This Week Show’s Sponsors

Sensei LMS: Sensei LMS

BlogVault: BlogVault

LaunchFlows: LaunchFlows

Building A Successful Niche Hosting Business

Main Questions For Interview

#1 – Gil, can you tell us how you got into hosting and this particular niche of HIPAA hosting?

#2 – Can you give us some insights on what were a couple of the most significant early challenges you faced with HIPAAVault?

#3 – Can you give some info on one or two marketing campaigns that didn’t work for the company, and what did you personally learn from these failures?

#4 – Recently, “Digital Ocean” bought out CloudWays what did you think of this particular buy-out, and how do you see the hosting industry going in the next 18 months connected to business and technology?

#5 – If you go back to a time machine at the beginning of your career, what advice would you give yourself?

#6 – Are there any books, websites, or online recourses that have helped you in your own business development that you like to share with the audience?

Episode Transcript

Length: 32:32


Intro: Welcome to the WP-Tonic this week in WordPress and SaaS podcast, where Jonathan Denwood interviews the leading experts in WordPress, eLearning, and online marketing to help WordPress professionals launch their own SaaS.


Jonathan Denwood: Welcome back, folks, to the WP-Tonic this week in WordPress and SaaS. I’m on my own this week, Andrew Palmer has decided to leave the show, he’s busy with his other business ventures. I just want to wish Andrew all of the best and thank him for his help. I’m going to continue on my own, probably until the new year, where I might consider getting another co-host. So, you just have me, tribe. I don’t know if that’s good or bad.

We have a fantastic guest; we have Gil Vidals, founder, CEO of HIPAAVault. We’re going be talking about Gil’s journey into establishing the company that specializes in hosting websites for healthcare, deals with all the HIPAA requirements, and he also specializes in hosting WordPress websites. It’s going to be a, really, interesting discussion. Before we go in it, I have some messages from our main sponsors. I’ll be back in a minute.


Ad: Are you looking for ways to make your content more engaging? Sensei LMS by Automattic is the original WordPress solution for creating and selling online courses. Sensei’s new interactive blocks can be added to any WordPress page or post. For example, interactive videos let you pause videos and display quizzes, lead generation forms, surveys, and more. For a 20% off discount for the tribe, just use the code wptonic, all one word, when checking out and give Sensei a try today.


Ad: The importance of backing up your WordPress website cannot be emphasized enough; we use BlogVault to help us do this on a daily basis. With free staging, migrations, and on the pro plans, malware scanning and auto-fix, BlogVault is the professional’s choice when managing just one website or many. Go to and see for yourself, you seriously won’t find a better, more complete solution. That’s,


Jonathan Denwood: We’re coming back. I’d like to point out that I do a weekly newsletter. It’s about, if you’re thinking the WordPress space, you ought to get this, it’s a great newsletter. To get it, you go over to WP-Tonic Newsletter and you can sign up for it for free. Plus on the page, there are a load of special offers on plugins, services, all at discounts, everything that you would want if you’re a WordPress power user. So, let’s go straight into it. So, Gil, maybe you can give the origin story, why you started HIPAAVault. What was your path that led you to establishing the company in the first place?


Gil Vidals: Yeah, great. Well, thank you Jonathan for inviting me to this podcast, I’ve been looking forward to it. HIPAAVault was an idea that I hatched back in 2010. And I’d like to take all the credit for it, like I dreamed it up. It was, actually, one of my customers that came to me and they said, Gil, we have some medical data on our web server and that requires following the federal regulations that are called HIPAA, the Portability Accountability Act for health insurance.

So, they asked me, they said, Do you know how to do that? Do you know how to follow those regulations and make sure we’re doing that the right way? And I said, Look, I don’t know a HIPAA from a Hippo and I’m not sure how to do this thing. But in those days, in 2010, there weren’t a lot of companies doing that at all. So, they said, Look, we like your service, we like you, we like your team. We’re going to show you what to do. So, of course, I accepted that opportunity.

