TL;DR
- Security certifications aren’t enough to stop breaches.
- The most effective way to secure customer data is to reduce your attack surface.
- Self-hosting tools can significantly reduce your risk of a breach.
When I got an email from my bank saying “nothing to worry about,” my gut told me otherwise.
The message referenced a data breach at Evolve Bank & Trust—one of the infrastructure providers behind fintech platforms like Mercury, Affirm, and Wise. The attackers reportedly accessed 33 terabytes of data—a staggering amount, possibly encompassing most of Evolve’s Azure Cloud storage.
What’s unsettling is that Evolve wasn’t negligent by traditional standards. They held all the right security certifications: SOC 2 Type II, HIPAA, HITRUST CSF, PCI DSS. And yet, their defenses were breached.
We don’t yet know exactly how—but this much is clear:
Compliance alone doesn’t keep customer data safe.
What Does Keep Data Safe? A Smaller Attack Surface.
Security professionals often talk about “attack surface”—the number of ways a system can be accessed or exploited. The more entry points, the greater the risk.
In fintech, where trust and regulation are paramount, minimizing your attack surface is non-negotiable.
In 2022, the financial sector suffered 566 data breaches, exposing over 254 million records.
SaaS tools that run in the public cloud often expand your attack surface—regardless of their certifications. This is especially dangerous in highly regulated industries like banking, healthcare, and insurance.
Why Self-Hosting Is the Best Way to Reduce Risk
The safest data is the data that’s never exposed to the internet. When you self-host, you keep tools and infrastructure inside your private network or behind your firewall, significantly reducing risk.
Self-hosting doesn’t have to slow you down. Most modern platforms, including GrowthBook, offer full-featured self-hostable versions of their services. You get the innovation you need without opening new doors for attackers.
GrowthBook provides:
- Self-hosted feature flagging with complete control over deployment
- Secure A/B testing powered by your own data warehouse
- Open-source transparency with auditable code and customizable infrastructure
The Bottom Line
If you work in fintech, healthtech, or any industry handling sensitive data, it’s time to move beyond compliance checkboxes.
Self-hosting your experimentation stack is one of the most effective ways to keep your customers safe while still shipping fast.
Learn more about GrowthBook’s self-hosted solutions for secure A/B testing and feature flagging.
Learn more about how GrowthBook supports self-hosting for enterprise-grade security.