TierPoint: The Cloud Next Door


Security, confidentiality, and guarantees the key weapons

Health care is one of the most difficult markets for cloud providers to crack. Under the U.S. government’s Health Insurance Portability and Accountability Act (HIPAA), security and confidentiality are critical issues. The large, well-known cloud providers have made few inroads into this market because they have been unwilling to invest the time and resources to reassure health care customers that the security is there.

VM Racks is a little-known, privately-held cloud service provider that has carved out a highly successful niche giving health care organizations just what they need to feel confident in the cloud. The ride for VM Racks has not always been smooth. Based in San Marcos, a suburb of San Diego in southern California, VM Racks began life in 1997 as a hosting service provider. Founder and Chief Executive Officer Gil Vidals told The Daily Cloud that the company went through different iterations and growing pains until it found its current strategy. “We found that competition based on price alone gave us very low profits. So, we re-tooled our business, built on our knowledge of security and virtualization and found a niche – secure cloud hosting for companies that require HIPAA – compliant hosting.”

Today, VM Racks helps customers maintain HIPAA compliance through rigorous security protocols and managed hosting solutions. HIPAA compliance is required by companies providing services that deal with electronic patient health information (e-PHI) and electronic medical records (EMR). EMRs can include a wide range of sensitive personal, financial, and medical information.

Vidals: winning health care customers

VM Racks invests in a broad range of technologies and techniques to deliver a highly secure infrastructure. “Methodologies used include offsite backups, two-factor authentication, log management, vulnerability assessment scanning, web application firewalls (WAF), anti-DDoS protection, network perimeter firewalls, and multi-tenant isolation,” Vidals explained. “In addition, HIPAA organizations should also ensure that their hosting provider maintains the following audits and certifications: SSAE 16 SOC 1 Type 2, SOC 2 Type 2, and SOC 3 Type 2.”

VM Racks’ primary competitors are large cloud providers like Amazon Web Services (AMZN), Microsoft Azure (MSFT) and Rackspace (RAX). But these companies have shown little sign of focusing on the unique requirements of health care. “Most of our competitors have very broad scope,” Vidals said.

In addition to all the security, customer service is also a key element of VM Racks’ appeal to customers. “We win customers with our technical support,” Vidals said. “We answer the phone when clients call, we include support at no additional cost in all of our plans and we do this at an affordable price. HIPAA clients tell us how important it is to have a higher level of service and we deliver on that with our products and service.”

A Business Associate Agreement (BAA) is often a critical stumbling block for cloud providers trying to get into health care. Most large cloud providers will not sign one, because it obligates the cloud provider to provide a financial guarantee for any penalties that result from breaches of HIPAA. “VM Racks offers and signs BAAs with all of its HIPAA clients,” says Vidals. “This gives us a competitive edge as we back our service with a guarantee.” Currently, VM Racks has about 5,000 customers and annual revenue in the single-digit millions, Vidals said.

One VM Racks customer is eMedical Companion — a company that develops healthcare related IT products and services. Founded in 2011, eMedical Companion offers products that help healthcare providers and institutions improve the quality of patient care as well as patients with chronic diseases manage their diseases more effectively. Its products include software for Electronic Health Records, Assisted Living Software and Hospital Management Systems. Its customers are patients, physicians and other healthcare providers and institutions.

Shumeen Saleheen, President of eMedical Companion told The Daily Cloud, “VM Racks works as our IT Team, otherwise we would need at least one Tech Ops Engineer to maintain our network and keep our servers running. VM Racks provides us with advice about security issues and customer support. VM Racks has helped us significantly over the past 3 to 4 years.”

For the future, Saleheen is excited about the company’s growth prospects and expects sales to accelerate. He said, “We are developing some unique healthcare related products and services that can be used by the patients, healthcare providers and institutions in USA and around the world. Though eMedical has only been in business for about four years, it has been growing by about 30% year on year and already has customers in 20 different countries.

In 2012, VM Racks won a contract to provide secure hosting for a Department of Defense contractor. That launched the company’s entry into the government sector, another growth area for VM Racks. According to Vidals, revenue grew by 100% in 2012 and 2013. Last year growth slowed down to 50%. He’s bullish on the outlook for this year, and is considering expanding into one or two more data centers, in addition to the two facilities he has now, in California and Arizona. He views health care as his primary target market for years to come. But he adds that health care organizations will continue to move slowly into the cloud: “As long as people are reading the headlines about security breaches in the cloud, companies will continue to be cautious.”