The first rule about being a doctor, is that you’re gonna have to touch some dead bodies. Most breaches are caused by human error, so ask yourself - how can you limit the human while still providing a service?
Data stewardship is a very critical question, who the is steering the ship (outside of Gitcoin) now. Outside of education, the best way to keep users data safe is implementing a source based solution, where the transaction network plausibly would be separated from any PII or data that could assume a level decent criticality of risk. Think about a bilateral service call, ie ack or etb that would set the parameters for the transactions on a multiplexed protocol i.e node peer status on one, however transactions on another
First step is to acknowledge that its a asymmetric game, P2P will be dependent on some type of connection protocol whether its based in TCIP/FIPS/TLS/or other state-full/stateless connections there is always a risk of packet forensics, and data capture. Using UEM, ifconfig, sep, any derrivative from the pcap library you can build a forensic profile on the source to source, or per to per relationship of of anyone supporting a future distributed node.
Also, you’re going to have to accept the same responsibility any enterprise IT organization does, you’re gonna have admin that will know all data but he’ll be able to capture critical data in a KV store and use hashi/vault protect the data, and able to provide automated re-cription if bad node is recognized by the peer, hashi/vault
Normally when large orgs are gong for PCI, SOX, HIPPA, HITRust Compliances a game of streaming the data to the coldest S3 bucket and checking a box. Decentralizing doesn’t assume the same WAN/LAN dynamics that most organizations are health with — meaning there can be a a replicated, hidden data repository on the host node. This would be similar to a netboot, where part of the disk is formatted in an away that unacceable to the core node it bloomed. i.e move and alias the file.
Implement staff IAM/Least Privledge User and internal integrity checks.
long story short
1.identify and tag each type of data associated with a peer, and transaction state (create internal self generated handshake token to pass coin to wallet account in segregated volume)
2. Create local and global controls 1. use non traditional id signing or external keygen site thats Gitcoin managed 2. create separation layers between the data link and network transport that omits, or encrypts PII with tools like hashi vault etc, this might be done through some of the allied projects regarding identity ownership.
I think that we’ve all realized that data is the one thing that is only becoming more abundant, but as a network operator that can provide services and public goods, ask yourself - do you worry about data stewardship when using cash? `I think that would be the ideal to strive for
Dont collect data than you need. Dont provide any data that would hurt you, set up robust automation if the shit hits the fan.