The Datacenter Journal, 11/5/15
When one of your services meets a client’s goal in a way the in-house team can’t handle, you’ve struck managed-service-provider (MSP) gold. In recent years, the cloud has been a catalyst for countless moments of this nature. Enterprise IT teams are increasingly adopting various cloud consumption models to cut storage costs and reduce data center footprints, and MSPs with cloud services in their portfolios are reaping the benefits by finding new ways to add value in each type of situation. When you’re in this position, all goes well, until your client gets breached.
You’ve likely warned the client in question against transferring unencrypted data to cloud-based hosts, but you know clients don’t always follow this recommendation. Even if a breach of this nature isn’t your fault, keeping your clients’ data out of harm’s way is an expected part of your job as an MSP. Even if you’re not a security expert, certain concerns need to be at the top of your list as you’re building out your service portfolio and handling clients’ private information. To start amping up your security, ask yourself the following questions about the risk landscape that you’re facing today:
1. Which security and compliance regulations matter to my clients?
Keeping up with compliance regulations is a universal effort. Between operations, software and physical-infrastructure management, every IT pro has a mental checklist of precautions and best practices that helps keep his organization in check. As an MSP, you should know this list by heart—and be ready to expand it.
Help your clients up the security and compliance status quo by getting familiar with industry-specific ordinances such as the Payment Card Industry (PCI) rules, the Health Insurance Portability and Accountability Act (HIPAA) and the Statements on Standards for Attestation Engagements (SSAE), and give them a means to document operational practices in order to pass audits with flying colors. Then, go a step further by providing recommendations for their data centers’ more advanced physical and operational security controls, which can include anything from biometric scans to man traps to surveillance.