Kevin Smith, CRO & EVP of Sales and Marketing at Ntirety, on Security and Compliance in the Public Cloud

In this episode, Kevin Smith (CRO at Ntirety) highlights how enterprises are utilizing Ntirety’s expertise and service to ensure a compliant, secure and effective migration (or presence) to the public cloud.

INTRO: [00:00] Welcome to the Tech in 20 Minutes podcast, where you’ll meet new tech vendors and learn how they can help your business. At ITBroker.com, we believe tech should make your life better, searching Google is a waste of time, and the right vendor is often one you haven’t heard of before.

Max: [00.18] Hi, I’m Max Clark and I’m talking with Kevin Smith, who’s the Chief Revenue Officer at Ntirety. Kevin, thank you for joining.

Kevin: [00/23] My pleasure Max, thanks for having me on.

Max: [00.25] So Kevin, before we get into the Ntirety story, I think it’s important to point out that prior to taking the CRO role, you were in charge of customer success, and that’s an interesting track for people. You don’t see very many customer success moving into you know, sales and marketing, and CRO typically within companies. So, I’m curious… you know, how that applied and what that means for Ntirety?

Kevin: [00.50] Sure, when I first joined Ntirety, as you said, I was in charge of customer success, and my main charter was to improve our client experiences so we could retain our clients longer. Not long after being in, our CEO at the time – who had hired me – asked me what my thoughts were; I was maybe ninety days in, and I told him that maybe the company applied too much disparity where none existed between sales and retention, that providing a great client experience is how you sell and hell you retain. There was too much disparity in the company between those two. And he said, “Well okay, you can have sales then, also!”

Max: [01.28] Be careful what you wish for!

Kevin: [01.29] Exactly! So, when he asked me about marketing I kept my mouth closed.

Max: [01.33] So, in that context, what does Ntirety do, what is Ntirety’s focus with your customers?

Kevin: [01.38] Sure – we secure and manage cloud environments, be that public cloud, hybrid cloud, Azure, AWS, even some mix of clients that have built their own cloud – we secure and manage them. 

Max: [01.53] So it’s interesting to me that you start by saying you secure and then manage, and I think a lot of presentation from companies is almost the opposite: we help migrate, we help manage, but security seems to be an afterthought. So, is that a dominant focus for Ntirety, is that something you guys are leading with?

Kevin: [02.09] Yeah, absolutely it is. The migration piece, we’ve got to be able to do; management, we’ve got to be able to do. If you do all of that and then your client gets breach, you’ve done them, no service. So, security is always at the forefront of our focus.

Max: [02.24] You know, as an enterprise is making a transition, or it’s transitioned into a cloud, or it’s somewhere within that journey, what is it that would attract them to an Ntirety, or how you know – what problem are you solving for htat company?

Kevin: [02.40] Sure, it depends at what stage we engage. Some clients  attempt to take themselves to the cloud, realize that maybe they lack the expertise to do so, some clients get themselves to the cloud and are not realizing the benefits thereof. Some clients will bring us in early enough – and this is where we’re best able to engage and drive positive outcomes – is in the decision-making process. Should we go to the cloud, what cloud should we go to, what applications should go to the cloud, how should we get there, should we lift and shift or replatform the application prior to moving, how to go about it? So, if we’re – our optimum point of engagement with anyone is early on in the process where we can help them take a look at the business decisions that they’re making, more than – or as much as least as the technology decisions that they’re making. You know, often if you don’t start with a definitive goal, and that goal needs a high level of specificity as to why you’re making moves to the cloud, or what you’re trying to accomplish in the cloud that you’re failing to and why you need outside assistance – we really drive into the business decisions there to make sure that we can drive positive outcomes.

Max: [03.56] I like that. So, what are business drivers that are pushing people onto the cloud and how are you helping them, you know, accomplish that?

