Skip to content

How do we stay at the cutting edge of data security?

That was the question facing our customer leafplanner, a SaaS provider whose family wealth platform empowers its high-net-worth customers to prepare for the future. Given the highly sensitive nature of the information that the company aggregates, data privacy and security are of the utmost importance.

This month, we hosted a fireside chat with leafplanner founder and CEO Josh Kanter to discuss the unique challenges facing the wealth advisory company — and how ShardSecure offers a solution.

leafplanner’s cybersecurity challenges

At its core, leafplanner offers a way to collect, organize, and map out vital information about assets and liabilities within the ultra-high-net-worth family enterprise. Its application creates a dynamic, regularly updated repository of knowledge about estates, business relationships, family operations, and more.

This knowledge is highly sensitive, as it includes everything from personal documents like passports and driver licenses to details about business arrangements, trusts, and complex assets. Collectively, the information leafplanner gathers can paint a very detailed picture of a family enterprise’s dealings, which makes it a valuable target for cyberattacks. This poses several unique security challenges for the company.

Data privacy is king

As a rule, ultra-high-net-worth families are highly protective of their privacy. Many operate with a focus on anonymity, and most already understand the wide range of cyberthreats their data faces. For years, family enterprises were hesitant to move their sensitive information to cloud-based solutions, preferring to keep sensitive information on-premises in local storage.

Although that hesitation has diminished — thanks in part to the shared responsibility model and to improved security measures taken by the cloud service providers — data privacy and security remain a top concern for all of leafplanner’s clients. In fact, Mr. Kanter notes, the number one question his company gets from every customer is “How are you protecting my data?”

The answer for the SaaS provider could not be the same security measures that every other company was using. Although industry-standard password practices, multi-factor authentication, and encryption technologies were a necessary part of their data security architecture, the company wanted to earn their clients’ trust by going above and beyond.

Easy SaaS integration is key

leafplanner’s vision for the future includes integrations with a suite of other wealth-tech solutions. The company hopes to provide clients with all the tools they need to manage complexity and plan for the future.

With these integrations, though, comes a need for a seamless security solution. leafplanner needed to slot their data privacy and security tools into their existing SaaS application architecture without complex integration or management processes.

Regulatory compliance is increasingly important

leafplanner’s clients work with many professionals at the enterprise level, including registered investment advisors, multi-family offices, accounting firms, legal firms, and more. To promote trust among these enterprise-level entities, the SaaS company is pursuing SOC 2 compliance. This voluntary compliance standard from the AICPA will demonstrate to enterprises that leafplanner is comprehensively protecting its client data.

Although the SOC 2 compliance process is still underway, leafplanner has already passed enterprise-level security audits with the help of ShardSecure’s technology.

Trust is declining

Trust in service providers is on the decline, with ​​data breaches and a lack of transparency around privacy practices causing skepticism across the board. But trust remains wildly important among ultra-high-net-worth clients, and it has been vital for leafplanner to earn that trust.

The answer, Mr. Kanter said, is to provide two things. The first is industry expertise, which leafplanner offers in the form of four decades of wealth advisory experience. Mr. Kanter also has personal experience in organizing his own extremely complex family estate, which included the unexpected death of the family patriarch, annual tax returns for 750 business entities, and 33-year engagement with the IRS.

The second is a strong technical solution that can provide advanced data privacy and security. For that, leafplanner turned to ShardSecure.

ShardSecure’s solution for simplifying data privacy, security, and resilience

Our innovative, agentless approach to file-level protection works to protect sensitive data in on-premises, cloud, and hybrid- and multi-cloud architectures. The ShardSecure platform separates infrastructure providers from data access, rendering confidential materials unintelligible to unauthorized third parties. This approach helps companies address data sovereignty concerns and supports regulatory compliance.

Our technology also introduces strong data resilience. If a storage location is compromised in an outage or attack, the ShardSecure platform is able to reconstruct affected data without the need to restore from backups.

Simple implementation and positive customer responses

According to leafplanner, the ability to talk about ShardSecure’s data protection technology with clients has been invaluable. Being able to offer a data security solution that goes beyond industry-standard tools like MFA and encryption is a major differentiator in their marketing initiatives.

For their part, clients have responded positively to learning about the ShardSecure platform. According to Mr. Kanter, customers appreciate that the SaaS company is thinking about staying at the cutting edge of data protection for their highly sensitive data.

leafplanner also reported a relatively seamless implementation with ShardSecure. Because our agentless technology doesn’t require SaaS providers to do endpoint management or redesign their architecture, it has a minimal impact on operations teams.

For more information about leafplanner’s implementation of ShardSecure, check out the full case study or watch the fireside chat on-demand.


High Net Worth Cyber Risks | PC Cybersecurity

2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy | AICPA 

Born out of Complexity | leafplanner