Why it’s Time to Rethink your Compliance Strategy

MSP Tips

The very mention of “compliance” is enough to send IT managers running for cover. With the rise in privacy regulations worldwide, pleading ignorance or allowing compliance to take a back seat is no longer an option.

The trend toward increased privacy is worldwide. While GDPR has gotten more and more attention as the May 25, 2018 deadline looms closer, nations outside of the EU are also tightening their privacy regulations. In February 2018, the Privacy Act in Australia will be augmented with the Notifiable Data Breaches (NBD) scheme, which establishes requirements for entities in responding to data breaches. Under the NDB, organizations must notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.

In general, compliance falls into two buckets: general compliance requirements typically around privacy (such as GDPR and the Privacy Act in Australia) and industry-specific requirements (such as HIPAA for healthcare organizations in the United States and Sarbanes-Oxley for financial services companies).

And being familiar with the requirements is far from permanent understanding. Requirements evolve to keep pace with changing marketplaces and technology. PCI-DSS is a prime example. First established in 2006, the PCI Data Security Standards help protect the safety of payment security data for merchants, financial institution, and other entities that store, process or transmits cardholder data. Starting in July 2018 SSL/early TLS will no longer be an acceptable security encryption protocol. At a minimum, TLS 1.1 must be deployed (though TLS v1.2 is strongly encouraged) to meet the PCI DSS safeguarding payment data.

Compliance and the MSP

Part of what makes compliance so thorny is that it must be managed from every angle and thus touches every corner of a business. MSPs are in a unique position of having to deal with this on multiple levels. At a base level, you must ensure your business is in compliance with regulations that impact you directly. Then, you must look at your customers’ businesses and the requirements to which they must adhere. Not following compliance requirements damages your credibility as an IT expert and puts you at risk for financially crippling fines that would endanger your business.

If doctors’ offices are among your clients you must be sure they are in HIPAA compliance, if a restaurant that accepts credit cards is a customer, you must ensure PCI compliance, a college must adhere to FERPA, and the list goes on. An MSP whose clients span multiple industries must be well-versed in multiple evolving compliance requirements.

Or have a solution in place that leverages the customer’s knowledge with policy and automation capabilities. For starters, you need a solution that captures the right data. A layered model is ideal because it confirms you are doing the right things to keep your organization and customers safe. (Or informs you if you are not.)

Kaseya’s product portfolio is designed to facilitate the end-to-end regulatory compliance you need to keep your business and customers’ business’ secure and in compliance.

Discovery, patching and software management, and automation are key components of VSA by Kaseya. In addition, integration with antivirus, antimalware, and backup captures everything down to the hardware level that is needed for an audit.

AuthAnvil by Kaseya makes it easy to provide 2FA to secure your organization as well as your customers’ business. It can be used standalone or integrated with other products in the portfolio. In addition, Traverse by Kaseya addresses networking needs, monitoring back-end security infrastructure. It can also be used to audit changes to key devices like firewalls and routers.

Pulling it all together is reporting to demonstrate compliance or lack thereof totake any necessary action. The Kaseya GDPR Compliance Pack consists of four reports. GDPR Compliance, the main report, provides an overview of your security environemtn including antivirus status, anti-Malware status, VSA Users, the local Admins and patch status of your environment. The other reports provide a detailed summary of Antivirus, Anti-Malware and the patch status of all endpoints.

Lean more about how Kaseya can help you address your GDPR and other compliance needs.

Posted by Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.
The MSP Landscape as Told Through Data, with Jy McBain of Forrester - Connecting IT Podcast

Connecting IT Podcast – The MSP Landscape as Told Through Data, with Jay McBain of Forrester

In this edition of the Connecting IT Podcast, Jim Lippie Kaseya’s GM and SVP of Partner Development, talks with JayRead More

MSP Metrics and Fundamentals with Nigel Moore

Connecting IT Podcast – MSP Metrics and Fundamentals with Nigel Moore

In this edition of the Connecting IT Podcast, Jim Lippie, Kaseya’s GM and SVP of Partner Development, talks with NigelRead More

NOC- Network Operations Center

NOC: An MSP’s Guide to Network Operations Centers

Network operations center (NOC) services, in the context of modern-day IT managed services, typically involve the delivery of IT servicesRead More

person fixing a broken laptop

Break/Fix vs. Managed Services: All You Need to Know

IT service providers have come a long way over the past couple of decades. With the rapid rise in theRead More

Connect IT Global - You're Invisited! - 100% Virtual - August 24-27, 2020
2020 MSP Benchmark Survey Report