Kevin: [04.06] Sure – there’s quite a few, and we like to start there. You know, there’s technical decisions that people are making, there’s financial decisions, there’s life cycle of the business-type decisions, you know, factors that people are considering right now – there’s business continuity and security decisions, they’re pretty heavy. Some examples of those – a lot of it modernization, folks feel like they need to modernize, and modernization can take a lot of forms: are you modernizing your application, are you modernizing your staffing model, are you going to more of a DevOps environment, are you modernizing your equipment; you know, is it outdated, is it just the fact that you’ve hosted your own applications for a long time and now you’re at the point where you have to do an equipment refresh, so it’s a good time to make that build versus buy decision again. Do I spend capital to purchase new gear, or is that the right catalyst to move to an opex model and move to the cloud. Where they’re making technical decisions you know, an application that needs more scalability, trying to improve self-service, some people want to retire technical debt – it’s kind of common post-merger and acquisition. You know, an acquisition occurs and all of a sudden I’ve got these legacy applications – I need to keep them around but I want to service all that equipment, or is now the time to move that to the cloud? And we’re seeing a lot now of, you know, of financial decisions, right, on operational expense versus capital expenditure; do I have cash on hand? We see some companies that make financial decisions based on corporate value: is my Saas company worth more if my application is completely on the cloud than if I’ve got a service infrastructure? Right now, we’re getting a lot of business continuity decisions being made. You know, can I get geographic diversity by going to multi-availability zones in the public clouds? Should I do my disaster recovery, should I replicate to the cloud off of my current gear? Should I split between clouds so I’ve got diversity – even at the hyperscale level? And really nailing those business decisions – I think – is important. Typically a lift and shift – I’m just going to take my application as is, I’m just going to remove it from some sense of hardware, from a private cloud environment, or even some folks are still on premise, they’re on data centers – some larger corporations, or colocated equipment someplace… If I just take an application and move it to the cloud, I haven’t accomplished much, you know? Am I going to be able to take advantage of the myriad of technical advances on the public cloud? Auto-scaling, ephemeral devices, infrastructure as code, really all of the, you know, the true technical benefits of the cloud. Or I may just want to be – like we said – I want to be diverse, I want to buy new equipment, I might take an existing application and move it to Azure, an existing Microsoft application and move it to Azure, so that I’ve freed myself of managing technical debt, you know? I’ve freed myself of having an IT person having to blow out dusty fans, you know? The old day references!

Max: [07.16] This conversation is interesting to me because when you talk about it, it sounds like a part of it becomes a tactician implementing a decision that’s already been made by a company but the rest of that thought really sounds like you’re helping enterprises actually decide what business drivers they should be focusing on and how do they apply technology and cloud services and infrastructure management around that for them as well. I mean, where do you sit in that conversation with your customers?

Kevin: [07.43] Well, with our existing clients we certainly sit in that conversation early. You know, our genesis was as a hosting company, right? We still manage data centers, you know? We’ve got quite a few here in the US, we’ve got a Canadian presence, we’ve got a European Union POP, we’ve got an APAC POP in Seoul. So, we still manage a lot of private cloud and even colocated equipment. So those clients, we’re partnered with them already and we’re early in those discussions, trying to help them get to the cloud. I think one of the things that attracted me to Ntirety earlier on: somebody had said to me, “Hey, you should move into the hosting business.” Three and a half years ago I’d say that’s not a great idea, but I was speaking to the folks then, a leadership and private equity firm, and they were early on making the cut and not playing defense against the cloud. They were saying, “let’s help our clients get there,” you know? Some of the old data center companies who had tried to resist that, wanting to keep that client where they are or keeping that revenue stream… Ntirety, early on, made the cut to where the puck was headed and instead of where it was, and – so we’ve got our clients and we’re in early. But, some clients you know, and prospects, come to us mid-stream, they’re attempting to do it on their own, they’ve made a decision, they just want somebody to execute it – and that’s fine by us. We’re happy to do that and we can still add a lot of value there. We’re probably going to go into that with a security bent and a security focus and say, “Absolutely, we’re happy to help you.” The first thing we’re going to do is look and say, you know, how secure is that environment? As I said earlier – managing somebody… Managing an environment for somebody without concern for security is a disservice, so we’re going to have that conversation early on. We’ll do straight migrations if somebody wants to manage it themselves – we look at it and kind of say, “How involved does the client want to be?” Do they want to be hands-off, “Hey, you guys migrate this, you guys manage this, you guys secure it, I’m going to put all of my horsepower behind app development.” And we say, “Okay!” That’s a great client for us and we’re happy to handle it, but a client comes in and says, “Hey, I just need somebody to do cost optimization and keep an eye on this thing so it doesn’t auto-scale and blow my budget.” We’re happy to do that as well. You know, our offering is expertise and clients have different gaps in their expertise. And we can fill those gaps, and if they want – if they have zero expertise or don’t want to hire that, or in this environment you know, the environment we’re operating in currently Max, there’s folks that have had to make very difficult staffing decisions and some of that expertise may no longer be on the team, and they’ll be forced to make a decision as we rebound, is that a re-hire? Or is that you know, when in doubt, sub it out, you know? Security is a great example of that – we do a lot of just security for people, securing their cloud environments. And in my mind, security is something somebody else should always do. If you’re doing your own security, it’s like proofreading your own writing, right? You’re going to miss because you think you know it’s there, you know? Somebody else proofreading is always better – and with security specifically, there’s good reason to have it outsourced, and you know, allow somebody who focuses near-exclusively on that to have that consideration.

