Story image

What MSPs need to know about Compliance-as-a-Service

11 Dec 2017

Article by Marina Brook, StorageCraft head of sales Asia-Pacific

Changes in the regulatory landscape have had a significant impact on data management and security.

In the process of providing better protection and privacy for consumers, these changes have created a mixed bag of challenges and opportunities for all parties involved.

Combined with existing mandates and changing requirements, the risks associated with failure to comply have made compliance management a daunting task for organisations of all sizes.

Interestingly, not all is lost and there is a group of problem solvers waiting on the sidelines, ready to jump in for help.

Verizon’s 2015 PCI DSS Compliance Report found that four out of five organisations were still not compliant.

A 2017 study from SecurityMetrics reported that in 2016 the largest single origin of compromise (39%) was through insecure remote access, while according to the Ponemon Institute, which tracks the costs of data breaches every year, the average total cost per data breach is $4 million - up 29% since 2013.

This statistic highlights the opportunity for third-party service providers to capitalise on the issue and assist struggling companies with their compliance needs.

Australia’s notifiable data breaches legislation, due to come into effect on February 22, 2018, may well result in a similar lack of preparedness.

Adding Compliance-as-a-Service (CaaS) to a menu of service offerings is a strategic way for Managed Service Providers (MSPs) to cater to the regulatory requirements of existing clients and to attract new business.

Compliance is a virtual goldmine for service providers with the management expertise to simplify and satisfy the complex requirements associated regulations.

At the same time, hopping on that bandwagon is akin to opening Pandora’s Box because of the requirements that come with the territory.

MSPs must walk a fine line in order to ensure that the convoluted legal component of compliance doesn’t land them in hot water.

Lingo and liability

Borrowing the ‘as-a-Service’ moniker popularised by cloud computing, CaaS is far more than a cleverly named fad - it’s recognised as a legitimate industry on the rise.

CaaS providers make their money by customising solutions around individual compliance requirements.

Their management efforts are designed to help organisations prioritise internal policies and processes per mandated regulation and rule.

In a perfect world, CaaS is a cost-effective solution that enables regulated businesses to minimise the risk, cost and complexity of meeting compliance.

CaaS is a rather vague term that could be interpreted in more ways than one.

Based on the name’s general nature, one might assume that the provided service involves direct handling or securing of confidential information.

On the other hand, a potential customer might assume that it refers to managing internal processes typically performed by employees or actually guaranteeing compliance for one legislation or another.

There’s ambiguity in the CaaS term that can lead to a lot of confusion.

Third-party providers are often needed to help with aspects such as auditing, storage management, and disaster recovery.

These services come in handy and allow organisations to free up valuable time and eliminate some of the challenges associated with meeting industry regulations

Technology and expertise

The move from MSP to CaaS requires a special set of tools and procedures.

While the targeted field and legislation will determine the specifics, every successful transition is built around three key elements:

  • Providing rock-solid security that prioritizes data protection
  • Training personnel on the finer details of the regulations in question
  • Integrating new technology in a manner that is consistent with billing cycles and overall service offerings

Practitioners in emerging businesses are buckling under the pressures traditionally regulated industries have been dealing with for years.

When it comes to CaaS or compliance work in general, MSPs must be careful not to take on risks they cannot properly assess or manage - or the risk to their own business will quickly outsize the rewards.

How IBM’s acquisition of Red Hat could impact your business
The acquisition is pending regulatory approval, but IBM expects the deal to close in the second half of 2019. 
Data center colocation market to hit $90b in next five years
As data center services grow in popularity across enterprises large and small, the colocation market is seeing the benefits in market size.
Automation beginning to impact Aussie workforce
18% of those surveyed said automation has already impacted their job ‘significantly’, with their duties changing or their role becoming redundant.
OVH launches public cloud down under
OVH Public Cloud services is expanding to Australia out of two data centres - one in Sydney and one in Singapore.
Acer’s new programme and portal for partners
A simple and manageable programme designed to incentivise, recognise and reward commercial partner achievements.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
In ongoing cloud war, Google to acquire data migration specialist
Google is currently behind AWS and Microsoft in the cloud battle, and it would seem this play is an attempt to claw some ground back.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.