Growth

Why I Joined Basis Theory

It’s time data compliance and security stop competing and start helping companies innovate.

I have had a front seat to the origins of companies that shaped the world we live in today. From Uber and Doordash changing the way we travel and eat to Peloton and Mint changing how we exercise and tackle personal finance. The developer tools that Twilio, PubNub, and Yodlee built helped create these market-defining products because they encouraged innovation through openness, simplicity, and low-stakes experimentation. 

I have also seen scenarios where innovation dies. 

In May of 2018, as the General Data Protection Regulation (GDPR) was set to come into force in Europe, I asked the CTO of a fast-moving public company about their roadmap. He said his team was focused on one thing and one thing only, “GDPR… the Great Destroyer of Product Roadmaps.” 

I laughed, but the sentiment bothered me. Here was this veteran technology leader—who intellectually agreed GDPR was the right thing to do for consumers—unable to keep regulation from delaying the features he committed to his customers. If he couldn’t, how might others?

As I advised the Basis Theory team over the last several months, I kept coming back to that moment. I couldn’t help that CTO then, but I feel like I can now. This is why I am joining Basis Theory as President—because great privacy, security, and compliance should never inhibit creating value for customers.

Great Destroyer(s) of Product Roadmaps

Any innovation requires low-stakes experimentation and systems that enable openness, speed, and simplicity: 

  • Mint didn’t form relationships with banks and work through data security. They integrated with Yodlee to securely enable internal speed and easy collaboration with data. 
  • Uber didn’t figure out how to interface with telecoms. They used Twilio to build an inexpensive proof-of-concept to send texts to their users. 
  • Peloton didn’t solve high-scale real-time messaging for leaderboards. They used PubNub to simplify the implementation and get to market faster.

Today, data security and compliance are anything but open, fast, and simple. Trying to understand best practices feels like defusing a bomb without access to expert training. This is especially true at large companies or ones subject to compliance, where team meetings and committees slow down iteration by development teams and restricts access to data—often for a good reason. 

Plus, the world of compliance is not getting simpler or smaller. According to a recent article in the New York Times, “The number of laws, regulations and government policies that require digital information to be stored in a specific country more than doubled to 144 from 2017 to 2021”. That is some organization’s Great Destroyer of Product Roadmaps created every month. 

And that doesn’t even consider the changing landscape of security threats. Technologies, like quantum computing, represent uncharted challenges to current best practices and protections. Meanwhile, state-sponsored cyber attacks, ransomware, and zero-day threats will continue to emerge. 

Great data security is no longer optional; however, these compliance and data security changes make creating the next Ubers, Pelotons, and Mints much more difficult.

We know the answer. We just don’t want to hear it.

There is one thing every organization knows they should do that would make it easier to solve most data security issues today: encrypt sensitive data at rest. In fact, Dr. Werner Vogels, Amazon’s CTO for nearly 20 years, says, “Dance like nobody's watching; encrypt like everyone is. Encrypt everything.” If developers want their sensitive data encrypted at rest, why don’t they encrypt ours? 

Our CEO outlined many challenges developers face when protecting sensitive data. I believe one thread ties them all together: securing it slows down and limits innovation. When data is encrypted, development teams have to figure out how to build and maintain infrastructure and processes for key management, scale the use of encryption libraries, and create and maintain access policies across the organization. Doing the right things takes time for developers.

That is just the beginning: encrypted data can’t be analyzed, used for machine learning, or shared with people internally or with partners without reintroducing many of the same risks companies want to avoid. Doing the right things handcuff developers’ ability to innovate.

So development teams do what any team with a deadline would do: they abandon part of or all data security and compliance best practices. It’s a cycle that builds up compliance debt to be collected by the next Great Destroyer of Product Roadmaps or security incident.

Great data security doesn’t need to be a fire drill

I am joining Basis Theory because I believe the development teams of the world want to see a change. I believe companies can secure all sensitive data proactively and still have the openness, speed, and simplicity needed to innovate. And I believe development teams can create more world-changing categories when they feel safe working with sensitive data. 

No one can tell the future, but at Basis Theory we believe a simple and low-profile platform can help organizations turn uncertainty into an advantage. We want to create a world where securing sensitive data is easier than not doing it and where working with ciphertext is as easy as working with plaintext. We see a future where teams build for customers instead of compliance requirements like data residency and where data scientists, partners, and innovators programmatically receive access to the data they need and nothing they don’t. We see organizations where CISOs and security teams support—not impede—innovation.

We built Basis Theory to support innovative companies working with sensitive data. We are open by default and API-first, giving developers full access to the system and its constantly evolving capabilities without talking to a sales rep or needing a card-on-file. Our thoughtful APIs, native integrations, and beautiful documentation make great data security an achievable reality in hours or days for developers (or the savvy C-Suite or Board members that prioritizes it). We designed the platform to provide complete control over your data, even going so far as to create guides on how to leave us (see the guide on Migrating your data out of Basis Theory). Finally, we developed a usage-based and transparent pricing model that promotes growth and security.

Innovation starts with sharing. Drop me a line at casey@basistheory.com to share your thoughts. Also, if you’re interested, let’s stop the future Great Destroyers of Product Roadmaps together.

BASIS THEORY NEWSLETTER

Want product news and updates?

Receive the latest posts directly in your inbox.