As technology continues to advance, the need for businesses to keep sensitive data secure also grows.

Spokane Valley-based Intrinium Inc. serves that growing need and has experienced its own rapid growth in recent years as state and federal data-security regulations become more stringent, says Nolan Garrett, its 28-year-old owner.

Garrett founded Intrinium, which does business as Intrinium Networks & IT Security, in early 2007. Every year since then, the company's sales have doubled, Garrett says, adding that he expects its 2011 sales to top $2 million.

The company currently employs seven people, and Garrett says it's looking to hire an eighth person. He anticipates the company soon will outgrow its 2,700-square-foot office space at 505 N. Argonne, though it just moved into that space last May.

Garrett says Intrinium's rapid growth is due mainly to increased regulatory pressures for tighter information-security standards in industries such as health care, banking, and retail.

"The reason we exist is because of the regulations that exist for banks, credit unions, and heath care providers," he says.

The federal law that stipulates such data-security measures for financial institutions is the Gramm-Leach-Bliley Act (GLB), Garrett says. For the health care industry, he says, the Health Insurance Portability and Accountability Act (HIPAA) regulates information security.

"Financial institutions have to protect their customer and member information, and GLB specifies that they have to have regular testing of their security controls, and that is where we come in," he says.

Intrinium's team of information technology specialists provides its clients with various information-security assessments to ensure that malicious hackers can't infiltrate their networks, Garrett says. Such assessments are referred to in the data-security industry as penetration and vulnerability tests, he adds.

He says that when performing such a test, Intrinium's team will purposefully try to hack into a client's system in an effort to identify weaknesses or flaws that a hacker with criminal intent could use to breach what is supposed to be a secure system. Its IT technicians then know what areas of the client's network to reinforce against such breaches, he says.

In addition to the information-security services it provides, Intrinium offers a number of general information technology services to its clients, Garrett says. He adds that's mostly because the data-security work is seasonal, and the company doesn't perform many security audits during the first quarter of each year.

By offering general consulting services in addition to data-security assessments, Intrinium is able to maintain a balanced stream of revenue throughout the year, he says. Overall, he says the company's sales are split between those two focuses.

Some of its current clients include the city of Cheney, Inland Empire Distribution Systems Inc., and Eastern Washington University, Garrett says. In the past, the company has done work for Spokane-based Sterling Savings Bank.

The benefit of offering both data security and general IT services, Garrett says, is that Intrinium's technicians recognize that certain changes to a network could impact its overall security.

"Security affects everything else in IT, and we know what is supposed to happen from a security point of view," he says.

As part of that focus on other forms of network assistance, Intrinium recently has started to offer what's called business-intelligence consulting. Garrett says that service enables a client to access various pieces of data that are stored in different places on a network and to put those pieces together in a common format to analyze the data.

"There might be multiple applications that store different pieces of data, and that information is difficult to access," he says. "We provide integration services to pull the data to a common source and create reports so they can find out what the data they collect means."

A client Intrinium currently is working with to provide such reports is Newport Hospital & Health Services, in northeast Washington, as part of the Washington state Department of Health's Critical Access Hospital Program, Garrett says.

Another application of business-intelligence consulting in the medical field is standardizing data in different electronic medical records systems, he says.

On the security side of health care-related information, Garrett says that the recently enacted Health Information Technology for Economic and Clinical Health Act (HITECH) has upped the requirements for regular security-risk assessments for providers.

The HITECH Act addresses concerns with the privacy and security of electronic health information and strengthens the enforcement of the HIPAA rules concerning security. It was passed into law in 2009 as part of the American Reinvestment and Recovery Act

Garrett says some of the Spokane area's medical providers are just now seeing the results of the HITECH Act and that it's created new business for Intrinium in the area of information-security assessments.

Aside from the services it provides to the financial and health care sectors, Intrinium's staff is equipped with the knowledge and certification needed to assess the network security of any type of business that electronically processes credit or debit card transactions, Garrett says.

Garrett says companies that take electronic payments are required to undergo audits of their systems to ensure they comply with rules that regulate the storage of card holder information.

Because computing technology is constantly evolving, Garrett says Intrinium always monitors such changes so that its employees are up to date on their knowledge and skills. One way he ensures that Intrinium's employees stay current is by offering a reimbursement program to those who pay to take continuing education courses and training in various areas of data security and basic IT.

"IT changes on a daily basis, so I always have felt that people need to remain relevant in the field and not just rely on old experience," he says.

On a similar note, Garrett says one challenge he's faced is finding employees with backgrounds in computer science.

A 2005 graduate of Eastern Washington University with a bachelor's degree in computer science and minors in mathematics and physics, Garrett says that the majority of Intrinium's employees also studied there. He says he stays in contact with some of the computer science department's instructors for potential employees.

Garrett, a Spokane native, says he became interested in computers at a young age, and was enrolled in EWU's computer science program through the Running Start program by the time he graduated from Spokane Valley's University High School.