London Salesforce Developers: Blockchain FAQs for the Trailblazer community
The local London Salesforce community is strong. The sense of being part of something big and exciting – sort of like an extended family – reverberates throughout the city and surrounding areas in the form of community-led events, meetups, happy hours, slack channels and more.
October 2019 was a busy month for Gospel Technology. We had the opportunity to sponsor two Salesforce events: one was a Demo Jam hosted by the London ISV meetup group, and the other was a Trailblazer community meetup for the London Salesforce Developers group, hosted at Gospel HQ. These events resulted in our first ever public demonstrations of our AppExchange connector and the opportunity for Gospel to show the workings of our secure distributed database built on blockchain, designed specifically for secure data sharing in the cloud.
We demonstrated how to surface live data out of the Gospel Data Platform into partner Salesforce environments, showed some source code, explained that Gospel allows you to move from a contractual trust model to one enforced by technology, and wrapped up with a very engaging and informed Q&A session.
The more events we do, the more we’re starting to see trends in the questions people ask us, so in order to keep the conversation going we’ve answered a couple of FAQs below:
What are the key differentiators between Gospel and Salesforce Blockchain?
The short answer is they address different needs. A common misconception is that blockchains are a solution in their own right. Actually, they’re more akin to an enabling technology such as encryption; you get certain benefits, but the way it is applied to the surrounding technology is how you actually build a solution that fixes a business problem. You may use several solutions that implement the technology in different ways from different vendors.
Gospel is all about integrations with 3rd party systems, sharing sensitive data in a secure way into other environments, and making sure that the right people see the right data at the right time. Gospel allows multiple parties to work on a single up-to-date version of the data that the data owner sees themselves.
Data ingested into Gospel sits outside Salesforce and can surface live views of said data into your own or your partner organisations’ Salesforce dashboards. All whilst employing end-to-end encryption with a full immutable audit trail and showing all attempted access and changes. Data in Gospel is always under the control of the organisation that owns it – including who can access what data, down to the field level. This can be securely surfaced inside Salesforce using the Gospel Data Connector, or to users who don’t have Salesforce via dedicated web apps. Or the data can even be pushed directly into target applications as it is updated, thus meeting GDPR requirements for adding security and audibility around access to the data.
Gospel allows data that wouldn’t otherwise be visible in the Salesforce corporate dashboard to be managed and collaborated on from within the Salesforce ecosphere alongside an organisation’s own Salesforce data.
Lastly, Gospel can monitor changes to its own data and send email alerts or run code on 3rd party systems, meaning that Gospel can seamlessly integrate Salesforce into other new workflows.
How does Gospel support GDPR compliance and the right to be forgotten?
A by-product of Gospel’s secure data architecture is the platform’s ability to support organisations’ compliance with critical data protection regulations, such as GDPR. Gospel’s key compliance features include:
- Full and immutable audit trails – Gospel provides tamper-proof audit trails from data inception through the end of its lifecycle, concluding full access, change and attempt history. Gospel’s audit trails can span across multiple network participants which provides accountability over how each party is accessing any given record.
- Right to erasure, aka right to be forgotten (RTBF) – Gospel’s Keystore ensures data is only ever accessed for the right reason and with permission from the data owner themselves. Gospel provides the tools to support the RTBF, such as an end of life process. For example, a former employee of an organisation may wish to be “forgotten” and as a data processor, you have to provide evidence that their data is no longer accessible. With Gospel, every piece of data with field encryption has a key associated with it. That means if you need to provide evidence that data can no longer be accessed, an end of life process can be implemented by providing the key to the employee themselves, deleting that key, or if the law requires, putting it in ESCROW
- Dynamic access controls and logical data views – Gospel provides contextual user controls to ensure a record is being accessed in the right context. For example, somebody may wish to expose to a 3rd party that they are over 18, Yes or No, rather than their full DOB. This data never leaves the Gospel layer and is only temporarily exposed. Data access can also be revoked after a record has been read, changed or used.
Gospel seems very secure – how would a regulator or law enforcement agent gain access to data in Gospel if it was being used for some nefarious activity?
Gospel was built from the ground up as a data security-centric platform, not as a database that needed 10 layers of security to make it deployable. Every piece of data within Gospel is fully encrypted end-to-end both in transit and at rest, down to the individual field level using industry-standard symmetric key cryptography (AES) and public-key cryptography (Elliptic Curve). The whole ethos is to acquire and secure the data first, then figure out what you’re going to do with it/how your application works. There’s no retrofitting security here!
To address the question more directly, there is no backdoor. For anyone.
In this way, Gospel is no different to any other enterprise platform that uses encryption. If law enforcement or regulators require access to the data inside, they can’t come to Gospel and expect us to be able to access it. The only way of accessing the data is via the user interface, which requires a user to be properly authenticated and setup on the system with appropriate permissions. At that point the consensus mechanism will determine if they are allowed to access the data they are requesting – and remember, everyone is in control of their own data in the platform and decides who has access to do what with it.
In reality, this means the data owner needs to be legally obliged to provide access to their data, as well as access to their view of 3rd party data that has been shared with them.
Officially joining the Salesforce ecosystem as an ISV Partner is a huge step forward for Gospel Technology. Developers, engineers and architects (or anyone really!) can now go to Google Cloud, sign up a new account, get $300 free credits and provision their own distributed database in around 15-20 minutes. They can then go to Salesforce AppExchange and get their hands on the Gospel Data Connector to start building their own applications to securely share sensitive data. We’ll provide training if you want it, sample code, swag… whatever you need to be able to prove out your own use cases quickly and easily at no cost to you or your dev team.
Gospel is a paradigm shift in the way that sensitive data is shared and collaborated on. We enable organisations to move from contractual trust in their transactions that could be maliciously or accidentally abused, to a solution underpinned and enforced by technology.