Building an Airtight Security Funnel Step-by-Step

Digital security and authentication are both rapidly developing fields and offer developers many options to secure their applications and networks. However, with abundant approaches available, it can be difficult for newcomers and veterans alike to sift through all the options.

At SharePass, we’ve spent much effort developing dedicated solutions for confidential data sharing. Consequently, digital security, integrity, and accessibility are at the heart of who we are. In this article, we’ll walk through SharePass’s patent-pending security funnel, providing a step-by-step guide to building out your security pipeline when using SharePass.

The Security Funnel

The first thing to remember is that not all data is created equal. With SharePass, businesses and individuals can sort their data into tailored segments based on the degree of sensitivity and privacy required. Once earmarked, the data is automatically converted into an encrypted link guarded by a customizable series of privacy and access controls. Clicking the link decrypts the data, but only once 8 checks are successfully verified.

Step 1: Validity

When a user clicks on an encrypted link (to decrypt it), first, SharePass’s algorithm determines whether the ID is valid. An invalid ID, which SharePass has not issued, may result from an innocent mistake or a malicious actor attempting a brute force attack.

Step 2: Existence

Even if an ID is valid, it still may not exist in the SharePass database. That situation can happen because the user deleted the data, their account has been deactivated, or the link has expired. However, if the ID is valid and existent, the user passes to the next stage.

Step 3: Visibility

Visibility is the first user-controlled step of the funnel. SharePass users are given the option to limit data access to pre-approved IP addresses. If an IP is not on the list, it’ll immediately be filtered out.

Step 4: Availability

Even users with approved IP addresses can face several vertical and horizontal limitations. For example, the link can be set to only become active during a limited time window (a horizontal control) or can be set to expire after being clicked a certain number of times (a vertical control).

The Visibility and Availability checks work in tandem to provide users with maximum filtering capabilities. Data is made accessible on a need-to-know basis and is otherwise blocked by default. The availability and visibility stages conform with Zero-Trust principles and help mitigate most social engineering attacks and dark web threats.

Step 5: Accessibility

If the data owner wishes to lock all access to a particular data set, the SharePass portal allows users to do so at any time. Once locked, anyone who has made it this far down the funnel stops short.

Step 6: Authorization

Final user-controlled stopgate. Authorization checks for any preset PINs, MFA codes, or YubiKeys. In addition, SharePass is developing a new security protocol called Mutual Human Authentication, which expands traditional MFA to include human controls delegated to a trusted third party.

Step 7: Decryption

If all the above safeguards check out, the encrypted data is retrieved from the database and sent to the requester’s web client for decryption. It is essential to only decrypt the data on the local device while maintaining a fully encrypted database.

Step 8: Plain Text

At this point, the secret is communicated back to the data owner and logged by the portal.

With all the available security decisions, the target is not always to shoot for maximum coverage but instead adopt flexibility and durability. While it’s impossible to cover every use case in advance, a genuinely proactive security funnel provides users with a robust set of tools so that they retain control over their data at every step of the way.

Don’t risk it, SharePass it!

To learn more about SharePass or sign up for a free trial, visit https://sharepass.online/