Instead of forcing developers to learn about managing public and private keys, we give them toolkits so that they can do their standard operations like create, read, update, delete, share, and query data instead of dealing with the complexity of encryption – Isaac Potoczny-Jones.

Here is the lightly edited version of our interview with Tozny CEO and Founder Isaac Potoczny-Jones.

Q: What does Tozny do?
Issac: Tozny is a security and privacy company. We provide software development kits for computer programmers to embed high-end, end-to-end cryptography into their applications for identity management, data storage and security.

Q: How would you define identity management?
Issac: To us identity management is really about authentication – sign in. It’s about access control and permissions. It’s about single sign on so users can log into one application that authorizes them to log into other applications as well. In an enterprise context, this could be an organization’s internal services or services running in the cloud. From a developer perspective, you can embed this into your application so that your end users have a single identity that’s well secure across any of your microservices or your entire architecture.

Q: Is your product targeted at a specific workload or it can be used in any environment? 
Issac: It’s really for any kind of developer or even IT staff. As an IT professional, you could embed this into your infrastructure to log people into Slack, GitHub, etc.  If you are a mobile developer, you can embed it into your mobile apps. If you are a web developer, you can use it leveraging our JavaScript framework. You can use it on the server side as we support quite a bit of different programming languages so that you can, for instance, encrypt on mobile and decrypt on server or encrypt on user a’s mobile device and decrypt on user b’s mobile device. In a nutshell, we have all kinds of different options for different types of developers and use cases.

Q: Identity management is a solved problem, there are so many solutions already out there so what unique value do you bring to the table?
Issac: What we really bring to the table here is the first of its kind end-to-end encrypted storage platform with an Identity Manager basically integrated directly into that. Not only do you get all the encryption features that I mentioned above, you also get a cryptographic key. This cryptographic key might be on your mobile device or it might be inside your browser. You can use the key to encrypt, decrypt, sign and share data that allows a lot more application layer control over user privacy, and over application data than any other identity management platform can provide.

Q: Why did you create the company? What problem did you see in the cryptographic space that you wanted to solve?
Issac: Developers face big challenge in picking up off-the-shelf or open source cryptographic toolkits, because the cryptographic community has not done a great job in providing easy to use toolkits. I have given talks about how the defaults for using encryption in Java are all insecure. You will actually be building vulnerabilities in your application if you just pick those toolkits and follow the documentation, thinking that you are adding a strong layer of cryptography. So what we try to do instead of forcing developers to learn about managing public and private keys, we give them toolkits so that they can do their standard operations like create, read, update, delete, share, and query data instead of dealing with the complexity of encryption. We hide all that behind the toolkit and just provide those higher-level primitives that a programmer is used to. Developers can vet the toolkit, if they want to, it’s all open source on GitHub.

Q: Can you give us a quick overview of the products you offer?
Issac: We have two key components. One is the TozStore, our end to end encrypted storage platform. A developer can embed our SDK into their mobile app, browser or server to encrypt and decrypt data between all these services. That works for structured and unstructured data. Any two parties can share data with each other exchanging cryptographic  keys. The second one is TozID, an identity access management solution with end-to-end encryption.