Compliance Unfiltered is TCT’s tell-it-like-it is podcast, dedicated to making compliance suck less. It’s a fresh, raw, uncut alternative for anyone who needs honest, reliable, compliance expertise with a sprinkling of personality.
Show Notes: Interview with Connor Duffy and Jason Pohlman of Otava
Quick Take
On this very special episode of Compliance Unfiltered, Adam and Todd Have a sit down with Connor Duffy and Jason Pohlman of Michigan-based Cloud Services Provider Otava.
The CU guys have a really enjoyable conversation. We highlight some important areas of guidance about what businesses should look for when considering a secure and compliant cloud services provider, and Adam talks about his decade-plus long relationship with Otava.
Join us for a fun, fact-filled discussion with Jason and Connor of Otava, on this week’s episode of Compliance Unfiltered
Contact our guests at Otava:
- Connor: [email protected]
- Jason: [email protected]
Remember to follow Compliance Unfiltered on Twitter!
Read Transcript
So let’s face it, managing compliance sucks. It’s complicated, it’s so hard to keep organized, and it requires a ton of expertise in order to survive the entire process. Welcome to Compliance Unfiltered, a podcast dedicated to making compliance suck less.
Now, here’s your host, Todd Coshow, with Adam Goslin.
Well, welcome in to another edition of Compliance Unfiltered. I’m Todd Coshow, alongside a man who is never bashful about his compliance position. Mr. Adam Goslin, how the heck are you today? Oh, you know, I’m doing fantabulous today, Todd. How about yourself? Hard to beat fantabulous. I’m not even going to try it. What I’m going to do is I’m going to tell you that I have the immense pleasure today to welcome in some guests to the Compliance Unfiltered family.
We’re excited to be joined today by Jason Pullman and Connor Duffy from the Cloud Service Provider Company, headquartered in Michigan, called Otava. It’s a longtime partner of TCT. We’re excited to have them as part of the show today. Welcome, Jason and Connor. How are you guys? Doing well, glad to be here. Yeah, thanks for having us.
Absolutely. Adam, I know that you’ve got some exciting stuff to tell us about Otava, and this is a topic that is truly near and dear to your heart. Yeah, I just want to make commentary to the listeners just to say, yeah, we’re not being paid to have Otava on here. I know there’s a lot of folks that have, you know, kind of paid guests on shows, etc. I just want to be amazingly clear, we’re not getting paid to have Otava on here. I think the listeners will understand a lot better as they hear this unfold today, about the relationships and things along those lines. I think it’s important that folks learn about this particular organization in the compliance space. Yeah, I agree.
Tell me about the beginnings of Otava, and how the company has grown into the security and compliance space over the years. Yeah, absolutely. So Otava, we’re formerly known as Online Tech. We launched in 1994 as a dial-up internet company, rapidly evolved into a data center, hosting, and co-location services company. We then layered on disaster recovery as a service and PCI and HIPAA compliant cloud services. In fact, we were one of the first 100% HIPAA compliant hosting providers in the US. We’ve Since added certifications like SOC, ISO, and HIGHTRUST, additionally we recently experienced international compliance requirements like GDPR. In 2018. How have you found that? What’s that? I said, how have you found that, the GDPR inclusion? Yeah, so we leveraged Azure as our partner to help us accommodate GDPR compliance in Europe. Very cool. Yeah. In 2018, we gained new investment partners with Shurz Communications. They’re a company with 150 year legacy of connecting people with information and technology. And in 2018, we added NeverFail infrastructure as a service, their cloud offering. Oh, wow. Okay. Yup. In 2019, we rebranded to Otava, which is what we’re known as today. And in keeping with the theme in 2021, we added new cloud networks out of Denver Colorado. And today we have three co-location data centers spread throughout Michigan, with another in Indianapolis. We have cloud nodes spread throughout the country, including Austin, Vegas, Ashburn, Virginia, among others. So, Otava has been doing co-location since the late 90s, private cloud since 2008, and also recently launched a public cloud practice in 2021.