Now, let me step back for a moment. In 2010, hosting with virtual machines was coming around and it was, what I call, a race to the bottom, Jonathan. That is, whoever could come up with the cheapest price would get the deal. And I was in the middle of scratching my head going, What am I going to do? I keep lowering the price of our products like everybody else and this is a zero-sum game. We’re going to end up just going out of business because Google and others introduced free hosting.

And so, how can you compete with that? Well, this customer called me and they said to me, We’ll not only train you how to do this HIPAA hosting thing, but it’s going to be 10 times more value, instead of charging $50 per server, it’s more like 500. And that, really, spoke to me because I was struggling; I was looking for a way to make a profitable business. So, that’s when HIPAAVault was born. We got this first customer that converted to HIPAA hosting, and from that point forward I decided to focus on that. So, I changed the name of our brand from VM Racks, Virtual Machine, VM Racks to HIPAAVault, to better describe our focus.


Jonathan Denwood: Oh, that’s fantastic. So, what have been a couple of the biggest challenges that the company faced in its first couple of years that have stuck in your mind? Because I think the listeners and viewers always like somebody that can share some mistakes or challenges because that’s insightful when it helps the listeners and viewers. So, anything comes to mind about what were some of the biggest challenges initially?


Gil Vidals: Sure. One challenge was a business challenge. And that is, how much liability was I willing to take to host medical data, because the lawsuits were everywhere, you can read about them every other day back then in the newspaper and say, Oh my gosh, another company got a million dollar lawsuit because they let the medical patient information leak. And there’s some insurance that you can buy called Errors and Omissions Professional Insurance.

So, that’s something where my understanding was weak, I didn’t understand how do we measure the risk? How do we measure the risk and reward to understand if it’s worthwhile pursuing this, kind of, a venture? So, I’m glad I did pursue it, but it was a little tenuous at the beginning, understanding how this whole insurance world works. And now, the insurance, we did get the insurance that we needed back in those days. The insurance is a thorn in the side of this, kind of, business because it’s very, very expensive.

And when you read about ransomware, Jonathan, it’s all over the news; ransomware costs millions of dollars. You can only imagine what the cyber security insurance costs these days, because these guys are having to pay, they’re paying the millions of dollars and the rates are going up and up and up. So, that’s a real challenge in this industry. The other challenge, in cyber security in general, is that if you go into that business, there are no single stores where you can buy the book on security or go to a, particular, website.

You have to learn this by, of course, hiring the right people that have experience, but it’s one of those areas that has evolved very quickly and it’s always changing. So, it’s difficult to ensure that you have every aspect covered well, to make sure you have a good foundation and security. That’s always been a challenge.


Jonathan Denwood: Yeah. And the market, I do see you as the leader in HiPAA appliance hosting. You have a few competitors, but I do see you still as the leader. But there seems to be a lot of confusion about what is, precisely, HIPAA appliant hosting. Some people have said to me, Well, we offer it, it’s a tick box. And I said, Well, I don’t think my clients want just a tick box. They want to know that it’s HIPAA. So, I was a bit puzzled when I’ve had some hosting providers say that to me. Well, it’s, kind of, HIPAA appliant, we provide a tick box. What’s all of that about, Gil?


Gil Vidals: I like that tick box. Well, one thing that stands out in my mind is when you’re looking for a HIPAA compliant, as you said, appliance hosting provider or cloud service provider, I would look for someone who’s focused on that. Now, of course, HIPAAVault, that’s what we focus on exclusively. I think the market in this area of hosting patient information is large enough where that should be the single focus of that company. Now, my competitors are good companies and they, however, are doing many different things, it’s not just HIPAA. And that’s their business model. But I think that there’s enough there that you should focus.

The other thing that I think is very important is the compliance manager or the compliance officer. If you talk to a company that claims, they have a tick box; if you ask them one question say, what’s the name of your compliance officer that has the experience in that? And they may say, a compliance who? And they don’t have one. They don’t have one. And so, if they don’t have a compliance officer that’s managing the policies and security, then they’re, really, not very steep into that world.


