Our Security Approach
Security is a relative concept.
For some, parking a car down a ‘safe’ street is enough. For others, the car needs to be locked. Then there are those who would put on a physical steering wheel lock and some who would fit an immobiliser. We probably all know someone who feels less comfortable parking outside of their garage rather than inside, and then there’s an entire suite of security services ranging from CCTV cameras and movement sensors to choose from, depending on your perceived level of risk.
In summary, what you find most secure is very much down to what level of risk you are a) aware of and b) comfortable with.
Risk awareness is a product of direct experience (e.g. something happened to you personally) or indirect experience (e.g. someone told you something). If you had your details stolen from a website last year, your chances of trusting it again may be fairly low. Conversely, if you were told by someone that a website had been hacked last year, then you may still not trust it even though you hadn’t experienced it yourself and/or hadn’t validated the story to be true.
As we build With Grace in preparation for launch, our primary focus is on security and simplicity. From early research, we know that people’s main question about Grace isn’t whether it would be really valuable to them and the important people in their lives – those bits seem obvious to people, which is great to hear – but instead the leading questions are about whether their information will be secure.
Our intention is to use the most cutting-edge cybersecurity technology available to create such a level of security that even we can’t access your data. We want to ensure that for someone to be able to access something you have set as private, there would be numerous authentication steps to follow, which are similar to how the most advanced password managers and ultra-secure official information is protected today.
However, even as we build out these things, and we explain how they work to our users, there is still a barrier to overcome and that’s one of individual perception. Questions of security are as much to do with what our policies are, as they are to do with how you personally would answer the question ‘what is secure enough for me’?
It’s important to consider how secure your personal information currently is – and then consider what would be more secure than that?
It’s also important to consider what level of security you think popular websites are using? When you upload personal information to a social network, are you certain you know how that’s being used?
Our competition in terms of security is what current systems are in place, and frankly, we feel that we can do better. This is mainly down to intent. If the primary intent of a platform is to sell advertising that’s based on personal data, the security protocols will work around the reality that your personal data is required to be used for the site’s commercial model to work. Our intent is to make post-life planning more simple and remove the logistical challenges of legacy management. Our intent is nothing to do with monetising your data. We will never sell information to advertisers and we don’t even have an intent to visibly see your data.
What we are setting out to do is making the most secure service possible, not just by using amazing technology, but also using natural human behaviour. For instance, if a user appoints a nominee to have future access to some of their information, not only should the nominee accept that request, but there should also be a rigid process for the access rights to eventually be granted – not least in authenticating that the user has actually died, and that the nominee is still the person originally appointed (rather than someone impersonating them).
This is just one of hundreds of examples that you can be assured we are working through. We are also looking at ways that our users can start to use the service with information that is less sensitive so they can build trust in the platform over time. It is of paramount important that our users have trust in our security and simplicty.
Yes, it is a complex task and it’s not one we take lightly. This is why our two focus areas are security and simplicity which go hand-in-hand. We could make something exceptionally secure but in a very complicated way – but instead, we want to make things really simple to use whilst being incredibly secure behind the scenes. We’re confident we can achieve this and through a perpetual system of vulnerability assessments, penetration testing, employing the most advanced thinkers in cybersecurity and data architecture, we believe we can find the right balance to give our users peace of mind.