Odaseva CEO Sovan Bin on privacy by design; growth beyond Salesforce

Odaseva is a cloud data management platform that provides technology for managing mission-critical business applications, including data protection, compliance, and operations management for more than 10 million Salesforce users around the world and has plans to expand into new markets.

Founded in Paris in 2012 the company bootstrapped itself for seven years on $2 million in seed funding and a steady flow of large Salesforce customers seeking data governance and protection solutions.

In anticipation of expanding beyond its currently exclusive Salesforce base, the company raised a Series A funding round of $11.7 million in February, led by Partech with participation from new investor Salesforce Ventures and existing investor Serena. The round brought total funding in San Francisco-based Odaseva to about $14 million.

I recently spoke with the company's CEO and founder, Sovan Bin and asked him how the company got started and its plans for the future:

I was lead technical architect for Salesforce in Paris between 2006 and 2012 working with Fortune 500 companies to help them secure their projects from a technical perspective. Several of my customers at the same time came up with the same analysis,which is that they wanted to bring the maturity of the data management processes related to data governance they had on-premises to the cloud. They wanted to protect their data and accelerate compliance.

We didn't find a solution while I was at Salesforce. But, our first customer at Odaseva was Schneider Electric, the giant French multinational, which has a large and complex Salesforce implementation. We worked closely with the company to develop apps that would address two major aspects of data security - the integrity and the availability of it.

The first two of Odaseva's Data Governance solutions were aimed at addressing those concerns by automating the processes of protecting data. Backup & Restore for Salesforce automates the optimal strategies to protect data at a fraction of the cost while Archiving for Salesforce automate the Salesforce data lifecycle for compliance and performance. Said Bin:

Our data backup and restore solution helps prevent data loss worth $158m for one million records for companies like Schneider Electric, Toyota, Heineken, and General Electric while assuring compliance with regulations and company security policies. Our Comply with Regulation and Company security policy. Our archiving solution helps large organizations comply with regulations while reducing performance issues because of large data volumes and lowering Salesforce storage costs.

Backup is different in the cloud where cloud vendors are responsible for the data centers where if there is an incident at their center, the vendors are going to recover it. But customers remain responsible for the data on their application and this is what we provide, backup for their data on their site.

As GDPR and many other data regulations began gathering force, Schneider Electric again turned to Odaseva for a Data Compliance solution that would automate such thorny issues as users' access to the data and data life cycle; portability and the right to be forgotten; and security issues like pseudonymization and anonymization, data resilience & breach detection.

The result was Odaseva's Data Compliance for Salesforce applications which accelerates and reduces the TCO of GDPR, CCPA, PIPEDA compliance on the Salesforce platform. Said Bin:

Data privacy has become really important for consumers and for customers in general and while GDPR started the trend, there are many more initiatives regarding data privacy everywhere in the world. We've already developed an app to address the California Consumer Protection Act that goes into effect next January 1. So it's just the beginning. All of our customers are now responsible for the data privacy of their own customers and this is why we work on this to help do that.

For example, our all-in-one cloud data management platform has the flexibility to integrate with any other system or application that touches a customer's data by exposing an API. If a customer requests access to personal data, the fact that it's stored in the cloud, on-premises - even in a legacy database - is no obstacle.

Bin is a strong advocate of the principles of Privacy by Design, which is a framework based on proactively embedding privacy into the design and operation of IT systems, networked infrastructure, and business practices. Research has shown that enterprises that take a comprehensive approach in which globally defined risks to both security and privacy are anticipated in advance and countermeasures are built into systems and operations by design are most likely to meet the regulatory requirements in most jurisdictions. Its basic principles are the same as Security by Design. Said Bin:

Security by Design is something that has emerged as a best practice over the years as something that should always apply because security is about everyone. It's not just the IT department. It's a mindset where it's always about protecting the business around the three layers of confidentiality, availability, and integrity. Privacy by Design is exactly the same. You should apply this concept at every layer of your processes. It's not something that should only concern IT and lawyers. Everyone in the company should be aware of it.

To reach its market objectives, Odaseva will direct a portion of the new funding to build on existing sales and technology partnerships with Accenture, Capgemini, CGI, and Deloitte. The company also plans to double employee headcount in 2019.

Odaseva's solution can extend to any enterprise - whether in a regulated industry requiring GDPR or California Consumer Privacy Act compliance or in any market where data privacy directives are core to an organization's mission.

Bin is reluctant to reveal specific plans for expanding the company's footprint beyond Salesforce but notes that there is a need to protect and accelerate compliance across every industry and that Odaseva has initiatives in development. Look for announcements in the next few months.

My take

In a category that is growing at double digits, Odaseva's prospects look exceptionally bright. Thanks to its adoption into the Salesforce ecosystem seven years ago, the company has grown steadily without a lot of investor capital. Its compliance automation tools are solid and have been well-tested by many large companies.

In addition to experience, maturity and a huge headstart on rivals, Odaseva has a couple of other key advantages. The first is in the fact that it addresses data management, including backing data up, ensuring it is compliant, and managing from an operations viewpoint, as part of a single platform.

The second is that Odaseva is plug-and-play SaaS, with no need for developers. That's a lot to like.