you offer?
Issac: We have two key components. One is the TozStore, our end to end encrypted storage platform. A developer can embed our SDK into their mobile app, browser or server to encrypt and decrypt data between all these services. That works for structured and unstructured data. Any two parties can share data with each other exchanging cryptographic keys. The second one is TozID, an identity access management solution with end-to-end encryption.