Yeah, I was gonna jump in and just say that TCT got to experience the expansion with Azure. TCT proper, you know, had an experience of working with Otava for getting onto Azure in the US. We were actually the first organization deployed to the Azure US instance. You know, we elected ourselves as guinea pigs, if you will. And then also we’re the first organization to assist with the expansion out into the EU, because TCT has been, you know, been growing, growing, and growing. And we needed to serve clients that were international. So it was fun being able to be the cornerstone client on both the US and EU instances, it was awesome. Yeah, we were happy to engage that with you, Adam, and it really opened up and expand these other markets to TCT. One of the things we heard for several years now, is really understanding the workloads for our customers. Where do those workloads reside, and where should they reside? And there are instances to where the Otava cloud is not the best cloud for the workload. When I speak to that, I’m talking about more of when you get into platform dev tests, because some of those workloads, when you’re entering into a, you know, customers that have the by-modal needs, where they have a traditional infrastructure, then they have the new platform dev experience that they need to develop, those pipelines and application building where public cloud starts to make sense. So over the past few years, we’ve heard this from our customers, and the ability to work with TCT to be our first customer with the Otava managed service and bringing that to the US was big for us because we were finally able to knock down that barrier. And now it’s just been tremendous, to enable our sales team to have a seat at the table, and talk about not only our 100% SLA with our private cloud services from Otava, but also if you have a certain workload that makes sense to be out in public cloud, we can now offer and manage those services for you. And it’s not just a migration or a managed services, but really it’s a transformation. It’s a repatriation for a lot of folks where we found that, you know, as long as you’re planning, according to the proper adoption frameworks that are out there, that we’re able to build a strong productive cloud, public cloud presence that’ll serve you for many years to come. So that includes not just the cloud, as you think is compute, but also with backup disaster recovery, security services, endpoint protection, stuff like that as well. So we’re really taking advantage of everything public cloud has to offer for those workloads that determine that they need to be out there. No, and our Compliance Unfiltered listeners know exactly how important the disaster recovery is. so that sounds like a game changer across the board.
Guys, tell me a little bit more about the Otava, TCT relationship Genesis. It sounds like you guys are pretty connected here. Yeah, well, TCT, back in the day, I started off initially as a client. I was going through compliance with our cloud service provider company at the time called Online Tech. And in doing it as a client, when I started working there they were leveraging Online Tech and we needed to get PCI compliant. So for the listeners, they recall the stories of back in the day, and me having to go through PCI for the first time. Well, Online Tech was the organization that I started working with to not only gain PCI compliance for the organization I was working for, but also to coordinate with the folks at then Online Tech and now Otava to kind of stretch their wings to get truly into that compliance space. Once I got that engagement wrapped up, I left the company that I was working for and I sought to go help others that were in the compliance space, because honestly, my first experience was so miserable that I wanted to try to make it easier for others, not having to go through the 18 dimensions of pain that I had to go through. I started up an organization that was doing compliance consulting and penetration testing. Three years in, I saw the need for a compliance management system. I initially brought that to the partners of that organization, I was told I can do it on my own time and I’m like, sweet. So, during that consulting stint, I started working with Online Tech, I started working with them to assist them. Online Tech now, Otava, assisting them with managing compliance endeavors and whatnot. So I started basically helping Otava manage their compliance as a consultant. Gosh, it was probably about eight, nine, it’s gotta be eight, nine, 10 years ago at this point in the game. Yeah, it’s a little bit over a decade at this stage of the game. And so anyway, so that was going on at the time where I was doing consulting work with Otava. And then, once the business partners had told me, nah, go do that in your free time, I spent about two years in a room above a garage with several folks, effectively designing from the ground up a compliance management system that we now call TCT Portal. I ended up backing away from the business partners, and formed a little company called Total Compliance Tracking. And then the first year of Total Compliance Tracking, we spent basically building the portal and Otava was one of the early adopters of the platform, and Otava all the way through, has been the hosting provider, secure compliant hosting provider that we had, or a Cloud Service Provider that we had for handling anything that we needed. We were on their private Cloud. Again, we were the first to transition to the Azure US and then EU. But I’ve been working with the crew at Otava for about 15 years all told. There’s a period of time I stepped in as the Otava CISO and Compliance Officer, just because I knew so much about what was going on with compliance that I’ve since handed the reins back to somebody internally. I did that for about two, three years. Long story short, I’ve known and been aligned with the Otava crew for more than 15 years. It’s really a relationship that’s really near and dear to both organizations. That gives you a little bit of background on the Genesis type.
