Siftsort is making significant breakthroughs, in the area of highly secure organization of and access to sensitive financial and other personal documents.
We spoke with CEO Darren Conte, who told us that the company has recently renewed a multi-year agreement with a major financial firm; the agreement continues the availability of Siftsort’s highly secure information vault to about 900,000 clients of this financial behemoth.
While Conte told us the agreement was confidential, some poking around among financial sources (and on the web) identified it as the Merrill Lynch division of Bank of America (BofA). BofA, the parent company, is the second largest banking institution in the U.S., which has about 54 million accounts. Merrill offers the system to clients of its private wealth management area as a private label offering under the name, My Documents Vault.
Siftsort provides a PaaS (platform as a service) to financial institutions and practitioners that allows their clients to securely store documents, e.g., brokerage and bank statements, wills, trusts and others, in a secure vault. As Conte explains, “Our financial institution clients are driven by security, compliance and legal considerations. They have to own the outer perimeter firewall.”
In the current application, involving the private wealth management area, the client financial advisers (FAs) can make the personal vault available to clients. Regarding the current application, Conte states, “We are working with a number of financial institutions and our model is that we sit inside of their firewall.” The clients’ data, however, is not accessible to programmers or software engineers on the financial company’s staff.
A client accessing the system must go through the financial institution’s system. Thus Siftsort leverages the bank’s various rules for single sign-on, authentication and the like. Siftsort is working on an extension of the application that would allow a financial institution to permit trusted third parties of an individual client to sign on to the system. However, these parties would have to go through the bank’s system. The individual client cannot give an outside party access to their individual vault without the bank authorizing and controlling it.
The company has applied for a patent relating to “techniques for securely organizing, sharing, accessing and storing valuable information related to a family or individual in conjunction with a computer-based platform.” It is clear that Siftsort wishes to distinguish its offering from other widely used document storage offerings that are not optimized for handling sensitive personal data.
The company has fanatical devotion to the need to provide maximum security for users’ data. Conte explains that Siftsort maintains data centers in multiple states in different time zones and that all of the hardware is dedicated, so that only the specific company’s traffic is going over links devoted to that company’s application. He states, “There is no shared infrastructure.”
They point out that they do not have access to any information the end user stores in their vault. Siftsort can only access that user’s contact information. The professional, e.g., the FA, can view content that the user agrees to share, however, they cannot download client documents or access Siftsort’s facility.
They list an array of steps they’ve taken for security purposes – advice from Federal Reserve and CIA as well as the banking and academia experts; compliance with standards of: the DHS (Department of Homeland Security) and FFEIC (Federal Financial Institutions Examination Council – the interagency body that includes five banking regulatory arms) as well as American Institute of CPAs (SSAE-16) banking authorities for AES (advanced encryption standard) and handling of PCI (payment card industry) data. In addition, there are regular tests, including authorized hacking, of its system.
Among the banking and brokerage segment of the market, Siftsort is looking to expand in two directions – 1) to accommodate the massive amount of retail financial clients and 2) to gain acceptance in the area of trust companies highest end net worth clients. It is adding features, including secure chatting.
Siftsort charges enterprise clients based on a tiered rate structure with a number of metrics, including: number of users, amount of storage, simultaneous number of connections and amount of bandwidth, with thresholds for downloads and uploads. Conte points out that almost all of the user data is lightweight files, typically Word, PDF or Excel, rarely using more than 100 MBs of storage.
Conte, however, told us that he has reservations about two terms that are dear to our hearts, namely “cloud” and “mobile.” Regarding cloud, he states that financial institutions are wary of the term, which seems to be associated with public clouds, which do not provide the necessary levels of security. Siftsort might be regarded as a private cloud offering, although the company shies away from that description.
Conte describes mobile as “an important platform, but one that has to be controlled and dealt with carefully.” He describes their mobile app as “slick.” The mobile app comes with warnings to the user about preserving security. Their major financial client will roll out a mobile app on its platform.
Conte and co-founder Siva Misra both have highly impressive backgrounds in the data management and security field. Notable was Conte’s leading role in crisis management at Goldman Sachs after 9/11. Misra also had extensive experience at both Goldman Sachs and Wachovia Bank.
Health is another obvious area of high value personal documents that the Siftsort system is well suited to accommodate. Siftsort has made sorties into the healthcare field with limited success.
Conte cited an issue that we’ve written about in mobilecloudera before – the dominant role of big EHR (electronic health record) providers, such as Epic and Cerner who have created basically closed systems that have been adopted by many major hospitals and other healthcare providers. Conte mentioned an encounter with one such provider who asserted, “We own the data” and refused to allow it to be released to Siftsort.
Why are major financial firms more receptive to new products like Siftsort? Conte points out that the finance industry has been proactive in supporting open standards. In addition, banks are under stringent rules requiring record maintenance. By contrast, the large healthcare providers have turned into a series of closed information ecosystems. Hospitals, for example, may have negative incentives regarding making users’ access to their own personal information more open, despite the repeated rhetoric in the industry about serving the interests of patients and their families in this regard.
Siftsort also offers a consumer service, both in a free version and a premium account for $9.99 per month. The paid account includes a dedicated fax number and 10 user accounts. The consumer offer has been well-reviewed as “extremely user friendly” (by ilikeitfrantic.net, 3/13). However, Conte states, “We are still honing the consumer platform – we understand enterprise, because that’s our background.”
Visit their website: www.siftsort.com