As Director of Compliance and Security services at Layered Tech since 2008, I have seen our Compliant Services business grow significantly during that time. With that growth, there has been a noticeable phenomenon related to our startup clients who have reached an attractiveness level high enough to become acquisition targets.
We are in a unique position to see this happen from start to finish. It is a behind-the-scenes supporting role where our economy of scale and simplified audit-service goals lend upward momentum. I have seen this happen several times, including with Layered Tech itself. It is a topic that deserves some background, so let me lay out an example of what I mean.
Removing Compliance Hurdles for Startups
A small payment services company, one with perhaps only three or four leaders, will seek to execute a business idea. They’ll engage some smart software developers to help them create the platform, something that is very different from current payment services or adds to the platform with features such as fast fraud detection. A better “wheel” if you like.
At some point in this process, the leadership figures out that they cannot grow without adhering to the standards required to secure payment data, which are spelled out in the Payment Card Industry Data Security Standards (PCI DSS). As these startups go after larger sales targets, they find that the data security demands surpass their ability to support these targets with the current staff and budget, so they start looking for viable alternatives. That’s when they find Layered Tech and learn about our offerings, which typically leads to an engagement with us.
Layered Tech gets them set up in our secure data centers with compliant hosting services, which makes the environment PCI compliant very quickly. Right away they can engage a QSA to get assessed for compliance, helping them accelerate their launch date.
Owning Data Security so Innovators can Innovate
Data security is paramount for tech startups, but bringing a security expert on board can break the bank. Most data security people I know have had a career’s worth of experience even before they became good data security workers. Data security focus is a specialization. Most data security professionals start as administrators, web developers, network engineers, or system programmers. The specialization comes at a premium that most small companies struggle to justify.
Data security tools are similarly expensive, but for a different reason. The amount of data involved in securing systems can be staggering. Monitoring file changes alone can create huge amounts of information. Add in network traffic analysis, and system logs from just a few busy systems, and you have an unmanageable deluge. The specialization of security tools is not in the data gathering; it’s in how it allows one to parse and tease out critical bits of information. And the tool creators who have gotten this right understand the value of what they have developed, and can charge a premium for it. This is another area of investment that small businesses have trouble justifying. Yet growth in the compliant data space requires it.
Layered Tech allows small businesses to purchase right-size solutions that come with these expensive people and technology assets in place. Not only are the tools part of the program, but so are the people who manage the events. And when the dreaded audit time arrives, Layered Tech is there to help with that too.
What Does All This Mean for a Startup?
By partnering with Layered Tech for compliant hosting and data security, startups are able to concentrate on innovating in very lucrative secure-data markets. And when they do a good job of it, they become acquisition targets. I’ve seen it in action. Several long-term Layered Tech clients have started small, then grown to be acquired by mega-companies. Interestingly, the secure systems tend to remain with Layered Tech Compliant Services after the acquisition, an accomplishment since the infrastructure reviews by the acquiring organizations can be intense. If a vendor is not doing things correctly, they will find out and pull their data very quickly.
Layered Tech did not purposely set out to be an innovation enabler, or to provide startups with growth platforms, but I’m glad it has been a side effect of our capabilities. It is a unique experience to watch fledgling companies provide innovation in the health care, payment, banking, and government-data markets knowing that behind the scenes, Layered Tech is enabling their success.
About the Author: As Director of Compliance and Security services, Ed Welsh maintains and guides a dedicated team in the delivery of Layered Tech’s compliance and audit services. Ed’s 16 years in IT security includes network and web application security experience from positions in the Financial Industry, HRBlock, Fishnet Security, and independent contracting. He holds a CISSP certification and has been successfully implementing PCI compliant hosting solutions for the last 5 years.