Expert interview

5 mins with: Patrick De La Garza, VP of engineering, PolicyDock

“Your actual data and deployment and services sit in isolation. There is no record from other clients sitting next to your records.”

 

Patrick De La Garza has always been led by his curiosity. It’s what motivated him to change tracks from electrical engineering to coding and AI, a fortuitous shift that saw him develop an expertise in blockchain analytics and data security.

 

Now the VP of engineering at PolicyDock, Patrick sat down with us to give a lowdown on the speed and safety of the company’s technology.

 

During the course of your professional career, you have taken on some interesting work. What were some memorable ones?  

 

Danny (Policy Dock’s CTO) and I previously worked together at Blockseer. Our team built tools that analysed in real-time what was happening on blockchain networks, and we were able to do things like build influence graphs, even putting together a provisional patent for a process of understanding the flow of tokens and influence through these networks.

 

How do you keep your skills up to date as a developer?

 

Keeping skills up to date is an active process. I try to look for general trends while doing the research and reading actively on what’s coming out next, for example data privacy.

 

Why is PolicyDock capable of data standardization and harmonization in a matter of days?

 

The developers working on this project have years of experience and domain knowledge in the insurance space. 

 

The PolicyDock platform is very effective because we have built a system where we have taken that insurance knowledge and can now just use data and information about how the system should behave. Our system is flexible enough to behave that way. It’s the difference between having to write code every time you’re working on something new and just clicking through some forms. 

 

One strength of PolicyDock’s API is its clear documentation. What types of problems crop up if API documentation is missing or unclear?

 

That’s a big deal especially when you have a development team who is going to work on a project. Lack of documentation is sometimes just a non-starter. At PolicyDock, we have automated documentation generation, so in the same way that we can set up insurance products like cyber security insurance solely using data, we can automatically generate API documentation that is always up-to-date and usable. 

 

The documentation provides a guide on how to integrate with our technology, so if somebody wants to create their own user journey and user experiences, the documentation is really clear.

 

Why does this problem happen if it’s crucial?

 

It can be a lot of work maintaining API documentation. Even the amount of effort that goes into designing the interface that someone communicates with is a ton of effort. 

 

What would you say to someone who is apprehensive about migrating business data to the cloud because of concerns over cloud security?

 

That is a very valid concern to have.

 

We take data privacy and security very seriously. We are currently working on preparing for a SOC2 audit. SOC2 is a standard for  security controls and standards that make sure we are handling data properly. That is an audit that a third party engages in to make sure we are behaving correctly. In addition, we follow the principle of least access. Whenever we launch one of our “microservers”, there are actually a bunch of internal components. Those components have no more access than they need. We try to do that with permissions for our developers as well. We minimise it so that folks only have access to what they need to do to get something deployed. Databases have data encrypted at rest and in transit, and only the minimum access is given.

 

Additionally, Policy Dock can give clients a private stack which means your data and deployment and services sit in isolation. There are no records from other clients sitting next to your records. They are isolated in their networking, they are isolated in their databases, in their software and the services that access your data. We can provide custom deployments and a non-multitenant solution if that is something our clients need, and we’ve done that. 

 

So that’s an extra layer of security?

 

Right, so one of the most common causes of data breaches is the misconfiguration of access controls. This is especially of concern in multi-tenant systems since client records could be stored right next to one another. We don’t mix clients’ data.

 

To find out more about PolicyDock, please contact us here.

 

Related content: