Privacy-First Re-Architecture

The tech industry grew organically the last few decades. We built new innovations on top of old. We evolved systems and technologies to meet new challenges. Decisions of the past became assumptions of today.

But what if we pause to check those assumptions? What if we disentangle the systems and re-architect them with new priorities, such as privacy-first and user-centricity? We’ll explore what that could look like: an alternative architecture and ecosystem, where industry-wide decentralized data ownership is the prime directive. We’ll then dig deeper to see what you can do today with emerging technologies that align with privacy-first design.

Presentation references:

What's the focus of your work these days?

I'm a Principal at Thoughtworks where I support companies through their digital transformations. For example, I provide architecture and agile expertise. As Domain Driven Design says: ‘tackling complexity in the heart of software’. So supporting organizations with what they need to lead in their industries, with technology as a core driver.

What's the motivation behind your talk?

It arose from personal frustrations of being a user of technology today. For instance, it’s been a pain to synchronize my calendars across different calendar applications. I have separate calendars for each client organization, for each community group, plus my own personal calendar. As users today, our data is broken and silo-ed within proprietary applications. Not to mention the plethora of data breaches and application outages that we all continue to face, out of our own control.

So I am inspired to share the tools and emerging technologies we have to rearchitect our industry, knowing there are alternatives to centralized servers and organizational silos. In the past, I led the design and implementation of peer to peer technologies where my team overcame technical hurdles and found viable and feasible solutions to these challenges.

In addition to the issues we face as users, there are emerging global privacy and data management laws. Whether in California, EU, Brazil or elsewhere, these laws will require us to rethink how we scale and implement our data and applications. A vision for a future privacy-first architecture emerges when we place users at the center of our technology designs.

How would you describe the persona and level of the target audience for your session?

The talk is targeted for senior engineers and technical leaders, especially if they are seeking ways to move the industry forward to address privacy and data ownership concerns. Collectively, we can collaborate, unlearn, check our assumptions, and move beyond the status quo.

What would you like folks to walk away with after seeing your presentation?

I would love for people to be reminded that there is an alternative path to our Internet and technology architecture. I would love for them to view today's problems, whether privacy or resiliency or just the plethora of password management issues, from a different perspective. Data ownership can be flipped. We can learn from peer to peer designs from the past, but also from emerging distributed technologies that are coming forth. They will leave the talk with practical forward steps they can take even today in their organizations.


Nimisha Asthagiri

Principal Consultant @Thoughtworks

Nimisha Asthagiri is a Principal Consultant at Thoughtworks, a global technology consultancy that integrates strategy, design and engineering to transform enterprises to modern digital businesses. Prior, she was Chief Architect and Senior Director of Engineering at edX, driving intentional architecture for the next generation of large-scale online learning. She is a long-term technologist who values innovations that result from the amplification of diverse voices and the synergism of collective strength. Her past accomplishments include leading the security of a peer-to-peer group communications platform at Groove Networks.

Read more


Monday Dec 5 / 12:30PM PST ( 50 minutes )


Security Architecture Decentralized Data Privacy-First Design


From the same track

Session Security

A Big Dashboard of Problems

Monday Dec 5 / 09:00AM PST

We have all heard "an ounce of prevention is worth a pound of cure" in medicine, but the security industry isn't so sure. This talk explores the forefront of simple and effective preventative strategies.

Speaker image - Travis McPeak

Travis McPeak

Founder and CEO @ResourcelyInc

Session Security

Scaling Defenses Amidst Evolving Threat Landscape

Monday Dec 5 / 10:10AM PST

Security services that defend against malicious or fraudulent traffic operate in an unpredictable and constantly evolving threat landscape. The dynamic nature of attack traffic means that as attacks evolve, our defenses must evolve too.

Speaker image - Aditi Gupta

Aditi Gupta

Staff Security Software Engineer @Netflix

Session Security

Vulnerability Inbox Zero

Monday Dec 5 / 11:20AM PST

You have a vulnerability problem. You run a scanner. Now you have two problems - vulnerabilities and a mess of scanner results to process.

Speaker image - Alex Smolen

Alex Smolen

Director of Security @LaunchDarkly