Max: [11.08] The managed service space, or the CSP space around public clouds is getting very clouded. Why Ntirety, what’s your secret sauce that makes you stand out in this crowd?

KEvin: [11.18] Sure – tech security piece is certainly a big part of that. We also do a lot of data modernization, data optimization, classic DBA work, and being able to weave that into cloud discussion is excellent for us. One of the things that really differentiates us Max, is we contract guidance-level agreements, and it’s a concept that we’ve come up with. We took a look at service level agreements – the old SLAs – and by nature they are reactive. If something bad happens, then we will do this. We flipped that script and said, we’re going to be proactive, and we’re going to guarantee that we’ll make five actionable recommendations, we document them every quarter, at least five actionable recommendations with our clients that will impact security, performance, availability, or cost. So, in those four areas, right, that we say we’ll either make recommendations to save you money, to be more secure, to get more performance out of your existing environment. What it does, is it lets us run in parallel with our clients. To make actionable recommendations that are sensible you have to know the business objectives, the client’s desired business outcomes – so it raises that level of conversation, it’s easy to come in and say, “You should purchase a reserved instance to save some money.” Well, if you don’t know that that client’s got massive scaling plans in front of you, you’re going to purchase the wrong reserved instance, you’re going to make a recommendation that’s unreasonable to them; cutting cost might not be their concern, growth might be their concern, rapid growth might be what they’re most-focused upon. So, these guidance level agreements that come with our higher-tiered services are a real differentiator for us.

Max: [12.56] Ntirety also is cloud agnostic – you’re not a focus provider just on AWS or GCP or Azure, you have your own environment that you still maintain, that’s an option for customers, but as well you’ll help manage a customer on any of the public clouds, and that’s somewhat unusual also in the CSP space, where people try to hyper-focus. How do you find that? I mean, operationally that’s got to add some overhead, but in terms of customer value, was that customer driven or something that you guys looked at and said, “Hey, we’re going to drive into the market and we want to be cloud agnostic?”

Kevin: [13.29] That’s a great question, Max – it was really customer-driven, because our customer base had different business goals, and should be on different clouds. They were making decisions and our existing customer base was who we were taking care of first and foremost. So, as they said, “I’ve got this large Mcirosoft environment that I want to migrate,” we took them to Azure. As they said, “Hey, my Saas company is really growing and I’ve got spikes and valleys in my usage,” we took them to AWS for auto-scaling. When the clients came to us and said, “Hey, we’re an online marketing company and we’ve outgrown our current environment,” we took them to Google. So, that’s how it kind of originated. For us – I think – one of the advantages there is that we can provide monitoring, security, across those clouds, management across those clouds, so you’re not having to deal with multiple providers, or if you are managing your own portions of that yourself, you’re not managing multiple monitoring systems, for example. So, our ability to kind of provide security and management across hybrid cloud environments has proven pretty valuable, but to answer your question, it wasn’t born out of us saying, “What’s going to be most attractive to the marketplace?” It was born out of, “How can we be the best partner for our existing clients?” 

