Local or Cloud? Helping Customers Make the Right Choice
If you’ve been following the cloud computing news cycle lately, you know that there’s been quite a bit of controversy in the consumer space pertaining to security. Recently, Dropbox confirmed that a number of its users’ passwords had been stolen. Soon after, Apple co-founder Steve Wozniak publicly expressed his reservations about “everything going to the cloud.” Wozniak argued that people should be storing their data on local machines, an opinion that was soon followed by news that Stanford Hospital announced that a doctor’s computer was stolen from a locked office.
The computer was password-protected, but legally the hospital had to report the theft as a data breach. The information on the computer included protected health information (PHI) as well as some Social Security numbers. Despite location services software on the computer, officials have been unable to locate the computer. Not only is the security breach extremely embarrassing, it’s costing the hospital a fair amount of money, as it is providing identity protection services for all affected patients.
While the tech blogs may blow up when a there’s a security breach that affects consumers, protecting enterprise data in certain regulated industries is a much more serious task. When it comes to backup and security in regulated industries, every precaution must be taken to protect a company’s business and its customers. If your customers work in industries where there are specific security compliance regulations, it’s essential to grasp the importance of protecting both company and customer data.
Let Your Expertise be Known
Before you can offer a solution, you need to demonstrate that you understand the complexity of regulatory compliance and the necessary testing controls. Make it clear that you understand the regulatory requirements such as the Sarbanes-Oxley Act (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm Leach Bliley Act (GLBA). It is critical that you understand the organizational approach your customer is taking to guide compliance efforts at the entity level. IT solutions for compliance require strong IT infrastructure security, access control mechanisms and contingency planning provisions. A secure cloud-connected backup and recovery plan offers the most comprehensive protection with the quickest recovery times.
Explain in detail why and how a cloud-connected solution meets their needs: because your data is securely protected on site (fast recovery) and in the cloud (comprehensive in the case of lost, damaged or stolen equipment). To provide that level of security to your customer, you will need to partner with a company whose products and services offer 256-bit AES/SSL 128bit/FIPS 140-2 standard encryption, rules-based access controls, SSAE-16 infrastructure, a key industry auditing standard. Suggest that your customers refer to SO 27001, CoBIT or other applicable standards so they can be assured that the solution you’re providing is the best.
Trust is Key
Customers need a trusted adviser to guide them through the process of data management, because although they understand the importance of their data, they often lack the technical expertise to fully understand the kind of protection they need. Many still believe — incorrectly — that tape or disk backup are their only or best options. Impress them by anticipating their needs and offering solutions that never would have occurred to them. As an example, if the computer from Stanford Hospital had endpoint protection software, the compromised data could have been wiped off the computer remotely, but perhaps they were not even aware that such software existed.
Help your Customers Find the Right IT Specialist – YOU
Unfortunately, companies in these highly regulated industries are often vulnerable to outsourced IT specialists who lack the expertise to effectively serve their customers. For example, at the Mello and Pickering Law Firm, the partners recognized how critical the security of client data was, but they were unable to assess whether their current backup system was effective. The IT specialist they worked with did not provide them with a sufficient reporting system or test the effectiveness of each backup. Eventually, they discovered their system had stopped backing up data and they had not even realized it. What was nearly a disaster for this law firm turned into an opportunity for a specialist who had specialized expertise managing sensitive data and complying with legal industry standards.
These regulated business customers rely on their data far more than the average Dropbox user. In fact, significant data loss could literally result in bankruptcy for an unprepared and unprotected law firm. They must be able to test their disaster recovery service and get total assurance that it is indeed fail-proof. That enables them to both meet compliance regulations and offer better service to their own customers because they know that they are prepared for any situation. Furthermore, they also need to know that they can scale effectively as their needs and business grow.
You can help recommend a cloud-connected backup and recovery system. It is scalable and can accommodate growing archives of customer or patient information. The company’s IT staff can rest-assured their data is fully protected and can be restored quickly and easily. They also know that as they continue to expand, they have a solution — and an IT specialist — that will grow with them. You’ll be in a great position for the future. When you help your customers do better business, they want to do more business with you.
Monthly guest blogs such as this one are part of The VAR Guy’s annual platinum sponsorship. Read all EVault guest blogs here.