Jonathan Denwood: Well, great points. Can I just have a quick follow-through question about the insurance? So, when you were starting the company, was it, really, difficult to find a company that could provide the insurance at a price that you could even think about? Or was it long and difficult until you found the right insurance partner?


Gil Vidals: Well, it wasn’t too difficult at the beginning, because what was happening in those days, this is pre ransomware. And there were hacks in those days, obviously, but the magnitude, the dollar value was much smaller, so a lot of companies like Hartford Insurance, they would have an add-on, a bolt-on to the insurance that you could just add on and it was cybersecurity, it was pretty inexpensive. But things have evolved. You don’t get bolt-on little menu items now, you have to buy a specific plan that’s all about cybersecurity and it’s its own plan with its own features, and that has gotten very high, very expensive these days.

One of the challenges. Jonathan, let me mention just one more thing real quickly. Some of the contracts require this certain level. So, if you go out and you have a contract with a state that you want to do work with, this state will require that you have a certain level; so many millions of dollars per incident, and that could be quite steep.


Jonathan Denwood: I would imagine. Just a little bit. You’re very tactful. I can be, surprising, I know, but not as tactful as you consistently. I’m not taking the mickey there, I see it as a great strength. So, obviously, we’ve gone through a couple of your initial challenges, but the other factor is, if you have no clientele, it’s the blood of a company; sales. If you have no customers and you have no income coming in, it’s not a business or it won’t be a business for very long. How did you market HIPAAVault?

Obviously, I think you’re suggesting in the early days specialize in people who are searching for you. But what have been some of the things that you’ve learned the hard way about marketing and niche player, where you have some very large competitors, haven’t you. Do you have some insight about marketing and how things that have worked for you consistently?


Gil Vidals: Sure. Part of the story for HIPAAVault is before I entered into the world of HIPAAVault, we had several dozen customers that we were doing search engine optimization work for. And as it is for a lot of businesses, Jonathan, I was scrambling to find revenue sources and one of the revenue sources was doing SEO work. So, I had expertise, personally, and staff that had expertise in optimization. So, when it came time to position HIPAAVault, we had, internally, the expertise.

Now, we had dropped off of doing SEO work, we didn’t offer that anymore. We were phasing that out. But, thankfully, we had enough expertise, where we garnered top three rankings for HIPAA web hosting. And I can tell you a brief and interesting story, that one day my phone rang at 5:30 in the morning and when I got to the office, I listened to the voicemail. And on the other side of the call was a gentleman who said, Hey, we have a large state project that we’re trying to do and Amazon will not sign the business associate agreement that’s required. They wouldn’t sign it back in 2012.

So, I called him back and I said, Well, how did you find us? And he said, Well, I went to Google and I typed in HIPAA compliant hosting and you came up. I think we were number two. So, we came up and, thankfully, for that organic ranking, we got the business and this was a significant state contract, so that was another stepping stone to get us on the roadmap. Once you have a big government contract you can tell prospects, Hey, we also host in the government world. And that speaks very loudly.

So, for marketing, it almost goes without saying, that if you can get the right keywords in Google, that’s over half your battle. Of course, as you know, you’re an expert in that, there are so many ways to do marketing, but.


Jonathan Denwood: It’s been my main focus and increasingly, I started off as a WordPress developer and a flash developer, action scripting, God help me. But then I got into WordPress and PHP and that. But my days now, Gil, are just filled with getting articles, videos, knocking content out, getting it ranked. It’s a sorry life, Gil, but somebody has to do it.


Gil Vidals: Sure. It’s so important. And even these days we are writing blogs. We have a steady stream of blogs that we produce about HIPAAVault and what we do. And I know that when we put them in Medium, I think that’s the right name, those articles are picked up and we have had significant leads from companies, from individuals that were reading a, particular, blog and then they follow the link to our website and the phone rings. So, those articles, in my mind, they have to be substantial, we can’t just have a lot of fluff, we have to say something that’s meaningful. And that’s always challenging because you’re writing for week after week and year after year; we have to be creative.


