Managing risk with Dan Langhofer and Eric Wubbena of PaperWise
PaperWise was founded in 1988 by a couple of brothers in a garage trying to figure out how to manage non-structured data (i.e., paper), according to current owner and CEO Dan Langhofer. We spoke with Dan and the director of business development, Eric Wubbena, about their mission to manage the risk associated with storing and protecting data and how it led to the creation of a separate business unit, CentricMIT, to provide managed IT services for their customers.
Can you tell me a little about the history of PaperWise?
Dan: PaperWise is 28 years old, so from a technology perspective, we began in the Stone Age. It started out as pretty basic document imaging – scanning paper, storing it, and making it readily available to stakeholders of an organization. That turned into document management and expanded into workflow.
We continued to evolve over time to what it is today, which is really a business efficiency tool where we manage all that unstructured data and eliminate the cumbersome things that go along with filing and searching for something that’s missing.
What were some of your biggest challenges in the beginning?
Dan: There wasn’t technology to support moving these large documents around the network. Our goal was sub-second response times, but back in the old days, the networks weren’t fast, the computers weren’t strong, they didn’t have a lot of memory, storage was crazy expensive, and we were burning everything to optical disk.
So our real struggle had more to do with infrastructure than the software technology. Compression algorithms and the ability to encrypt have gotten better over time, so we can protect all of these assets from anybody seeing them who’s not supposed to see them and push them around in an encrypted fashion so they can’t be hacked or decrypted.
What prompted you to found CentricMIT?
Dan: We use a pretty elaborate set of tools at PaperWise that requires the functional architecture it’s running on to be sound and solid. We found ourselves spending a great deal of time working with clients who didn’t have an IT department and who didn’t have the technical ability to make sure that that was happening, so we created a division called CentricMIT, which provides managed IT services.
How do you manage the risk of protecting customer data?
Dan: Managed IT is about striking the balance between money, ego, and risk. When taking on a new client, there are five things we recommend, and if these things don’t happen, it creates risk for us as a solution provider:
- The client should use productive-rate hardware that has a manufacturer’s warranty program. (We need to know what the replacement timeframe is.)
- The managed IT provider should inventory, vet, and approve absolutely everything that touches the client's network, both from a hardware and software perspective.
- The client needs to accept they might not be able to go in and have full administrative rights and do anything they want to do. It’s hard for us to be liable if there are other people with keys to the kingdom.
- The client must restrict access to the hardware. We actually have clients who have the server sitting in the middle of a big operations room and anyone could walk up and pull the wrong plug – and then they’re down.
- The client should validate the disaster and recovery protocols twice a year. It’s a pain and nobody likes to do this, but everything needs to be tested.
We carry every kind of risk insurance that you can imagine, from cyber liability insurance to straight E&O insurance. We carry insurance to make sure if the data gets released, we’ve got coverage. When you look at it from my perspective, it’s crazy risky. If we don’t go through that process of testing and recovery and they do have a fire or flood and they’re down for a week instead of 24 hours, am I responsible for that? Or say somebody moves some data, we don’t get to back up, something critical happens, and we can’t restore it. Again, that’s a liability issue. From my perspective, the only way to sleep at night is to have an adequate amount of insurance coverage.
Eric: From an operational standpoint, we create very strict standards and operational processes that minimize that risk, allowing us to be profitable. So if we follow the process, the five things that Dan talked about, and we set those expectations with the client that allows us to stay profitable – it innately minimizes our risk. And I think that really follows along the line for both of our companies.
There are times in software development where we think it’s a great idea, but if we don’t minimize our risk, we immediately become unprofitable if we’re managing a client where it’s costing us money to take their money.
Have you had clients refuse to follow your recommendations?
Eric: It’s difficult to fire a client because of the money involved, but if they’re not willing to follow the procedures, we have to be able to stand up and say it doesn’t make sense for us corporately to continue to work with them.
Dan: What they do is immediately say, “You’re putting me on notice? Fine, I’ll just go find somebody else,” and they go around to the other people who provide the same services, and one of those providers’ first questions is, “Tell me what’s not working with your current provider.” And the customer explains the scenario, “They want us to comply with all of these procedures,” and the other provider says, “Yeah, so do we.” So then all of a sudden, the customer realizes, “Oh, it doesn’t matter where I go – I’m going to have to do this.”
What would you say is the biggest risk you’ve had to face as a small tech business, and how did you overcome it?
Dan: I would say the biggest risk for us is learning that fine balance between bringing in the revenue that we need, and the liability and risk associated with bringing on what I would consider a fragile client, a client that doesn’t know what they don’t know. I think our biggest risk is finding that balance and knowing when we have to say, stop; we’re risking the whole business for one client.
Eric: I think the greatest risk that technology companies have to face is taking care of someone else’s data. We’ve taken that risk on for 28 years, before people understood that data is the lifeblood of any company. What we do with PaperWise is manage their data, and by doing that well for 28 years, it’s allowed us to minimize the risk because we understand the importance of the data.
Compare quotes from trusted carriers with Insureon
Complete Insureon’s easy online application today to compare quotes for general liability and other kinds of business insurance from top-rated U.S. carriers. Once you find the right policy, you can get coverage in less than 24 hours.