Chris DeWildt

August 15, 2018 5 min read
August 15, 2018
5 min read

Minimizing Data Security Risks in the Cannabis Industry

Do you want to be part of our private, professional community?
Join Now

In this article, Trellis CEO Pranav Sood discusses the importance of Application Programming Interface (API) to help ensure data security

trellis logo

The following is an article produced by a contributing author. Growers Network does not endorse nor evaluate the claims of our contributors, nor do they influence our editorial process. We thank our contributors for their time and effort so we can continue our exclusive Growers Spotlight service.


This article has been republished with permission from Trellis. The original article may be found here

How’s your data?

Data security is a hot issue these days and security within the Cannabis industry is no exception. With the highly publicized data breaches in recent years, it’s more important than ever to take the protection of client and company data seriously and to implement secure processes that will reduce the damage caused by intrusion, theft, and even complete data loss. While most industries can rely on established regulations and first hand experience to help keep data secure, without an overarching federal regulation, the younger Cannabis industry is more or less left to fend for itself when developing protocols.

Even if we assume that all software providers constantly use data security best practices, can you be assured that your data is not sold to or shared with third parties without your consent? The technological world moves fast and API integrations are more valuable than ever. So how is your service provider using and managing your data? To understand this we must understand the technology.


What Is API?

Application Programming Interface (API) allows two independent software platforms to communicate with each other, acting as a data bridge between two platforms. For this communication to happen, we need to build “API calls” to manage the data. API calls are analogous to traffic laws for sharing data among multiple platforms. “API keys” are issued from each side of the bridge to control exactly who can access it, identifying who you are and what access you have to the bridge and data.

Benefits of API

The Cannabis industry has a multitude of APIs in place already, and as industry solutions continue to roll out, so do collaboration opportunities and with these opportunities, benefits to operators. The examples speak for themselves:

  1. Benchmarking & Analytics: Knowledge is power. We’ve recently learned that by aggregating data from across the industry, providers can offer business data that equip operators with the tools they need to make better decisions. However, we need to remember that the results are only as good as the data we use to achieve them. By integrating APIs, operators are able to send data to third party platforms and receive comparison insights. But again, the quality of the output is directly related to the quality of the input, something that can be a problem.
  2. Supply Chain Automation: Whether focusing on niche aspects of the industry or all of the functions across the value chain, API integration allows for versatility in choosing best solutions for the company and allows data to flow across each tool consistently. Imagine a cultivator has a tool for managing production and another to track and manage orders. By integrating the two systems through an API, data that is applicable to both can be inputted simultaneously, saving time and providing a powerful, more effective experience for the user.
  3. Compliance Data Management: By utilizing APIs, service providers collect the necessary compliance data and send it into the state system and provide licensees another way to manage compliance data. Centralized compliance tools like those provided by Metrc and BiotrackTHC are to collect and manage data from licensees, but they fall short for operators who need a solution that can integrate smoothly into operational flow.


Buyer Beware

Wonderful news, right? Well unfortunately there are some troubling horror stories in the Cannabis industry in which service providers handing over full, identifying data to third parties without client consent. Until Cannabis regulations catch up to those of established industries, the buyer needs to exercise caution. However, operators are not completely powerless and there are proactive, protective steps they can take:

  1. Ask The Tough Questions: Find out what the data security and ownership protocols are for any software provider you are considering. This is especially important in an industry with ambiguous regulation. Additionally, make sure the search includes multiple service providers. See how the data security and ownership protocols compare.
  2. Make Data Security and Ownership a Priority: Too many operators are focused solely on cost or product functionality resulting in a complete disregard of the data. The data may be valuable or it may not be, only you can know that, but be assured that in a highly controlled business such as Cannabis, data security is very important to regulators.
  3. Read Your License Agreement: Since it’s often your only protection against unauthorized use of your data, your software license agreement must contain adequate language regarding use and ownership of the data. Read it, and if the agreement doesn’t reflect your intentions or if it omits the issue completely, hold your service provider responsible to fix it.

As seed-to-sale providers continue to receive third party requests to access client data, the industry must adopt a philosophy that empowers clients by providing the tools to manage their data and determine who gets access. When working with third parties to build API calls and allow communication between bridged platforms, seed-to-sale providers should ultimately provide control to the client when opening the gates and granting third party data access. Data monetization will continue to be a concern as it becomes more valuable, and as the industry grows and changes, it is more important than ever to have transparency and clarity regarding data ownership.


    Want to get in touch with Trellis? They can be contacted via the following methods:
    1. Website:
    2. Phone: (510) 365-7174
    3. Email: [email protected]

Do you want to receive the next Grower’s Spotlight as soon as it’s available? Sign up below!

About the Author

Pranav Sood is the CEO of Trellis, a track & trace software platform for regulated cannabis growers, manufacturers, distributors and dispensaries. Pranav’s previous experience includes management consulting and retail IT for one of the largest global retailers. Pranav is a serial entrepreneur with extensive experience in startups and growing B2B companies. Originally from Toronto, Canada, Pranav now resides in California. Connect with Pranav on LinkedIn.

Enjoyed the article? Want to continue the conversation?
Join Now