Jonathan Denwood: Oh, well, there’s no hope for me because I don’t offer any. Right. I’m sorry. At least you’re laughing, Gil. Some of my guests don’t find my English humor at all amusing. That’s why I, normally, have a co-host because they, normally, get me out of trouble, but you seem to find it quite entertaining. We’re going to go for our break. We’ll be back in a few moments with this fantastic discussion. We’ll be back soon, folks.


Ad: Hey, it’s Spence from If you’ve been looking for a fast and easy way to create powerful sales funnels on WordPress, then look no further than LaunchFlows. In just minutes, you can, easily, create instant registration, upsells, down-sells, order bumps, one-click checkouts, one-time offers, custom thank you pages, and best of all, no coding is required. For as little as $50 per year, you can own and control your entire sales funnel machine with LaunchFlows. Get your copy today.


Jonathan Denwood: Welcome back. I just want to point out, I’m starting a new show, a new live show, it’s called the Membership Machine. It’s going to be at 10:00 AM Pacific Standard Time; you’ll be able to watch it on YouTube and on LinkedIn. We’re going to go through everything to do with membership websites and, specifically, the best plugin tool services if you’re building your membership website on WordPress. Please join us, we answer questions, I have me and one of my co-workers, Kirk, he’s a great guy. We’ll be going through everything. You should find it great value.

So, let’s go back into this great interview. So, recently DigitalOcean have bought Cloudways. I don’t know if you know about Cloudways, they were quite a large hosting provider in the WordPress space, they had a hybrid system, they were based in Pakistan. I think the company was registered in Malta. But they offered DigitalOcean, Vultr, about four or five backbone hosting platforms, but they would provide the technical support. Because you do get a lot of developers in the WordPress space that decide to run a DigitalOcean, an Amazon web server and they, really, don’t know anything about hosting, but for some reason they.

And the reason it got bought-out by DigitalOcean, I don’t know if this has been on your own radar, I would imagine it has. Do you have any thoughts about why DigitalOcean bought Cloudways and do you think that over the next 18 months they’re going to remove the other choices so you can only use Cloudways with DigitalOcean?


Gil Vidals: What I see happening in the marketplace is called a roll-up. And this has been a movement that’s been around for a while, but it seems to be gaining speed. So, roll-up, for the audience, let me describe what that means. An investor will take the strategy of buying four or five different companies all in the WordPress world or cloud service world. And they know that each individual company can sell at a certain level, but in the investment world, what’s key is the multiple on the gross profit.

And they take this multiple and they do their math, but they realize one day that, hey, if I take five companies and I wrap them all together in one bundle, the value of that bundle could be 500%, 400% bigger and more valuable than the individual pieces. So, if each company owner sold on his own, they would’ve gotten a little profit, but when you wrap them all up. So, anyway, that’s the background information. So, in the hosting world, WordPress included, there’s been a tremendous amount of energy for doing these roll-ups.

And what I think is funny is that it’s the case of the larger fish eating the smaller one, because even after the roll-up, even after five companies are sold to a bigger one, that bigger one will then get rolled-up to get another level. And they try to get up to the 10 million level and then they try to go to the hundred million level, so they wrap up five 2 million companies to get to 10, then they wrap five 10 million companies to get to 50, and then they can sell the whole thing for a hundred million. So, of course, these investment bankers are just dreaming about putting this together.


Jonathan Denwood: I think a more appropriate word is salivate.


Gil Vidals: They’re, definitely, doing some of that. In terms of the other question that you asked, it’s an interesting question. What did they do with the services once they buy them? I think the smarter ones, of course, maybe I shouldn’t say smarter, but the ones that are trying to be thorough are integrating the services so that the WordPress option, as you mentioned, should be integrated with the bigger company now. But it, really, depends, Jonathan, on the goal; if this is a quick turnaround, they’re not going to touch the product, they’re not going to touch anything, they just want to roll it up and then spin it off again.

