Why It's Time to Rethink Your Compliance StrategyWhy It's Time to Rethink Your Compliance Strategy
Part of what makes compliance so thorny is that it must be managed from every angle and thus touches every corner of a business. MSPs are in a unique position of having to deal with this on multiple levels.
December 22, 2017
Sponsored by Kaseya
The very mention of “compliance” is enough to send IT managers running for cover. With a rise in privacy regulations, pleading ignorance or allowing compliance to take a back seat is no longer an option.
The trend toward increased privacy is worldwide. While GDPR has gotten more and more attention as the May 25, 2018, deadline looms closer, nations outside of the EU are also tightening their privacy regulations. In February 2018, the Privacy Act in Australia will be augmented with the Notifiable Data Breaches (NBD) scheme, which establishes requirements for entities in responding to data breaches. Under the NDB, organizations must notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.
In general, compliance falls into two buckets: general compliance requirements typically around privacy (such as GDPR and the Privacy Act in Australia) and industry-specific requirements (such as HIPAA for healthcare organizations in the United States and Sarbanes-Oxley for financial services companies).
And being familiar with the requirements is far from a one and done in permanently understanding them. Requirements evolve to keep pace with changing marketplaces and technology. PCI Data Security Standards (PCI-DSS) is a prime example. First established in 2006, PCI-DSS helps protect the safety of payment security data for merchants, financial institutions and other entities that store, process or transmit cardholder data. Starting in July 2018, SSL/early TLS will no longer be an acceptable security encryption protocol. At a minimum, TLS 1.1 must be deployed (though TLS v1.2 is strongly encouraged) to meet the PCI DSS for safeguarding payment data.
Compliance and the MSP
Part of what makes compliance so thorny is that it must be managed from every angle and thus touches every corner of a business. MSPs are in a unique position of having to deal with this on multiple levels. At a base level, you must ensure your business is in compliance with regulations that impact you directly. Then, you must look at your customers’ businesses and the requirements to which they must adhere. Not following compliance requirements damages your credibility as an IT expert and puts you at risk for financially crippling fines that would endanger your business.
If doctors’ offices are among your clients, you must be sure they are in HIPAA compliance; if a restaurant that accepts credit cards is a customer, you must ensure PCI compliance; a college must adhere to FERPA, and the list goes on. An MSP whose clients span multiple industries must be well-versed in multiple evolving compliance requirements.
Or have a solution in place that leverages customers’ knowledge with policy and automation capabilities. For starters, you need a solution that captures the right data. A layered model is ideal because it confirms you are doing the right things to keep your organization and customers safe. (Or informs you if you are not.)
Kaseya’s product portfolio is designed to facilitate the end-to-end regulatory compliance you need to keep your business and customers’ business secure and in compliance.
Discovery, patching and software management, and automation are key components of VSA by Kaseya. In addition, integration with antivirus, antimalware and backup captures everything down to the hardware level that is needed for an audit.
AuthAnvil by Kaseya makes it easy to provide 2FA to secure your organization as well as your customers’ business. It can be used standalone or integrated with other products in the portfolio. In addition, Traverse by Kaseya addresses networking needs, monitoring back-end security infrastructure. It can also be used to audit changes to key devices like firewalls and routers.
However, this functionality alone is of limited value without reporting to demonstrate compliance or lack thereof to tell you whether further action is needed. To provide that information, the Kaseya GDPR Compliance Pack offers four reports. GDPR Compliance, the main report, provides an overview of your security environment, including antivirus status, antimalware status, VSA users, the local administrators, and patch status of your environment. The other reports provide detailed summaries of antivirus, antimalware and patch status of all endpoints.
Joining Kaseya in 2012, Miguel Lopez brings over 20 years of experience to his role as SVP, Managed Service Providers (MSPs). In this position, he consults daily with MSPs to help them solve their clients’ business problems with technology solutions. Prior to joining Kaseya, Miguel served as the director of consulting services for All Covered, a nationwide technology services company that is a division of Konica Minolta Business Solutions USA Inc. In 2008, All Covered acquired NetCor Technologies, a leading MSP that Miguel founded and managed since 1997. NetCor specialized in serving highly regulated industries such as healthcare, CPAs, law firms and retail companies.
This guest blog is part of a Channel Futures sponsorship.
You May Also Like