July 11, 2014 - By Benjamin Peabody
Grant Elliott’s compliance and risk management company, Ostendio, can be called a small business created for small businesses—but don’t let that belittle its success. Last month, the company announced a number of new partnerships with IT Services and Information Security companies such as Denver-based ILLUMEN, Oregon-based Apgar & Associates, Indiana-based Pondurance, and Texas-based data hosting provider OnRamp. All of these companies, as well as others, previously signed up to distribute Ostendio’s compliance management solution, MyVCM, to an audience of hospitals, clinics, healthcare technology companies and retail businesses processing high volumes of credit-card information.
As storing sensitive data in the cloud becomes more prevalent, Ostendio provides a solution that enables businesses to effectively manage their risk in this highly regulated and data driven economy. More importantly the Ostendio platform is affordable. Elliott’s company eases small to medium businesses’ fear that it is harder for them to navigate the regulations that big businesses can so easily tackle. Elliott, the company’s CEO, shared Ostendio’s story with 1776.
Can we hear your elevator pitch for Ostendio?
Ostendio provides compliance management and risk management services and support for any small- and medium-sized business. The concept is that these businesses have the same regulatory requirements that large businesses do, but with only a fraction of the resources to manage them. Not only do we at Ostendio help clients navigate these constraints, but we also help them demonstrate to their customers that they are capable of abiding by these regulations. The days of being able to control data by restricting access in a corporate network are gone. Data is in the cloud, on your phone, accessible via your tablet. Educating and training people is now the most effective way to secure data but that starts with understanding where your data is and who has access to it. Today, IT Security is simply a subset of Information Security and Risk Management.
You spent quite a bit of time at Voxiva. How has that experience aided you in creating Ostendio?
I joined Voxiva in 2005. In my eight years there, the company grew from just over 2 million in revenue to almost 8 million. Before that, I had worked for AT&T—clearly a bigger corporation. With Voxiva I was able to help a smaller organization increase in size, and with AT&T I observed the workings of a much larger, well-established company.
The startup world can be divided into multiple stages of gained revenue. It begins at 0 to 2 million, jumps from 2 to 10 million and then reaches 10 to 100 million where one may typically achieve “escape velocity.” Each has its own challenges, but also requires a different set of skills. Having worked in the greater than 10 million phase prior to the 2 to 10 stage, I felt it was time to tackle the only stage left – the 0 to 2. Hopefully my experience in the other two stages will be of some benefit in this one.
What drew you to these fields of work?
The basic building blocks of compliance and risk management are the also the fundamental tenets of information security—and that is a universal need for anyone with a business. Thankfully, my background is conducive to work in this field. I know the industry, I understand the market, so hopefully, I speak to people intelligently and with confidence when it comes to these subjects. It is always great if you can take what you know and put it to good use.
Mind speaking with confidence about MyVCM?
MyVCM is a SaaS-based platform. Customers start by completing a 50 question High-level Risk Assessment to help them both understand where they stand on the scale of compliance and to guide them on where they need to focus their attention. The platform has policy templates the customer can implement to address these issues as well as a training module and other tools to help understand where sensitive data resides and who has access to it. The platform maintains the currency of those policies and training. Each individual is held accountable for any task that they have been assigned.
Is this entirely computer-based, or does it consist of human interaction as well?
We have several degrees of service. Our most basic service is MyVCM Select, in which we support the customer from an implementation perspective. We train them on how to use the platform and of course we provide user support. However, there is much more personal support introduced with our Concierge Service, which is bundled with our Premium Package. This allows the customer to complete the risk assessment with our help and, in addition, we will assist in customizing the policies, creating and delivering the training, and providing general support and advice on security and compliance management.
What’s one piece of entrepreneurial advice that you continually repeat in your head?
There are two steps I carry with me. They are:
Step 1. Is there a problem?
Step 2. Do you have the means to go about finding a solution to that problem?
In forming Ostendio, I noticed that there weren’t any good support tools available for small businesses to help them manage their risk. I saw a need, created something to satisfy that need, and so far the solution is proving to be very popular.
What’s the next step forward for Ostendio?
For Ostendio, we want to keep expanding our product to a wider range of customers. The more people we can provide it to, the better. It’s gratifying for us, helpful for the company’s development, and always best for the customer.
How is it that 1776 has helped you in developing your company?
I joined in September when Ostendio was just an idea. At first I have to admit I was a little bit intimidated given the number of incredibly smart and hardworking folks in the space. But that inspires you to try to be as good as everyone around you. I have said before that our success will be on the shoulders of more than just those working directly for Ostendio. There are many in 1776, not least of all Evan and Donna that have helped greatly. Form learning events to general networking to finding our first customers in-house, joining 1776 was one of the smartest decisions I could have made.
As a member of a startup incubator and accelerator, what do you believe allows a startup to drop the title of “startup?”
When you can wake up and no longer have to worry about your business being in jeopardy. Although, I wouldn’t wish that upon anyone; I believe that’s the death of innovation. You need to be constantly under pressure—maintaining a motivating sense of fear—in order to continue to drive your business to its fullest potential.
That’s a pretty frightening lifestyle to have…
Yes and no. Of course it’s scary to have your company in a sensitive state, but with this progression came so many achievements that make it all worth it. It’s when I realize that what used to be a fantastic achievement for Ostendio is now the norm that I have had success. Without the pressure to push on, I don’t know that I would be able to reach that height. Ultimately, it’s a positive experience.
Elliott has also helped assemble the Health Care Cloud Coalition (HC3), a convergence of industry stakeholders who have an interest in reducing confusion with respect to the regulations surrounding storing healthcare data in the cloud. As the cloud becomes more ubiquitous it is critical that those using it to store sensitive data know how to do so in a secure and compliant manner. HC3 is tackling this issue by working to create best practice guidelines that will hopefully be adopted by the industry. After a successful kick-off event in June, Elliott says the coalition received a lot of positive feedback. They are proceeding with creating a formalized organization and are already recruiting members.