Sponsored By

What Role Do MSPs and VARs Play in Protecting Sensitive Customer Data?

Over the past several years, Internet privacy and the rights and restrictions of companies storing personal user data has become one of the largest and most controversial topics in the IT community.

Michael Cusanelli

December 30, 2015

3 Min Read
What Role Do MSPs and VARs Play in Protecting Sensitive Customer Data?

Over the past several years, Internet privacy and the rights and restrictions of companies storing personal user data has become one of the largest and most controversial topics in the IT community. Most recently, the topic of individual Internet privacy has turned toward the rights of minors, particularly after November’s vTech hacking and recent allegations that suggested Google was spying on K-12th graders using its Chromebooks for Education. Unfortunately, these are just a few examples of the types of information loss that have become all too common in our society.

Despite the constant chatter about the subject of data privacy, the role of managed service providers and value-added resellers is often overlooked, chiefly because the general public is unaware of their involvement in enterprise data storage and retrieval. So where do MSPs and VARs fit into the big picture when it comes to protecting customer data?

According to Ron Culler, founder and CTO of Secure Designs Inc., MSPs and VARs who deal with sensitive customer information have the responsibility to follow their personal ethical code when it comes to what data they should and should not analyze. The same principles apply to large corporations; in the case of Google allegedly spying on students, this means creating and following a strict moral code to refrain from violating users’ right to privacy.

“The amount of information that’s out there owned by individual organizations like Google is fairly large,” said Culler, in an interview with The VAR Guy. “If they can connect that information with other data sources it can actually deliver them a pretty powerful tool to improve their product. But at the same time if someone with the wrong intentions gets a hold of it it’s actually a pretty powerful product for other intentions.”

Culler, who spent ten years working as part of the United States Navy’s Cryptologic Technician Maintenance division, is the former president of LAN Technologies, a network consultancy firm, and later founded Secure Designs in 2001. As a security expert, he said it is important for MSPs and VARs to carefully research and understand the type of data their potential customer deals with to be sure they are capable of meeting compliance and regulatory needs before accepting any work. Failure to do so can result in monetary fines, government seizure of data files, and a loss of customer trust. For example, businesses can protect themselves from potential backlash by HIPAA covered entities by setting up a Business Associate’ Agreement prior to performing any services.

It is also critical for MSPs and VARs to know and abide by the federal as well as state and local privacy laws in the places where they do business. Each of the fifty U.S. states has its own specific data privacy law (and in certain states, no law at all) so it is critical for service providers to understand the specific rules and regulations of the state where their data is being housed. This goes for customers in other countries as well, where data privacy issues are completely different from those in the United States.

“In today’s global, digital economy, my data — if it is stored in the cloud — can travel around the world,” said Culler. “And when it’s outside of the United States, I don’t have control over it anymore. The country that it’s sitting on a server in, that’s the country that ultimately has control.”

Unfortunately, in many cases the difference between an MSP or VAR simply monitoring customer information to provide a service and actually spying on users comes down to personal and company ethics. The ability to spy on individuals is all too easy in the Internet age, but what hasn’t changed is the importance of adhering to a strict policy to do no harm against others. As you can imagine, that philosophy is much easier said than done, especially when millions and billions of dollars are to be made.

What are your thoughts on the role of MSPs and VARs in protecting customer data? Sound off in the comments or tweet @MCusanelliSB to share your opinion.

Read more about:

AgentsMSPsVARs/SIs

About the Author(s)

Michael  Cusanelli

Associate Editor, Penton Technology Group, Channel

Michael Cusanelli is the associate editor for Penton Technology’s channel properties, including The VAR Guy, MSPmentor and Talkin' Cloud. He has written articles and produced video for Newsday.com and is a graduate of Stony Brook University's School of Journalism in New York. In his spare time Michael likes to play video games, watch sci-fi movies and participate in all things nerdy. He can be reached at [email protected]

 

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like