Currency from the Cloud

Featured Case Study

SECURITY AND COMPLIANCE WINNING CUSTOMERS FOR CLOUD-BASED PAYMENT PROVIDER

@ARMOR | ARMOR.COM | PAGE 2

Security sells. In a world rife of high-profile data

breaches, social-engineering exploits, identity

theft and tech brand damage, strong security is no

longer a nice-to-have option. It’s a business-saving

requirement.

It’s this core reasoning that helps gotoBilling CEO

Steve Roderick differentiate his end-to-end software

payment service in a highly competitive marketplace.

In his eyes, trusting this formula is a critical

component of every business. Sound security

— particularly when properly layered — helps

organizations defend against breach, protect their

brands, ensure compliance and avoid fines.

“Everyone in our industry is concerned about security.

Breaches are everywhere. Merchants and processors

alike are concerned about security,” said Roderick.

“The applications that can deliver good security

infrastructure, along with the processes and procedures,

are the solutions that win end-user clients.”

And that’s how gotoBilling delivers — for healthcare

organizations, service companies, industrial merchants,

utilities and large banks. The Florida-based company

leverages security and compliance, integrated into their

payment application infrastructure by Armor, to help

protect customer accounts payable and

receivable processes.

“We have companies that appreciate the level of detail

we provide — not only in support, but in security,” said

Roderick. “Working with Armor only enhances that.”

Currency from the Cloud SECURITY AND COMPLIANCE WINNING CUSTOMERS FOR CLOUD-BASED PAYMENT PROVIDER

2005

Tampa, Fla.

7

Financial Payments

gotobilling.com

Founded:

Headquarters:

Locations:

Industry:

Website:

@ARMOR | ARMOR.COM | PAGE 2

@ARMOR | ARMOR.COM | PAGE 3

Scaling up-market With this understanding, gotoBilling had a plan. Offer

high-margin prospects a unique, secure and compliant

billing and currency solution that was so versatile that it

met any and every payment need.

“We connected to every credit card processor in the

United States,” explained Roderick. “We’re an ACH

settlement engine. We have mobile apps. We have PCI

secure payment pages. We have online bill pay.

“There’s really not a way that money moves through the

economy that we don’t address within this application.”

The application — powered by a secure, enterprisegrade

cloud managed by Armor — offers gotoBilling

customers elite performance and benefits, and it came

integrated with security management that just wasn’t

available from many trusted vendors. It was more than

price. It was the full package.

“We see this as a cost-efficiency that would be foolish

to try to work around,” he said. “We put numbers to this

and it would cost us more to try to duplicate what is

there. It’d be significantly more.”

Payment VersatilitygotoBilling delivers the entire spectrumof secure payment services.

Email notices

Physical statements

Invoices

Collection letters

Online bill payment

Recurring payments

Face-to-face payment

Mobile applications

Inbound check-imaging

@ARMOR | ARMOR.COM | PAGE 4

‘The cloud is common practice’ Like many organizations, gotoBilling faced

demanding technology decisions that factored in

performance, security, cost and scale. In their early

years, the company spun up their own on-premise

servers to power their solution.

In fact, when the company first launched in the

mid-2000s, some of Roderick’s early tasks were

centered on the technology that just made the

gotoBilling solution possible. Now? The secure

cloud has universal acceptance.

“We were going to companies that didn’t have

high-speed Internet in the building,” Roderick said.

“Today, the cloud is common practice. It’s truly

amazing how fast we came across that tipping

point. Now everyone accepts it.”

“We are able to stand in front of a customer and look them in the eye and say, ‘I know that your data is safe.”

Steve Roderick | CEO, gotoBilling

@ARMOR | ARMOR.COM | PAGE 5

As gotoBilling grew, so did their needs. Performance.

Security. Compliance. Scalability. Versatility. They

needed it all. And then some. From there, Roderick

and his team evaluated the cloud market. Top to

bottom. Then back again.

During this research, Roderick identified four main

pillars that a strong, secure cloud should deliver

consistently: trust in people; commitment to security;

quick provisioning; and uptime and reliablity.

Throughout their nationwide discussions, gotoBilling

found companies with one. Sometimes two.

Rarely three. But all four? It was a challenge.

Ultimately, they selected Armor and were more

than pleased with the results. Three years in, the

service, commitment, security and performance

were all top notch.

But like smart, proactive organizations will do, they

made it a point to evaluate all investments. It was a

deep look inside to see how to improve the business.

“We wanted to know what’s out there,” said Roderick.

“Are we missing anything? Can we find something

that’s better? Less expensive? More secure? What’s

changed in the last three years? You want to do that

from time to time.”

And even though it was an arduous process, the

results were the same. Nothing compared. From

there, gotoBilling continued to grow and expand.

“There’s a proven track record with Armor that would

make it hard for a newcomer to pull us away,” he said.

Even with years of experience leveraging the cloud

to power their application, gotoBilling is still evolving.

To streamline operations, they now employ a highly

advanced hybrid cloud solution that gives them the

flexibility and security required. They reinvest that

money into additional encryption and monitoring

controls to further bolster their security posture.

