/dq/media/media_files/2025/02/03/zSNt2JKqwqJU2RSSnjql.png)
Roopa Jayaraman, CTO, Odessa
Today, businesses need to scale up their operations amidst the complex web of regulatory changes. Odessa, the largest software company specializing in asset finance, is positioned at the epicenter of change. The Odessa SaaS platform has made it possible for equipment and auto finance companies operating in the U.S., Europe, the Middle East, and Asia-Pacific regions to simplify their lease and loan processes, be compliant, and keep pace with the industry trends.
Roopa Jayaraman, Chief Technology Officer at Odessa, sat down with Dataquest for this exclusive interview. She explains how the company's technology-driven approach addresses regulatory compliance, cybersecurity, and data management in the cloud. She goes on to speak about proactive compliance risk mitigation, Odessa's robust cybersecurity framework, which is Zero Trust based, and the role of continuous innovation in shaping the future of asset finance. Excerpts:
What exactly does Odessa do? Explain in detail.
We are world’s largest software company dedicated to asset finance, offering a comprehensive platform for lease and loan origination, servicing, and remarketing. Focused on the equipment and auto finance sectors, Odessa helps businesses scale, innovate, and stay ahead of market trends with cutting-edge technology solutions.
Headquartered in Philadelphia, USA, with a global footprint across Europe, the Middle East, and Asia-Pacific, Odessa’s team of over 1,000 professionals supports a diverse client base worldwide. Driven by a commitment to client success, Odessa blends deep industry expertise with advanced technology to deliver transformative outcomes throughout the asset finance lifecycle.
How does Odessa ensure compliance with diverse global regulations across the jurisdictions it operates in?
Our B2B platform is designed to balance global vision with local adaptability. Our key product management principles include:
· Adapting to Market Localization: Tailoring our platform to meet specific localization and regulatory needs while maintaining a global perspective.
· Configurable Framework: Providing a rule-based framework that enables customers to meet regional compliance requirements and achieve market distinctiveness.
· Globalization Architecture: Ensuring consistency through reusable global components while addressing unique regional demands.
With the support of regional SMEs, key industry associations, and specialized consultants, Odessa stays ahead of compliance requirements across diverse geographies. We collaborate closely with multinational enterprises and regional customers through advisory boards and direct engagements to identify and address specific regulatory needs and compliance timelines.
Our platform is designed to evolve continuously, offering robust functionality in critical areas such as accounting, tax, invoicing, data privacy, and reporting. Additionally, our rigorous platform certification process ensures that regional customer journeys are meticulously validated, delivering precise configurations tailored to local requirements.
What proactive measures does Odessa take to address regulatory changes and mitigate compliance risks for its clients?
As an industry-leading platform, Odessa ensures market readiness for our clients, helping them remain compliant with evolving regulatory changes within stipulated timelines. Through proactive strategies, we enable seamless adoption, validation, and implementation of functional changes, as exemplified by the FASB, IASB accounting updates in 2018 and the upcoming CFPB Section 1071 regulations. Our proactive measures include a multi-pronged strategy:
· Market Intelligence: Leveraging industry association memberships, strategic hires in new markets, and partnerships with regional consultants to identify potential compliance gaps and regulatory changes.
· Impact Analysis: Assessing the potential effects of regulatory changes on customer business models and Odessa’s product ecosystem. Drafting initial requirements for compliance and identifying solutions to address product gaps.
· Customer Engagement: Collaborating with customers to validate approaches and refine compliance solutions.
· Solution Definition: Designing product solutions, creating blueprints, and developing proofs of concept (POCs) for regulatory needs.
· Roadmap Alignment: Prioritizing and aligning compliance initiatives with the product roadmap to ensure timely delivery.
As a B2B SaaS asset finance, how does Odessa ensure its cybersecurity posture evolves to meet the ever-changing challenges of the industry?
Odessa aligns its security posture with industry-leading frameworks such as NIST CSF, ISO 27001, and CIS. Our security practices undergo continuous review through internal audits and external assessments, and we hold certifications in ISO 27001, ISO 27017, SOC 1, and SOC 2. Leading these efforts, our CISO oversees the internal Security Operations Centre (SOC) and partners with a trusted SOC service provider to ensure real-time network monitoring, anomaly detection, and incident response.
We actively participate in threat intelligence and security information-sharing forums and networks, enabling us to stay ahead of emerging threats, exploits, and global security developments.
Cybersecurity is an ongoing challenge for every organization. By prioritizing it at the highest levels of leadership (C-level), businesses can strengthen their ability to protect operations, safeguard data, and maintain their reputation in the face of evolving cyber threats.
What technologies or frameworks does Odessa employ to manage customer data on the Cloud while supporting seamless client operations?
We employ a Zero Trust approach based on the principle of “never trust, always verify.” Unlike traditional security models that assume everything within the network perimeter is secure, Zero Trust operates on the assumption that threats can exist both inside and outside the network.
Our platform architecture and tools are designed to restrict access to all confidential data by default. Access is granted only based on specific requirements and necessary approvals. To enforce and monitor access at a granular level, we’ve implemented fine-grained access management features and privilege management tools.
All access and activity logs are centralized in our Security Information and Event Management (SIEM) system, which is continuously monitored by our Security Operations Centre (SOC) team to ensure real-time threat detection and response.