You've followed all of the security compliance guidelines, but the auditor still isn't satisfied. How can I be certain, he asks, that no one -- not even IT -- has tampered with this data?
A startup company thinks it may have the answer. Kinamik, a venture capital-backed venture out of Barcelona, Spain, next week will open the doors on a third-party technology that collects, aggregates, time-stamps, encrypts, and stores audit-sensitive data as it is created or altered.
Kinamik is a spinoff of Scytel, an international company that offers secure services for electronic voting around the world. While Scytel offers the means to collect, encrypt, and store voting information for world governments, Kinamik is using that same technology to build systems and services for the commercial environment, according to Christophe Primault, managing director for the startup.
"What we're doing is providing audit trails that protect the data from any unauthorized manipulation, including administrative abuses," says Primault. "Companies are doing everything they can, but there is always at least one person who has access to the data and could change it. At the end of the day, there is no way you can legally prove that a piece of data has not been tampered with. But without technology, you can get that proof."
Through a series of APIs, Kinamik interfaces directly with security-sensitive data systems and collects it as it is created, Primault explains. Kinamik's patent-pending technology then aggregates the data, normalizes it, and certifies it with a time stamp and a digital signature. The system then stores the data on an independent, third-party server, encrypting each entry with a private key.