November 6, 2023 REST EASY WITH TOPCODER’S STATE-OF-THE-ART SEVEN-LAYERED SECURITY PROGRAM
Security is one of the top concerns for any enterprise today, especially when a company engages other organizations to do work that involves sensitive data or intellectual property (IP). Security and confidentiality have long been a top concern for Topcoder, the world’s most flexible and powerful problem-solving platform, and a leader in offering world-class IT talent for its global customer base.
Almost three decades ago, we pioneered Open Innovation and Open Talent, and we’ve taken privacy and security seriously from the start. Over the years, the tools and methods we use to manage these risks have evolved as new tools emerge and ways of doing business change. Today, Topcoder’s Multi-Layer Privacy and Security program encompasses proprietary Topcoder methodology that protects all customer data and intellectual property and applies to all challenges that touch customer data and IP. Read on to learn about Topcoder’s data protection and security program.
TOPCODER’S SEVEN LAYERS OF SECURITY
#1 AGREEMENTS
Security begins with agreements. Like any other vendor handling your data, Topcoder signs an agreement with customers that sets the rules and constraints for sharing and transferring data, and any processes for disclosing it. The plan for sharing data with our membership is reviewed with stakeholders before it is shared, and for projects that require them, our members digitally sign NDAs as a condition of access to the challenge.
#2 ATOMIZATION
Topcoder breaks down problems into multiple, smaller challenges, rather than running a company’s problem as one big challenge. This simple measure makes it much harder for any participant to identify the customer, because they’re only seeing one small piece of the puzzle.
#3 PSEUDONYMS
Topcoder doesn’t share the names of our customers with the community. Topcoder assigns one or more pseudonyms to customers and scrubs customer names from challenges and supporting material, so participants don’t have access to the customer’s identity. For added privacy, Topcoder can use different pseudonyms on a company’s various challenges, preventing participants from realizing that multiple projects are tied to the same company.
#4 DATA OBFUSCATION & DIFFERENTIAL PRIVACY
Topcoder also ensures that unnecessary data is scrubbed from data sets. Topcoder works with customers to identify which elements of a data set can be scrubbed, and often creates a “statistical twin,” which is a fabricated data set based on the original that protects private information while remaining statistically relevant.
Some datasets require extra attention. Differential Privacy (DP) in its most basic form, involves adding measured noise to a data set, so that it can’t easily be compared to other data sets that could reveal real identities. DP aims to preserve the relevant relationships within the data while preventing it from being linked back to identifying information. Even anonymized data sets can be vulnerable when linked to other sets, so DP is a valuable strategy. Topcoder has led challenges with the National Institute for Standards and Technology (NIST) to develop DP solutions and has worked to incorporate them into our standard practices.
#5 METAPHORS
To keep details of some projects private, Topcoder will transpose the challenge into a different location or industry, keeping the key variable relationships the same. An oil and gas problem, for example, could easily be presented as an agriculture problem and still produce a workable solution. When the community has generated a solution, Topcoder unwinds the metaphor to present accurate data back to the customer.
#6 PRIVATE CROWD
For data that simply can’t be shared with the public, Topcoder curates a hand-picked group of contestants that sign additional privacy agreements, undergo background checks, and are vetted by the customer when desired. Only after this paperwork (and if necessary, location-specific) conditions are met are project details shared. Sometimes it makes sense to run larger aspects of a challenge as an open competition but use a private crowd for smaller pieces that relate to sensitive information.
#7 DIRECT TESTING
Topcoder puts finished code through rigorous testing for viruses as well as malware. Additionally, we employ best practices to prevent security vulnerabilities. This happens through manual testing of code by trusted members of the Topcoder community and also with technology screening. Challenge winners are only paid if their code passes these screenings.
Topcoder’s multi-layer methodology is superior to others in the crowdsourcing field. Customers can be certain that the protection of their data and intellectual property is rock-solid. Privacy and security protections is a dynamic field that requires constant diligence, and we are constantly updating our tools and methodologies to keep customer data and IP safe. Find out more about these measures by downloading our eBook, “Enterprise Data Science and Analytics.”
Editor’s note: This post was originally published in October 2019 and has been updated for comprehensiveness.
Annika Nagy