Tentacle: Modernized Information Security Program Management

Matthew Combs,Founder & CEO, TentacleMatthew Combs,Founder & CEO
Time and again, organizations are required to demonstrate their infosec management capabilities by answering various, long security questionnaires. And while this process has been essential, many organizations spend more time tracking down dispersed information and providing repetitive responses to satisfy such administrative procedures rather than directing focus to building and developing their security programs.

Matthew Combs, a serial entrepreneur, faced a similar dilemma in his former company (YourCause, now a Blackbaud, Inc. company). He experienced first-hand just how cumbersome these procedures were and more importantly, how they distracted organizations from building and improving their enterprise security programs. In response, Combs set out to disrupt the existing paradigms of the industry by creating technology that would deliver effective infosec management solutions—Tentacle. The company offers a configurable information security platform that not only helps to develop and centralize all security documentation (including the ones shared with external parties), but also provides critical tools for transforming how infosec programs are developed and communicated, and for configurable and automated end-to-end management of third-party risk assessments for its users.

“We believe the information security space is overdue for transformation. The practices and procedures widely used today hinder effective information security management and therefore, result in insecure organizations. The irony is quite shocking, considering the significance of information security in business. Tentacle offers an opportunity to harness the power of advanced technologies to achieve this transformation and bring about greater efficiencies, more transparency, and more comprehensive information security,” says Combs.

At its core, the Tentacle information security platform is a configurable data management tool that simplifies administrative procedures, giving organizations more time to leverage automated analysis to build resiliency in their security programs. The platform allows organizations to capture, structure, and seamlessly communicate the efficacy of their information security program while also offering expanded visibility into their third-party networks via assessment management on on-going connectivity. It enables organizations to track security posture at the individual ‘project’ level and to seamlessly connect stakeholders (customers, vendors, partners, etc.) that require access to that information. In addition to real-time visibility, Tentacle’s project analysis provides a guiding path based on indexed security frameworks, security pillars, and levels of criticality, allowing enterprises to assess their infosec capabilities while giving insight on developing the most secure program specific to their needs.

“Our platform is extremely dynamic; we continue to enhance and expand our functionality to ensure we are delivering both industry best practices and frameworks, enabling users to stay relevant with everchanging needs, across all industries, no matter the size of the business or the level of maturity of their infosec program” adds Combs.

To date, Tentacle has indexed nine widely accepted security frameworks, including ISO 2700, HIPAA, CIS, and NIST 800-53 and expects continued release of additional frameworks according to the needs of their users.
The platform delivers these industrystandard framework controls—which are continuously updated— into digestible and manageable questions. Users only need to respond to the question once to measure themselves against the criteria most applicable to their industry and/or organization. Based on the responses, organizations receive automated analysis to better understand their overall security posture, to evaluate threat levels and operational risks, and to more comprehensively align to the framework and/or standards that best map to their organization.

The platform also offers the ability for users to upload and link all necessary documentation, including procedures, standards, guidelines, plans, diagrams, and artifacts. Users save time with Tentacle’s automated recommendations for directly linking documentation to applicable responses, for suggested responses based on previously answered controls, and with Time Saver Questions within the extensive library of controls. In addition, any update to the documents—in the consolidated document library—will be reflected within the controls in which the documentation is linked. This enables users to more efficiently allocate resources and to also make better use of consultant collaboration as efforts can be focused on program enhancement versus administrative updates.

Typical Tentacle clients are seeking solutions to combat the continual spreadsheet assessment requests they often feel inundated with from outside vendors, insurance providers, and other key stakeholders. Internal sales teams (for customer pitching), and auditors (to demonstrate information security preparedness) are pulling on the resources of internal security teams to provide infosec program overviews quickly, and often on short notice.

Our platform is extremely dynamic; we continue to enhance and expand our functionality to ensure we are delivering both industry best practices and frameworks, enabling users to stay relevant with ever-changing needs, across all industries, no matter the size of the business or the level of maturity of their infosec program

Committed to accuracy and transparency, but overwhelmed with manual effort and lack of consistency, Blue Mountain approached Tentacle for a self-service and centralized solution to overhaul an outdated and cumbersome process. They have leveraged Tentacle’s information security platform to consolidate and organize formal responses and various documents. Furthermore, Blue Mountain has established Connections with their own external ecosystem, enabling seamless sharing of information with vendors and partners. Tentacle has given them greater visibility over potential risks, security, and vendor applications linked to the company's system. Blue Mountain has been able to do more in less time, exemplifying the value proposition of Tentacle.

Today, over 400 organizations, including mid- and large-scale companies as well as managed service providers, are using Tentacle to modernize their infosec management. Tentacle is enabling clients to more effectively understand industry best practices, to communicate their improved security posture with key stakeholders, and is supporting organizations as they prepare themselves against the growing onslaught of cyber threats.
Share this Article:


Plano, TX

Matthew Combs,Founder & CEO

Tentacle is a SaaS information security platform located in Plano, TX. The company has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture. The core Tentacle product allows enterprises of all sizes to manage critical details related to their internal security posture, track and monitor similar information for their partners and vendors, centralize the storage and management of program-related documentation, increase overall connectivity with key partners, establish multiple internal projects for tracking independent security requirements, and continually benchmark critical activities against today’s top industry frameworks governing the information security space