The Sienna Group: Redefining Security, Inside Out

John Ford, Founder & Principal

The idea of securing data itself, as opposed to protecting its perimeter alone, is one that is fast approaching wider consensus. Analogizing this with a castle surrounded by a moat, John Ford, the Founder and Principal of Sienna Group says that when the castle gets breached, everything inside it is likely to get breached. When it comes to cyberattack, it is most often the case of someone gaining control of a privileged, or user-account to access confidential data. The primary means behind those protection mechanisms were traditional access control gates, which would put the data at risk should they break down. This is where Sienna differentiates itself; instead of the perimeter, they focus on the data itself where they ensure that the data has an attribute and protection profile, which cannot be accessed by simply bypassing the access controls, making the security infrastructure more robust. To do this however, an organization must be able to identify and classify their data in alignment with requirements and controls.

A current example is the December 31, 2017 deadline for Federal Contractors to protect Controlled Unclassified Information (CUI), as required by the controls in NIST SP 800- 171. CUI is a culmination of various non-classified categories of data used by Departments and Agencies. This regulation places an onus on Federal Contractors to properly protect that information. Sienna Group is able to identify, classify and protect the information in accordance with NIST SP 800-171 controls. “We know where the data is at all times and protect it based upon the sensitivity of the data and not simply the rights of the user”. This ensures that if the data goes to the cloud, Sienna can visualize it and look at its behavior to understand where it’s at risk. This enables Sienna clients to better comply with the requirement to protect the information, because they have complete visibility and evidence of usage, which is something most organizations seriously lack.

One of the key differentiators of Sienna Group is that they offer a managed service for data protection.

While organizations can buy solutions for data loss prevention and data classification, very few really have the talent or time resource to devote to managing them on a full-time basis. “We offer a managed service around data protection that not only includes training, analysis and behavior-gauging but also monitoring for violations of sensitive information,” adds Ford. Additionally, we can dynamically classify and visualize information using keywords and hash algorithms that protects the data as it is created. It is a very effective feedback system for clients to understand the behavior of the data, which allows them to better protect the information going forward.

We offer a full-suite of managed services around data protection that provides visibility to the behavior of sensitive data, arming our customers with the right information at the right time to make informed decisions on how to protect their vital assets

With a strong belief in protecting what matters most and staying focused on the data, Sienna also has an offering focused on trade secret asset management. This product leverages blockchain technology to track creation and subsequent changes made to trade secrets allowing us to continuously identify the value of the information to the company, protect it, and deliver evidence of any misappropriation in a legally defensible way. When combined with how they protect similar data elements, this offering is a compelling solution with regards to how companies are able to protect their assets.

20 Most Promising Compliance Technology Solution Providers - 2017

Company
The Sienna Group

Headquarters
Tampa, FL

Management
John Ford, Founder & Principal

Description
Specializes in providing data-centric security solutions to healthcare, financial, government, retail and technology sectors