But it depends on the ownership. If they’re more into the product, they, really, want to support and grow the brand, then they’re going to take the time to digest that purchase and integrate it with the rest of the platform.


Jonathan Denwood: Yeah. I’m going to show my age here. In the WordPress space, the two things that get WordPress people going, Gil, is hosting and page builders. If you want to get some traffic to a podcast or anything online in the WordPress space, just talk about hosting or page builders. And there’s always been, in the hosting, there’s always been a darling, a certain developer crowd, kind of, pushes and migrates. In the early days it was Media Temple, I don’t know if you remember them; they still go, but they’re under the control of GoDaddy.

At the present moment, I would say to a certain group of developers, WP Engine is the darling of a certain group of developers; because they also bought a theme framework provider called StudioPress about three years ago and incorporated it in their hosting. And they’ve always been strong and they’re a company that has a founder and management that’s very strong. So, I thought I’d give you, I’m sorry to bore you, I think you were going to nod off there, actually. But I apologize.

But where do you think hosting is going and the technology, obviously cloud hosting, which is a vaporous term anyway; it’s, literally, in my opinion, so vaporous, Gil, that it, literally, means nothing, really. But cloud hosting, it’s dominated by DigitalOcean, by Amazon Web Services, by Microsoft Azure, where do you see all of this going in the next year, 18 months? Do you think there are going to be any fundamental changes on your radar or do you think we’re just plodding along with what we have at the present moment when it comes to hosting?


Gil Vidals: Well, first let me say, I love the word vaporous and I love your accent. So, vaporous, I’m going to steal that word from you, I’m going to start using that.


Jonathan Denwood: It’s not bad, is it? It’s not bad, actually.


Gil Vidals: It’s a great word. Vaporous. Well, the industry’s changing. It’s very dynamic and you can see which direction it’s going, so let me wind the clock back a little bit. When I first started, we were doing rack and stack, Jonathan, we would buy, actual, pizza box servers, stack them in there, very intensive CapEx model, you have to borrow money from the bank to buy hundreds of servers. Then, of course, we went into the VMware world, where they had the first virtualization stack. Now, you have fewer machines, but you still have to invest in capital equipment to then build the virtual stack.

Once we got out of that world and we started using public cloud, Google’s our favorite public cloud, although, we have Footprint and Azure and also AWS. You have the virtual machines floating in the Vaporous cloud, and what happens next, and what’s happening currently, is we then went to containers and now it’s services. So, it, really, is, kind of, a vaporization process, where before you would even have a virtual machine, now you’re just buying and consuming services from the big public providers.

Now, there’s a good reason for that because as a business owner, you don’t want to be signing a personal guarantee that says, Gil, if you don’t pay the bill for this CapEx investment to buy a thousand servers, we’re going to take your home away. And they, literally, you have to sign that personal guarantee. So, when I’m consuming services, it’s just a bill, right? I just pay the bill. There’s no personal guarantee, I’m not attached to that if for whatever reason I couldn’t pay the bill or go bankrupt, they’re not going to come over and knock on my door and take my house.

So, that’s a business-owner’s thinking. But the direction is going to continue in the services path and there are new services being hatched on a monthly basis, it’s hard to even keep up with the number of services, but the interesting part is these services are now all glued together with APIs. The API is the new way of consuming the services and you can bolt-on one service with another service using APIs, and it gets to be a very sexy world, where you can do all of these fancy things that are quite complicated to meet the demand of the consumer.

And the price is also getting less, so not only can you do more sophisticated things, but the price is dropping, it’s a deflationary world. So, what used to cost thousands of dollars a month, may only cost a few hundred and what used to cost a few hundred, now only costs tens of dollars, so technology is always deflationary, it’s always dropping in price. And if you want an example of that, just think about music; remember how we used to have vinyl records and then CDs, well, where is all that now? It’s vaporized. We have none of it now; it’s all on your phone.


