Your healthcare startup has just secured its second or third round of funding as you prepare to move your apps out of beta testing and into the marketplace. It’s a heady time; your team is filled with anticipation over the impact your solutions could potentially have on the lives of millions. That is, if you last long enough to overcome all the pitfalls and obstacles that startups are subject to. You need to keep one eye on your burn rate and make sure that you’re prioritizing every dollar spent.
As Director of Compliance and Security services at Layered Tech since 2008, I have seen our Compliant Services business grow significantly during that time. With that growth, there has been a noticeable phenomenon related to our startup clients who have reached an attractiveness level high enough to become acquisition targets.
We are in a unique position to see this happen from start to finish. It is a behind-the-scenes supporting role where our economy of scale and simplified audit-service goals lend upward momentum. I have seen this happen several times, including with Layered Tech itself. It is a topic that deserves some background, so let me lay out an example of what I mean.
It can be difficult to prove whether a cloud or managed hosting provider is certified HIPAA compliant because today no formal process or status exists to verify that claim. The HIPAA Security Rule allows the use of any security measures that reasonably and appropriately implement its standards and implementation specifications. For health care innovators, this wiggle room can cause some uncertainty about whether their IT infrastructure is compliant and secure, or in danger of a costly HIPAA violation.
The PCI DSS (Payment Card Industry Data Security Standard) is in a release cycle this year, meaning version 3.0 will be released shortly. At this year’s recent Community Meeting of the PCI Security Standards Council, much discussion centered on the new version of the standard, which is why both me and our Chief Risk Officer, Jeff Reich, attended.
I have seen a shift in responsibility for overseeing and managing applications. Application monitoring and management is increasingly moving from application architects and developers and into IT operations. Our clients’ IT management folks are expected to be responsible for ensuring application health and performance and therefore are increasingly relying upon Layered Tech to provide management information and dashboard.
Christian Szell: Is it safe? Is it safe?
Babe: You’re talking to me?
You’ve made the decision to move to the cloud, but as with anything, all products aren’t created equal. And like with any complex decision, you need a roadmap.
But let’s start with something important – you need to start to Think Vertical. Many organizations have the responsibility for the compute, storage, data center and network split across manager. Of course, when you only have a few servers in a closet and you’re running a local area network to connect your PCs, it might have been OK. But today it doesn’t make sense. The optimal decisions are totally connected. Let’s say you acquire a new business in Japan. Should you get a high-speed network back to your servers in California? Should you buy a data center cloud service in Japan and put your own servers in there? Or should you connect to a compute & storage cloud service in Singapore?
The next time your IT staff comes to you with a server or storage purchase order and says, “And the price is $1 million,” put on your Jack Nicholson mask, do your best “A Few Good Men” impersonation,” and growl, “Is that the truth? I don’t think so because, you can’t handle the truth.”
The truth is the cost of that hardware is not $1 million. Oh, sure, it’s the one time purchase price, but just like application software, that’s just the beginning of the cost.
Ten years ago, Nicholas Carr wrote a paper entitled “IT Doesn’t Matter” published in the Harvard Business Review. He might not have realized the far-reaching effects but in many IT shops, and with many senior executives, it signaled a shift from focusing on compute, storage, data centers and networks to applications. This also coincided with the rise of enterprise applications and, as a result, CIOs spend a lot of time discussing packaged applications, integration, and implementations, resulting in the treatment of the fundamental engine of their business as a commodity. But in most companies, packaged applications represent less than 20% of the overall footprint.