Empowering Enterprise Data Governance with Bring-Your-Own-Storage

Today we’re empowering our customers with more choices regarding data storage and privacy management. Nametag customers can now choose to store all personally identifiable information (PII) within their own infrastructure, such as AWS S3 buckets and Azure Blob Storage. This in turn enables you to apply fine-grained access controls and policies according to your organization’s requirements. It also means that Nametag can store no PII at all, a paradigm shift in the relationship between enterprise data governance practices and identity verification software.

Nametag Enterprise Data Custody (Bring-Your-Own-Storage)

• Store all personally identifiable information (PII) collected during identity verification (IDV) within your own infrastructure.
• Benefit from Deepfake Defense™ identity verification and account protection while maintaining direct control over employee, contractor and customer PII.
• Ensure alignment between your company’s security needs, regulatory obligations and business policies.

Check out the press release and read on to learn more about why we built Enterprise Data Custody (EDC). If you’re a current Nametag customer and want to implement EDC, read our dev docs or contact your account executive. Not a customer of Nametag? Explore our workforce and consumer account protection solutions or contact us to request more info and a live demo.

Privacy Isn’t a Checkbox. It’s Infrastructure.

Mandatory data breach reporting and widespread awareness of AI data harvesting have combined to raise public awareness of data privacy to an unprecedented level. People and companies are expecting more than generic assurances from software vendors; when 75% of people won’t purchase from organizations they don’t trust with their data, robust privacy must be an architectural baseline, not simply a box to check.

Nametag was built with privacy in mind from the start. We’ve consistently limited the scope and duration of the data we process while implementing industry-leading data privacy and security practices. But some enterprises have strict compliance obligations, specific internal policies, or region-specific requirements which require them to maintain direct control over all PII. Enterprise Data Custody (EDC) was built to fulfill these needs. 

“This innovation reflects our long-standing commitment to privacy-first design and sets a new standard for how identity verification can align with enterprise data governance.” - Aaron Painter, CEO at Nametag

Consumer IDV Standards for PII Governance Don’t Work in Workforce Identity Verification

Enterprise IT and cybersecurity teams are increasingly turning to identity verification (IDV) to counter organized threat groups like Scattered Spider and North Korean IT workers. But most IDV systems are built for consumer-facing IDV use cases like Know Your Customer (KYC) and eKYC. These companies typically offer two options for data governance, each with major drawbacks:

1. Store your customers’ PII with the vendor. This is the simplest option, but forces you to create a complex web of data storage and handling protocols with overlapping privacy policies, unclear data separation, and conflicting access controls.
2. Delete your customers’ PII immediately after verification. This eliminates the storage question, but it also eliminates the user experience benefits of express reverification and increases fraud risk by reducing the vendor’s ability to spot repeat imposters.

Nametag was built from the start for workforce identity verification (IDV applied to internal, employee-facing scenarios). Workforce IDV introduces a different set of expectations, requirements and trade-offs surrounding employee PII. For example, some companies are willing to store customer PII with an IDV vendor, but have zero tolerance for employee data leaving the organization’s control.

Nametag’s Bring-Your-Own-Storage feature gives you the option to store and manage PII yourself, removing the need for Nametag to store any PII at all. This enables your organization to implement Deepfake Defense™ imposter protections, self-service account recovery, and other Nametag solutions without disrupting compliance or policy alignment.

“Enterprise Data Custody is emerging as a baseline requirement for organizations that need greater control over how identity data is managed during identity verification.” - Aaron Painter, CEO at Nametag

Setting a New Paradigm for Data Privacy in Workforce Identity Verification

Adding a Bring-Your-Own-Storage feature to our platform is just another reflection of our belief that identity verification systems should adapt to your organization, not the other way around. Enterprise Data Custody gives our customers unprecedented control over how their employee and customer data is handled, ensuring that every organization can benefit from our workforce-grade identity verification solutions.

Importantly, this is not a replacement for our existing architecture. It’s an expansion of the deployment options available to enterprises who want to benefit from Deepfake Defense™ account protection while ensuring alignment with their organization’s preferences and requirements regarding how PII is handled.

Get started with Enterprise Data Custody 

Enterprise Data Custody (bring-your-own storage) is available today for all Nametag customers. If you’re a current Nametag customer and want to implement EDC, consult our dev docs or contact your account executive to get started. Not using Nametag yet? Explore our workforce account protection solutions and integrations, learn about Deepfake Defense™ identity verification, and then contact us to get a live demo and discuss your IDV needs.