Most definitely. Now, I want to transition back over to the Otava focus, just a little bit more. There’s a lot of companies out there in the Cloud Service Provider space. I guess, myself included, and I’m sure the folks that are listening to this right now, want to know a little bit more about the various provider options in the space, and just generally what to expect as you’re looking into Cloud Service Providers. Yeah, you’re right. There’s quite a few companies out there, including some of the big hyperscalers that you’ve probably heard of, the AWS’s and the Azure’s of the world. And there’s, of course, your local and regional colo and cloud providers as well. On top of that, there’s increasingly important cybersecurity solutions that everyone should be looking at, if you’re not already. Everything from security information and event management, file integrity monitoring, central logging, antivirus, etc. It really boils down to many providers have compliant hosting, or cloud services, but few have both coupled with the knowledge, expertise and product catalog that Otava really does. One example, Otava is only a handful of, I looked this morning, there’s nine currently listed on VMware’s website providers that have both been recognized as cloud verified and having validated solutions. So really there’s a whole bunch of providers in the space. It’s really important for your company to choose one that’s right for your business, that fits what you need, and is good for your business.
That actually leads to my primary point of curiosity, now why does Otava stand apart from the crowd in the secure compliant cloud service provider space? it’s an interesting question because differentiation is big for anybody with their workloads. Now their workloads are, once we understand those, it’s really who is understanding what we’re doing to lead our prospects and customers out there to a desirable outcome. And really it’s the people that come down to it, we’re partnered with some of the best vendors. Now Connor mentioned our partnership with a leading platform, hypervisor provider that we utilize for our private cloud infrastructure. And by having that sort of partnership, our people understand one, how to take that product and apply it to business needs to provide business outcomes. And, I would say our people are engaged with Connor and others here on that sales process. You’ve got a side of Otava for a side of contract, and then we’ll get the right folks involved. No, we get the right folks involved in the beginning to understand the business needs, so we can deliver outcomes. So that’s the main thing here ,is having the people, the service model. Yeah. I’m sorry. Oh, I said, no, I absolutely agree. We see the people make the difference. Yes. And then we apply that to a service model, right.
Like I mentioned, even in the beginning, we want to understand one, the business challenges, so it takes some time. I mean, a lot of times we actually get on a call and we’ll stun the technical person that we actually want to talk at a higher level first and then dive into more technical, and the right folks. Some people are surprised about that because they haven’t worked with a company like Otava, a lot of our competition in this space is not offering all of those people and services on the front end to make sure it’s the right fit. And it’s not just a fit from, we want to earn money, of course, and we are in the business to earn money, but we want to make sure it’s a good fit for the customer and for us, so attention to detail is big for us. Especially on the front end, because we have that attention to detail. And we’re able to paint the picture from step one all the way to the desired outcome. That’s what we’re going to do. We’re all going to look at, and deliver on time. So delivery is huge for us. And then once we do the handoff between the different areas within Otava, going from sales to delivery to support, it’s a seamless process. And then we have this world class 24 by 7 365 support team that is actually headquartered right out of the good state of Michigan here available for all of our client deliveries. So the people have got to understand that one size doesn’t fit all to help them build a really tailored solution for the desired outcome. If we just solve one thing, or one avenue, or one business challenge we probably wouldn’t be in business too long so really, it’s the people here. I mentioned our valued partnerships with the proven technology partners um, we kind of touched on it we didn’t mention a name but VMware is a huge partner of ours, uh,. Then we get into the backup services. We have three different partners for our backup products, because in today’s marketplace and solutioning we’ve got to have options for our customers. We also have replication and resiliency partners, and they’re all leading vendors out there in the marketplace, so if you think about those they are in the top right quadrant of that garter report, not because that’s where we went to find them, but we’ve developed good business relationships many years ago, like we have with TCT, long enough to really know what we’re doing and how to deliver the latest. We all have mentioned on here, going into the public cloud space, and that’s why we’ve chosen Azure first, and in parameter because a lot of our target prospects, our customers are more in the SMB space to where they already have either an EA agreement or some licensing agreement with Microsoft, and it made sense for that transfer. That’s why we chose that at first, but we’re looking at other cloud providers as well, um future proofing because of the money they spend in R&D, they really allow us to build solutions that are going to last, and not only last, but for us to support them to make sure they’re evolving to our customers needs to deliver to their business challenges. So having the vendors, the right vendors, not just vendors but the right vendors with the right people with attention to detail, along with our service model of how we internally handle and create the customer experience. I think is our biggest asset to our customers.