Jonathan Denwood: So, would you agree that, and it applies to my own business, that when people are buying into HIPAAVault, what they’re, really, buying into is the knowledge of your company, the human assets of your company, the culture, knowledge, history, built-in processes, the internal knowledge of your company, that is what they’re, really buying? Would I be right about that then?


Gil Vidals: I think so. I think so, because the knowledge is over the years of experience and having the engineers that we hire that are taking care of the customer, they’re observant, when they log-in to help the customer, they’re noticing things, if there are ways to improve that, particular, platform, so there is a lot of that. Now, having said that, though, Jonathan, there’s a lot of automation; we use configuration management tools to ensure that the platform is always configured the way it should be. We have customers that aren’t very knowledgeable, they think they’re knowledgeable, and they go in there and they start changing everything.


Jonathan Denwood: Well, they’re the worst ones.


Gil Vidals: Right. Yes, yes. They change things and they weaken the security posture or they destroy it, and so our configuration management tool looks and says, Hey, wait a minute, and it puts everything back the way it should be. So, that’s part of it, is just the staff, the engineers, but part of it’s also the automation tools, security tools we’ve developed over the years. One thing that’s very interesting that some people may not realize is that it’s frowned upon in security best practices to have foreign nationals working on your PHI data.

So, for sensitive information, pci, patient information, you’re supposed to have US nationals logging in; so for our night shift, for example, we hired computer science students that graduated from the University of Hawaii, on the big island where that volcano in, in fact, the university’s right there. And we had the volcano erupting not too long ago, if you recall, and it wiped out a big part of Hilo, the town, big town of the big island.

So, we have night shift people there, but, again, the challenge is how do we keep that staff Us based, maintain the cost, we have to contain that cost and not jump over to the Philippines or to India where a lot of the competitors go. But we feel strongly this is the right model because it’s, really, security best practices to have that data.


Jonathan Denwood: So, you haven’t been tempted to hire TikTok, Chinese government developers ten?


Gil Vidals: Not yet. Not yet.


Jonathan Denwood: Right. That’s very reassuring, that would be a bit worrying if you had said that you were hiring TikTok engineers from China with biomedical records, I’m not sure how I would respond to that, but I’ll be polite to you. Are you okay, I’m going to wrap up the podcast part of the show, Gil; are you okay to stay on for another 10 minutes?


Gil vidals: Oh, sure.


Jonathan Denwood: Which we call bonus content, which you can see the whole interview, plus the bonus content on the WP-Tonic YouTube channel and on the WP-Tonic LinkedIn channel or my personal channel. So, Gil, what’s the best way for people to find out more about you and your great company?


Gil Vidals: Great, well, that’s a good question. So, is the best place to learn about the products and services. You can type in Gil Vidals on LinkedIn, if you want to reach out to me, that would be the best way to get ahold of me directly.


Jonathan Denwood: And you’re very friendly, aren’t you? You’re very approachable, aren’t you?


Gil Vidals: I try to be. I try to be.


Jonathan Denwood: You are. Yeah, you are. It’s been a great discussion; you have to come back, maybe, later on next year. We’ve covered a lot, actually. We covered the business side of it, really, because people are always fascinated about business entrepreneurs, your story, how you coped with certain challenges; it’s always an interesting discussion.

So, as I said, we’re going to wrap up the podcast part of the show, we’ll be back next week. I, really, have some fabulous guests; I’m booked out all the way to the new year, which is fabulous. And then, in the new year, we’re, probably, going to have a new co-host and we’re going to be revamping the show a bit. We’ll see you soon, folks. Bye


Outro: Hey, thanks for listening. We, really, do appreciate it. Why not visit the Mastermind Facebook group and also to keep up with the latest news, click We’ll see you next time.

Sign-up For The WP-Tonic’s Weekly Newsletter

Sign up For WP-Tonic’s Weekly Newsletter, Where You Read The Latest WordPress News & The Best Deals! Join The Tribe?

#732: WP-Tonic This Week in WordPress & SaaS Special Guest Gil Vidals, CEO of HIPAAVault was last modified: by