1. Trust in People

2. Commitment to Security

3. Quick Provisioning

4. Uptime & Reliability

The four-point plan

@ARMOR | ARMOR.COM | PAGE 6

Roderick may not have this level of comfort without the

confidence of his chief technology officer, Jed Danner.

“He’s the one who ultimately makes the decisions

(about the technology),” said Roderick. “He’s very

comfortable with what goes on there and how

everything is organized and structured.”

Danner, who has championed the Armor relationship

from the onset, went a step further. He explained that

when searching for a smart, savvy managed cloud

provider that was also an expert in security and PCI

compliance, the options were limited.

“At the time, PCI wasn’t that well known,” said Danner.

“It was hard communicating what we needed, and why

we needed it, to people who didn’t understand.”

From top-level compliance experts to around-the-cloud

security support, gotoBilling has seen the difference a

specialty vendor can make. As the partnership matured,

so did gotoBilling’s understanding of this

comprehensive value.

“The biggest thing that has really helped us has been

the on-call support and the knowledgeable teams that

are in place. It allows us to get a lot more done without

hiring more people,” said Danner. “That really takes a

lot of work off our shoulders. It saves us quite a bit of

money since we don’t have to have that extra talent in-

house. We just go to Armor.”

Confidence as a service

“It saves us quite a bit of money since we

don’t have to have that extra talent in-house.

We just go to Armor.”

Jed Danner | CTO, gotoBilling

@ARMOR | ARMOR.COM | PAGE 7

Locking down data

Customer data requires the utmost care and protection.

The tipping point for any capable cloud infrastructure is

bound to the design, strategy and implementation by the

vendor.

Bolt it on in pieces as you go? Exploits will be found. But

when a cloud environment is built from the ground up,

with security in mind, the results are exceptional.

“Security is huge. What are you doing for security? What’s

your future security plan?” queries Roderick. “It’s fine to

say where you are now, but where are you going? Armor

has a great plan and even better plans for the future. It’s

evident by the staff.”

Danner, who was in lock-step with Roderick in pushing

for stronger security, echoed the message.

“The actual data security and monitoring services

are where Armor really goes above and beyond

other providers,” he said.

Much like an educated and experienced surgeon with

a scalpel, all that technology is only powerful when

paired with trained expertise and refined processes.

“There’s a commitment to the security level there

that we weren’t seeing at other companies,” said

Roderick. “The big deal is being able to know you

can rely on the folks there watching the system. If

anything goes down, there really are people there

that are immediately on it. In essence, we’ve got a

network employee who works 24/7 who we don’t

have to worry about.”

“The actual data

security and monitoring

services are where

Armor really goes

above and beyond

other providers.”

Jed Danner | CTO, gotoBilling

@ARMOR | ARMOR.COM | PAGE 8

Next-level compliance

But security is only part of the gotoBilling strategy,

which also includes a next-level dedication to

compliance. Most organizations simply employ a

temporary Qualified Security Assessor (QSA) who acts

as a consultant to guide the company through their PCI

audit and, when needed, ensure they remain compliant.

In contrast, gotoBilling employs a staff Internal Security

Assessor (ISA), whose core responsibility is to manage

the company’s compliance posture. They’re the certified

and dedicated liaison between gotoBilling and the PCI

Security Standards Council.

“We take security and compliance serious enough that

we want that person constantly working to see what we

can do better from an application standpoint,”

said Roderick.

This commitment not only satisfies various

compliance requirements, it elevates the

gotoBilling brand.

“Not only do we do this for the application, we

can also show what we do at the facility,” he

said. “Here’s why we chose Armor. Here’s the

architecture of the system that’s been put

together at the facility. Here’s why your data

is going to be safe.

“When you put an ISA and Armor together,

it’s a best-in-class approach that’s very

difficult to duplicate.”

“ We take security and

compliance serious

enough that we want

that person constantly

working to see what we

can do better from an

application standpoint”

Steve Roderick | CEO, gotoBilling

@ARMOR | ARMOR.COM | PAGE 9

Saying it honestly Roderick encapsulated the difference right there. It’s a

team approach to protecting an organization, a brand and

its customers. Success like this isn’t achieved alone.

“I don’t believe there’s anywhere else we could go where

we would feel as secure with our data,” he said. “We are

able to stand in front of a customer and look them in the

eye and say, ‘I know that your data is safe.’

“What we’re doing with our data and our cybersecurity

partner is best-in-class. It doesn’t get better than this.

We can stand in front of anyone and say that honestly.”

“ I don’t believe there’s anywhere else we could go where we would feel as secure with our data. ”

Steve Roderick | CEO, gotoBilling

@ARMOR | ARMOR.COM | PAGE 10

US 2360 Campbell Creek Boulevard, Suite 525, Richardson, Texas 75082 | Phone: +1 877 262 3473

UK 268 Bath Road, Slough, Berkshire SL1 4AX | Phone: +44 800 500 3167

© ARMOR 2016. All rights reserved.