Most recent publicity on cyber security has focused on preventing attacks by external hackers. While many of these attacks began with an insider, there has been much less discussion about preventing malicious insider exploits. Perhaps that is because untrustworthy insiders are hard to find and block before they strike. The Secure Data Vault (SDV) is an approach to protecting the most sensitive data from malware and insider exploits. Formal verification of the microservices that govern access to the vault will close down almost all malware pathways. The old military N-person rule will close down most insider pathways. This rule allows for a trade-off between security and convenience: the higher the number who have to cooperate to access the vault (N), the greater the security and the less the convenience. When based on this plus nine other construction rules, the SDV will protect sensitive data from malware and malicious insiders.