Introduction to Basis Theory
On behalf of the organization, I'm excited to talk publicly for the first time about Basis Theory. We'll be pushing more content soon.
The Data Sharing Economy: A Proliferation of APIs, Data & Risk
API calls now represent 83% of all web traffic.¹ It has never been easier to interact with various web systems, and it’s now clear that data is our modern-day currency. While the data being exchanged is well protected when in motion through different security protocols — HTTPS, SFTP, etc. — protecting all data at rest is the next internet-scale problem.
There are projected to be more than 25 billion internet-connected devices² online by the end of the decade. The sheer quantity of data creation is expected to increase to over 180 zettabytes³ (one zettabyte is equal to a trillion gigabytes) in the next 5 years. To put that in context, it was just 2012 when we crossed the 1 zettabyte threshold for the total amount of digital data existing in the world.
The majority of that data today is either sitting in plaintext like XML or CSV on internal servers — which bears risk and liability for your system — or locked away with a third party where it’s inaccessible and not portable, creating inherent vendor lock-in and renders your most valuable data essentially useless.
Basis Theory provides the most flexible platform to protect data at rest with the same ubiquity as data in transit. As was the case with HTTPS, it will likely be financial services (then⁴: online banking, stock trading, and commerce⁴; today, “FinTech”: BaaS, embedded finance and payments) that lead the charge from plaintext to ciphertext.
The Basis Theory Master Plan
We make encryption, tokenization, and delegation of sensitive data as easy as a config file. That means simple, developer-friendly APIs, easy-to-use SDKs, and even a low-code solution for additional flexibility. Our platform can handle any type of data, whether that be a payload consisting of payments or PII data, a document, an image, a drivers license etc. – anything that’s serializable can be tokenized. We also enable you to control the encryption keys where we are entirely blind to the data. Regardless of the path you choose, it’s all extensible and shareable with any third party, now or in the future, through the Basis Theory Token Reactor platform.
This simple and flexible approach makes the platform a viable option for everyday developers and enterprises alike. It ensures sensitive data is being protected at all times while maintaining full usability for both analytical and operational use cases. A single platform for:
- Data Security: Almost every week, there is another data breach from one of our most trusted brands - to the tune of about 16 billion records between 2019-2020⁵ alone and consisting of credit card numbers and other highly sensitive information. A lack of focus on data security can result in tarnished brand reputation AND be incredibly expensive as the average cost for a single breach is $7.7 million⁶ for companies with less than 500 employees.
- Data Privacy: We’re not quite at the point where ‘mom’ is asking about whether her data is encrypted or not, but we are closer than some may think. In the past few weeks alone, there have been several articles written about the lack of security & privacy associated with popular apps - “Your location data is for sale, and it can be used against you”⁷ and “The struggle to make health apps truly private”⁸. Telegram was the most downloaded non-gaming mobile app in January 2021. Customers and partners are going to demand more transparency and control of their data.
- Data Utility: According to Forbes, as much as 97% of data is underutilized⁹ because of the exact problems referenced above - it’s being segregated and siloed to prevent compliance scope creep. Desensitizing the data unlocks the ability to merge, interact and operate on it.
In the coming weeks, we plan on sharing more about how we are executing this strategy and some of the initial use cases. The internet is vast, and we plan to open source a lot of the work we do. However, we will continue to bear the various compliance burdens and look forward to building alongside a global community of enthusiasts.
Sources
- Akamai State of the Internet Security Report: Retailers Most Common Credential Stuffing Attack Victim; Points to Dramatic Rise in API Traffic as Key Trend
- Number of Internet of Things (IoT) connected devices worldwide from 2019 to 2030
- Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2025
- History of HTTPS Usage
- All Data Breaches in 2019 - 2021 - An Alarming Timeline
- IBM Cost of Insider Threats
- A priest's resignation after his phone location data leaked shows the urgent need for data privacy laws
- Telehealth and privacy: Why medical apps struggle to keep user data safe
- Forbes Data Tokenization: Morphing The Most Valuable Good Of Our Time Into A Democratized Asset Data