MSP Answers to Customer BDR Concerns Raised by NSA PRISM

With recent revelations about the National Security Agency (NSA) PRISM surveillance program spreading, one managed services provider (MSPs) selling data backup and disaster recovery (BDR) is starting to feel the heat from customers.

CCNS Consulting owner Karl Bickmore told MSPmentor that every sales calls involves some type of discussion on cloud and cloud security, but now the conversation is deeper.

"We have customers even more concerned than usual with the recent NSA revelations brought out by Snowden," he said.

To ease concerns, Bickmore said he points out the following to BDR customers:

• Backup encryption options.
• Appliance encryption methods.
• Solid security policy.

Backup encrpytion methods

Bickmore said the company leverages BDR solutions that provide an backup encryption option. By leveraging a backup encryption option, backup is encrypted as a file at rest in a datacenter and on the local BDR device as well.

"This makes the data very secure and private. Even for government organizations, it is difficult to poke into the data with the encryption methods used," he said. "Our customer and ourselves are the only ones that control that encryption key."

Appliance encryption methods

He said the backup appliances his company uses also provide encrpytion methods to protect the data from snoopers while the file is in transit, or being sent over the Internet to the secure data center. "Once again, most of what could be easily monitored would be unencrypted traffic," Bickmore explained.

Solid security policy

"An unfortunate reality of using the public internet as a company is there is always some risk in data becoming comprised," he said. "When you scan the entire risk spectrum, I am far more concerned about social media, emails, and poor firewall setups that expose live company data. Those are the easy targets and the traffic that is really being scrutinized."

To become less of a target, Bickmore said MSPs should be sure to assist with developing solid security policies for customers.

"For most of our customers, keeping the data in a secure and safe datacenter and automating the process of offsite backup over the Internet is still a much better solution," Bickmore said. "Ultimately, the self-run local alternative backup solutions are too risky and too unreliable in comparison."