Max: [14.54] Who are your customers? I mean, is there a profile, are you vertical-oriented, are you industry, are you geography, are you size – who becomes a good fit for Ntirety and vice versa? You know, if I’m an enterprise of a certain profile, how would I know that Ntirety would be a good fit for me?

Kevin: [15.13] Sure, we certainly have some Fortune 500 clients, but that’s not our target. Good sized clients for us – and we are more size than vertical – clients that are running mission-critical applications, in compliant verticals, and that now obviously spans a long way. But clients that need to meet specific compliance requirements, be that HIPAA, PCI, Hitrust, you know, everybody now on GDPR… Any compliance-driven minded company running a mission critical application… Average size for us, you know, clients that are sub-two billion in total rev, somewhere between maybe, a hundred and fifty million and two billion is a pretty wide range for us. We work with a lot of private equity owned clients, we work with a lot of private equity firms and manage their portfolio. So, private equity firms will bring us in to take a look at the companies that are within their portfolio, to see where we can drive value, specifically in and around security. Clients with technical debt, you know, you hate to say it, but an ideal client profile for us… A company that has been in business, you know, more than fifteen years. A company that has been in business five, probably was born in the cloud, probably has some expertise, probably has grown in the cloud. But a client that was – or a business that’s been up, you know, fifteen years? They were not. We do a lot of manufacturing, we do a lot in oil and gas industries, we do a lot of financial services companies and a lot of Saas providers, you know? Some of our largest clients – certainly don’t want to drop names – but there’s a lot of smart televisions in homes that, when they update, that update is calling back to an application that we are managing and securing.

Max: [17.06] Compliance is a very difficult thing to do well. I mean, you can support compliance but anybody who’s been through a compliance audit or – you know, even PCI – PCI is an easy, relatively straightforward thing, on the surface. I should say that, at least. But it tentacles out and touches a lot of things very quickly, and when you get into HIPAA and Hitrust, and deeper and deeper into more and more stringent compliances, those become very – animals of themselves. So, saying that also that you’re focused on compliance and regulated industries, I mean that really is a pretty big differentiator, to say, “If you have a compliance requirement and you are looking at a business objective that’s driving you into a cloud platform or driving modifications to your cloud platform,” I mean the intersection of those two things is relatively specific, you know? That’s a very unique kind of customer and it makes you a very unique offering for that customer.

Kevin: [18.02] It certainly does, and that’s the start of a lot of engagements for us – clients will come and say, “We’ve got a compliance need.” We do offer compliance as a service, you know, kind of – not to use the cliche – but we’ll take a look… Our compliance team will go in, take a look, do gap analysis, make recommendations specific to technology and protocols surrounding those technologies, and then often that drives us providing assistance and clients meeting those – filling those gaps – and meeting those obligations. Ultimately, compliance is a – it’s a big matzo ball, it’s a sticky, you know, it’s a big matzo ball at times, because it does – it touches so many things, including items that are… That by nature, have to be the client’s responsibility, you know? Ensuring protocols are met in offices – we can’t do that, but making sure that all of the standards are known, that the technology meets all the standards, and then us providing assistance at audit time is a big part of what our compliance service does, you know? If you wait until – most folks that are listening have probably been there when… Sixty days before a compliance audit, it’s a fire drill, right? And then, ten months go by and somehow we’ve forgotten all about this, and then sixty days before the next year’s compliance audit, it’s a fire drill! So, what we do is just try to keep those points from getting too divergent, you know; lines that are only a couple degrees apart over time are spread a long way out, right? So, our service kind of reconnects those points as it goes, so that when it comes around to audit time, it’s not the fire drill.

Max: [19.44] Awesome. Kevin, thank you so much for your time this morning, and I really appreciate it, I look forward to talking to you again soon.

Kevin: [19.51] Likewise, Max – always appreciate you, good to talk to you sir. 

OUTRO: Thanks for joining the Tech in 20 Minutes podcast. At ITBroker.com, we believe tech should make your life better, searching Google is a waste of time, and the right vendor is often one you haven’t heard of before. We can help you buy the right tech for your business, visit us at ITBroker.com to schedule an intro call.