No absolutely. I’m curious now Adam ,I know that you have experience on both sides of the fence here, now talk to the folks from a consultancy perspective, how do you view what was just gone over here? You know, the reality is, and I really, really hope that the listener has, like, kind of, you know, stayed on to this point, because this is probably one of the best points about Otava, about cloud service provider options. You’ve got to remember, I’ve gone through the years, and I’ve had to, you know, I have had organizations that were doing COLO, I had organizations that were up on public cloud, I had organizations that were hosting their stuff on their own servers at their own offices. The most interesting part about that, is that time after time after time, when I would go ahead and put all of the costs into the mix. You’re down the COLO space, and you’ve got all this equipment that you’ve got to actually maintain etc. You got, you know, labor hours, maybe third parties that have go step in for you, depending on where you are in relation to the COLO provider. Then at the other end of the spectrum, I always refer to them as the big box cloud provider, you know, type of thing where, sure, you know, you can go ahead and dial, you know, 1-800-AWS or whatever. But the bottom line is, that they have this compendium of services, right? And then it’s up to the organization to go try to figure all of this stuff out. That’s fantabulous that you have dozens or hundreds of providers or options for checking this box. But are they good? Do they suck? How do I set it up? How many levels of pain am I going to have to go through? You’re still in that notion where, yeah, you’re dealing with a big box provider, but you’re also now having to deal with different teams that are taking care of different subcomponents, maybe even different vendors that you’ve got to go ahead and employ through there. For the organization that goes down that path, it’s an epic nightmare to have to deal with all of this, and do all of the telephone games and coordination and that, etc.
I can tell you that I was keeping that in mind when TCT proper had went out and said, geez, do we want to go ahead and colo or do we want to go ahead with big box cloud or whatever? And our choice clearly, you know, was, hey, let’s go ahead and work with a company like Otava. Because here’s where the benefit comes in, it’s one organization. So as an example, with this suite, you know, I forget if it was Connor or Jason earlier, kind of alluded to a number of different services, right? You know, logging and file integrity monitoring and AV and DRAS, you know, and, and, and. If I had to go ahead and bolt all that together myself, well, now I’m googling my brains out, now I’m trying to figure everything out. But with Otava, you know, I could go ahead, sit down with these guys, say, look, this is what I need, this is what I want. I want to integrate this suite of various security services as part of how we do what we do, all that fun stuff. And it’s awesome, because it’s a single conversation. This is a funny story. So I had one organization that was trying to figure this out. And literally, you know, the price was like the best price that they could get, right? And so they go ahead and decide, oh, we’re going to go with this particular provider, and the provider, when they were supposed to turn on logging, the provider literally gave them a username and a password so they could go log into their third party logging interface, so they could go set it up themselves. I didn’t pay you to give me a login to this particular site that you’re obviously making money on. You know, I want somebody that’s going to be a partner, that’s going to help me, that’s going to answer my questions, that’s going to, you know, be able to integrate the suite of stuff that I need, in a way that is not painful in a way. It’s just so much easier, so much easier, because now I’ve got all of those services in one spot, I’m not dealing with a whole gaggle of different vendors, It’s streamlined implementations, streamlined, expansions. As TCT, I’m probably on the blower with somebody from Otava just for various reasons, at least a couple times a week, you know, type of thing. As things pop up, I can throw them into support for, support related elements that I need, we can readily expand our services, etc. So it’s just, you know, it’s just fun when you’ve got the smooth implementation capability, and from the virtual private Cloud. The old Otava virtual private cloud offering into the Azure-based private Cloud offering, it was where we partnered together. We were on the phone figuring it out, working as a team to get through it. It’s good and heartwarming to me that I’ve got a partner in an organization like Otava that I can count on to be able to help us get there.
