To start 2022, InCountry Founder & CEO Peter Yared sat down with staff to discuss some company-related questions. Part II, to come in a few weeks, features industry-related questions.
– How did the idea of creating a data residency company come about?
PY: We came up with this idea even before GDPR. Marc and I started working on the company five years ago actually, and the basic thesis was every country would want to manage their citizens’ data. And in a lot of countries, it was the citizens demanding it; somebody sitting in Germany was like, “What is going on with my data if it’s sitting in the US?”
So the basic thesis was, how’s the country going to manage their citizens’ data? Well the first step is, mandate that the data be in the country. And then, if it goes somewhere else, have rules on how it’s treated. And that’s what GDPR was—GDPR is actually data residency.
-Where is the company’s focus in 2022?
PY: To intensify our relationships in China, Saudi Arabia, and other key markets, and then expand our offerings into payments and other sectors like IoT.
-What role will China play in the company’s future?
PY: A huge role. It’s the second largest economy in the world, multinational companies want to operate there, and many do, and it’s critical that they comply with local laws there. If you’re in China, you have to operate under their rules and regulations if you want to access the market, and data is a critical part of that. We think it’s a huge opportunity and we have a key partnership with Alibaba Cloud, and we’re investing heavily in China. I think it’s a great market.
-What role will India play in the company’s future?
PY: It’s interesting, we have a lot of interest from India. It’s the third highest number of hits to our website and it’s one of the top markets where payments are regulated. We think it’s going to be a big market for us in 2022 with our Payment Vault.
-Is there any reason India hasn’t taken off yet the way China has?
PY: In India, primarily it’s payments that are regulated. So we introduced a Payment Vault, but it was only about three months ago, so we now have an offering that’s suitable to that market.
-How does the US lacking federal data regulations affect InCountry, if at all?
PY: It doesn’t affect us at all because most people don’t have problems operating in the United States, that are our customers. Multinational companies generally are in the US market already and operating here effectively.
-What is the single achievement InCountry has had that you’re most proud of?
PY: It’s the result of the achievement, which is that we have a lot of Fortune 100 companies storing basically the only copy of highly regulated sensitive data with us. That achievement I’m proud of mainly because you can only do that if all the teams work together: engineering, compliance, operations, and marketing. If every function of the company wasn’t functioning correctly, there’s no way you’re closing a Fortune 100 company.
We’re only a three-year-old company and if you look at our customer list, it’s very rare for a young company like us to be trusted and again, this falls into the single achievement I’m most proud of. We‘ve built something, and very quickly, that large companies trust with their data, and that’s very rare to do.
– What can you recommend for companies that start thinking about data compliance?
PY: It’s a funnel. The first thing you have to figure out is what data do I have to manage? And what data is regulated that I run in what systems? Most companies are running nearly fifty different SaaS systems, a bunch of internal apps, there are spreadsheets floating around, so the first step is, what’s out there that’s regulated?
There’s companies that can help you with that, like BigID. Then the next thing you have to do is say, “now I know I have regulated data, how do I treat it?” A big thing is you have to have a cookie consent, and you have to be able to handle document subject requests, and the right to be forgotten in certain markets—that’s all a matter for companies like OneTrust and places like that.
Then the next step is data loss prevention. “Ok I know I have data, how do I prevent it from leaking or getting breached?” There’s companies like Privitar in that segment.
Then at the very bottom of the funnel is something so regulated, it’s a hot potato for me to handle myself—credit card information as an example of that. Most companies do not have the fields in their database anymore for that info because their cyberinsurance policy would go through the roof and they’d have to implement PCI DSS throughout the entire organization, or create a separate division with its own rules that’s separated from everybody else.
That’s where we fit in. We fit into that hot potato data market. It’s so difficult to manage and regulate data in places like China, Indonesia, and Vietnam that companies have to go to somebody else and let them handle it. And generally, when companies come to us, they already know they need us.