As regulation creeps into all phases of data lifecycle management, managed service providers are assuming greater data protection responsibilities on behalf of their customers. While many customers understand that they have regulatory compliance gaps, challenges persist in how to translate these requirements into data protection policies that are actionable, enforceable, and auditable. The natural place for businesses to turn to is you, their trusted MSP partners to help them translate their data protection requirements into actionable policies that can be centrally managed, enforced and tracked.
As an MSP, this creates a great opportunity to engage your C-level customer in a way that deepens your relationship and provides them strategic business value. Assisting your customers in defining data protection policies also enables the MSP to create proper expectations between the customer and the MSP who will be providing those services.
Things To Think AboutWhen looking to assume greater responsibilities from your customer, take the following into account:
- Shifting Liabilities & Exposure: Growing data protection liabilities may be shifting to you. Make sure you and your customer are on the same page about back-up and restore policies and encryption methodologies so that gaps in data privacy aren’t inadvertently created or overlooked.
- Policy Dependence on End User Behavior: End user behavior is a recognized detriment to IT policy enforcement. How can a CSO comfortably ensure compliance if end users can disable backup or encryption? Use systems that enable you to centrally manage enforcement of policy without requiring users to do anything.
- Reporting and Audit Requirements: How do you know when the policies are actually being enforced? Set realistic expectations for policy management, reporting and audits up front.
- Data Protection Policy Sit-down: Conduct a session with your customer to determine their needs surrounding data protection and their current gaps. Think in terms of end user processes surrounding employee on-boarding, on-going end user data protection, and lifecycle management. What should happen when an employee’s laptop fails or is stolen? What should happen when an employee exits the business?
- Draft Data Protection Policies for the Client: Write up the policies and get your customer to sign off on them. If the client already has policies, that is great, but chances are they do not map to the reality of your data protection services. Take the steps to draft the policies for your customer as if you were drafting an SLA.
- Solution Selection: Choose a technology solution that will enable you to meet your customer’s policy needs while minimizing the amount of activity asked of end users. Minimizing your own costs, risks and required intervention are obvious keys to success.
Ron Faith is president and CEO of Datacastle Corporation, a SaaS data security solution provider serving managed service providers worldwide. Guest blog entries such as this one are contributed on a monthly basis as part of MSPmentor.net’s 2009 Platinum sponsorship.