Just this week Gartner Inc. analysts announced that worldwide information security spending will increase 7.9 percent, reaching $81.6 billion by the end of the year, with security consulting and outsourcing capturing the largest shares of growth.
Despite the increased security spending, high-profile data breaches keep happening in already highly regulated sectors like healthcare, financial services and government — in part because some organizations continue to bury their heads in the sand, but mostly because the threats keep evolving and keeping up requires a comprehensive approach that most organizations simply aren’t equipped to handle.
Ron PelletierCo-founding Partner
He said “security is not singular; it’s systemic, and safeguarding information and information systems requires a deliberate mix of activities and technologies.”
Pondurance quells its clients’ fears by mitigating risks through information security, business continuity, compliance and threat management solutions — including custom-built log monitoring and network sensor technologies.
However, Pelletier emphasized that Pondurance has an on-going pragmatic advisory approach that sets the company apart from most other firms (big or small) in the information security space.
“We believe that technology is an enabler, but it’s our people, experience and expertise that bring our clients peace of mind,” Pelletier said. “Being fully hardware and software agnostic makes us solution-centric and allows us to achieve security objectives more efficiently and effectively.”
Consultancy origins created a people-first culture
If you haven’t heard of Pondurance yet, it may be because the company started out as a quiet consultancy and has mostly operated as a group of independent pros solving problems for clients and earning new business through referrals and word-of-mouth.
“When executives decide they need help with information security pain points they look for someone they can trust, someone they have unfettered access to and someone they are positive is acting in their best interest,” said Lewis. “From the very beginning our focus has always been on building relationships with our clients, partnerships where we create a cycle of vigilance on keeping them compliant and secure.”
Major Indianapolis-based employers like Stericycle, Roche, Interactive Intelligence, IU Health, Midcontinent ISO, the state of Indiana, and Angie’s List have all relied on Pondurance for information security peace of mind, and they still do. Government agencies like the U.S. Department of Homeland Security have turned to Pondurance for demonstrations of critical infrastructure vulnerabilities and how to fix them.
Muscatatuck Urban Training Center (May 2016) — Landon Lewis of Pondurance and Thomas Gilbert of Pondurance conducting a live cyber attack exercise at Crit-Ex 2016, a first-of-its-kind advanced cyber exercise sponsored by the Indiana Department of Homeland Security, the Indiana Office of Technology, and the Indiana National Guard designed to help improve overall security on critical infrastructure such as utility sites. (Indiana National Guard photo by Master Sgt. Brad Staggs, Atterbury-Muscatatuck Public Affairs) LEARN MORE
Compliance does not equal security
Because so much regulation centers around keeping information private with HIPAA healthcare mandates and Payment Card Industry Data Security Standards (PCI DSS) for example, it’s understandable that there’s some confusion in the market about the difference between compliance and security services.
Landon LewisCo-founding Partner
“That’s the great thing about the Pondurance approach with our four different pillars of security, continuity, compliance and threat management. We are able to step back and evaluate how all of these things work together to make you more compliant and more secure.”
Pondurance also provides what they call a virtual CISO or chief information security officer for some mid-sized companies that may not have a security competency to strategize and think about information security and compliance from a corporate governance level.
Pondurance typically targets new clients in regulated industries with revenues between $50 million to $1 billion in revenue. A little less than half of the company’s business is in the healthcare space, thanks to a successful channel partnership with health and life sciences law firm Hall Render Killian Heath & Lyman PC. Pondurance is also pursuing new clients in growth areas like software-as-a-service and cloud providers in addition to financial services, logistics, government, energy and others.
Steady growth while staying independent
In December last year, the Indiana Economic Development Corporation (IEDC) announced it would grant Pondurance up to $700,000 in conditional tax credits and up to $50,000 in training grants for creating 65 high-paying jobs by 2023. The company has already added eight new jobs so far this year with another five new hires expected by the end of the year, or approximately 20 percent of its goal in the first year of a seven-year agreement.
To date, Pondurance hasn’t taken on any outside investment and the founders are proud of their track record of 100 percent organic growth.
The new Pondurance headquarters, which occupies 10,000+ sq.ft. in sub-leased space of Hall Render at 500 North Meridian Street, also includes signage that will place the company’s name on the Indianapolis skyline.
“It’s a big deal to have our name on the building and to be part of the Indianapolis skyline,” Pelletier said. “We haven’t quite figured out how we’re going to celebrate the sign going up, but we’ll find a way to share it with the tech community and recognize such a monumental milestone with our team and clients.”