This is a fun conversation, because I went back to him and I said, hey, that’s cool, we got the US done, but I need to go ahead and spin something up over in the EU, you guys game? They’re like, hell yeah. It’s been fun being able to go down this path with them. It’s the one thing that I would say to the listeners is, it’s monstrously painful dealing with various options. Certainly, I would strongly recommend, go give the guys at Otava a shot .
That’s pretty cool. That’s actually really cool to share. Any parting thoughts and shots for the folks this week, Adam? Yeah. I’ll say it again, honestly, contact the Otava crew if you’re in need of Cloud Service Provider capabilities, or you’re tired of dealing with a multitude of vendors, or your existing colo setup, you’re tired of maintaining that. If you just want something that’s going to work better, etc. Or you’re just frustrated with what you’re dealing with. I’ve had a good experience with the Otava crew, I’m a huge fan of a single service provider to basically enable my business. It works out well. Granted, I’ve been eyeball deep in the security and compliance space in the same sense. My job is to go do security and compliance stuff, not to be eyeball deep in the technology of the provisioning of those services. And that’s really where Otava comes in, It allows me to go, you know, do what I do, in a way that’s sane and safer and whatnot. You know, having that kind of single back to Pat is certainly a hell of a lot easier on me.
JP, what about you? Yeah, it’s been a great experience. And your challenges, from a business perspective, each one is not like it just is a canned challenge. You know, when you approached us about penetrating the market over in the EU, that was good to us, right? to you as well, and what’s killer about this relationship is that it’s a great partnership because we work with your team to figure out, okay, we see the business challenge, we see the outcome we want, now let’s plan accordingly to make sure we can get there. That’s mutually acceptable to all parties involved. And that expansion just really allowed us to open the doors for us with, you know, we say we’re a secure compliant cloud, but we’ve been really focusing on U.S compliances and regulatory practices. Getting to EU was a huge door for us to open, and I was glad we were able to do it and react fairly agile. It wasn’t like, hey, okay, we got to hire the right people, we’ve got to bone up on this, we’ve got to ramp time at them. It’s going to take us two years to allow you to penetrate that market. And I want to look back and I would want to say that, you know, by the time you told us that you were looking to us, the time we deliver was months and actually. Oh, yeah. Yeah. You guys move super quick. Well, and that was part of the benefit, right, of us working on the U.S. side together, you know, and then effectively, I think we’d gotten, you know, gotten the kinks worked out, all that fun stuff. We were able to basically lift that and go, you know, and basically take that same roadmap and in a much more expedient fashion. You guys getting that deployed to the EU, that was freaking huge. And I don’t know if I told you guys this, but TCT, actually, I was just on with the folks from the PCI Council earlier this week, and kind of getting us locked in for going over to the EU later on this year. And they’ve got the PCI conference out of Europe. Yeah, we’re going to be over there, and being able to help promote the new capabilities that you guys have kind of helped us get to. I really appreciate it. Yeah. I’m glad, I’m truly glad, and appreciate you saying that. And it really is, not to say that it was a smooth process, we had our teams to work out, but that’s where the partnership comes in. I mean, we know your team, you already mentioned you call us a couple of times a week, and we know your staff, you know our staff. It’s a great partnership. And that’s what enables that agility, that great partnership. So we appreciate that.
That’s awesome. That’s awesome, guys. That’s great to hear. Why don’t you tell the folks where they can find you, how to get ahold of you? Yeah, absolutely. We just launched a brand new website. You’ll find it at www.otava.com. That’s O-T-A-V-A. or you can reach me directly at [email protected]. Again, we just launched a brand new website, you’ll find testimonials, you’ll find white papers, you’ll find case studies, data sheets, all the things that you and your business may be faced with, tthere are solutions there to help. Hey Connor, do me a favor, spell your email address just in case. Yeah, absolutely, cduffy, that’s c-d-u-f-f-y at o-t-a-v-a.com.
Love it. That right there, that’s the good stuff. Well, that’s all the time we have for this episode of Compliance Unfiltered.
I’m Todd Coshow. And I’m Adam Goslin. Hope we helped to get you fired up to make your compliance suck less.
