At Evervault, we’re on a mission to encrypt the web. In this short post, we’ll explain why.
Security as the first priority
As a developer, security may not be at the forefront of your mind when starting a new project. Because it’s mostly hidden from users, security often gets overlooked in favour of building features people love.
You should only be building apps people love if you make them invulnerable. If you don’t prioritize security, you show users that their safety and privacy are not important.
It’s very hard to retrofit security after growing and becoming successful and, even if you put security first from day one, you only have to get it wrong once to lose user data and trust.
The fact is, security is hard. And it’s getting harder every day. To win, you have to get it right every single time. To lose (and lose big), you only have to screw it up once.”
— Tom Preston-Werner, GitHub cofounder
You don’t just put users at risk, you may put proprietary datasets at risk too — at risk of being breached.
Ending data breaches
We want to end (plaintext) data breaches.
We think it’s embarrassing for technology that not a week goes by without a data breach. Data breaches happen; it’s difficult to predict and prevent all attacks & breaches.
The problem is that what gets breached is plaintext, readable data. This is where encryption comes in.
If everything is encrypted, it doesn’t matter if an app gets breached because what gets breached is useless, unreadable data. Simply: users and datasets are no longer vulnerable.
The most important security tool
While encryption isn’t the only security tool, it’s the most important one.
Dance like no one is watching; encrypt like everyone is. Encrypt everything.”
— Werner Vogels, Amazon CTO
Encryption lets us have full control over who has access to users' data and our datasets; it makes sure that no unauthorized party has access to user data or proprietary datasets — even when a breach occurs.
As developers, we’re used to abstraction and simplicity across our workflow: Stripe abstracts away payment networks, Twilio abstracts away telecoms, and AWS and Vercel neatly abstract away servers for us; all of this functionality is integrated through a few lines of code.
By abstracting away encryption’s complexities — like choosing which crypto library to use, configuring its algorithms correctly, and managing & rotating keys securely — Evervault makes it easy for developers to ensure that the next generation of apps and systems are as secure as they can be.
Developers store encrypted data but not keys; Evervault stores keys but not encrypted data.
By using Evervault, every developer becomes a security engineer and every app becomes an encrypted app — both by default.
Using encrypted data
We’re building towards a web where all data is encrypted end-to-end, without sacrificing the ability to use the data — which is what we mean when we say that all apps with Evervault integrated will be encrypted apps.
We think that it’s inevitable that all developers will build encrypted apps. The test is simple:
If developers have a choice between building apps with plaintext data and building apps with encrypted data — assuming the developer experience is matched — they’ll choose to build encrypted apps every time.
We think there’ll be a time when people look back and think that it was crazy for us to build apps without encrypting sensitive data at the field level.
Above was a short overview of why we’re on a mission to encrypt the web, and why we’re building encryption infrastructure for developers. In short, our three goals are simple:
- For every developer to be a security developer by default,
- For every app to be an encrypted app, and
- For no more (plaintext) data breaches to happen.