Story image

What MSPs need to know about Compliance-as-a-Service

11 Dec 17

Article by Marina Brook, StorageCraft head of sales Asia-Pacific

Changes in the regulatory landscape have had a significant impact on data management and security.

In the process of providing better protection and privacy for consumers, these changes have created a mixed bag of challenges and opportunities for all parties involved.

Combined with existing mandates and changing requirements, the risks associated with failure to comply have made compliance management a daunting task for organisations of all sizes.

Interestingly, not all is lost and there is a group of problem solvers waiting on the sidelines, ready to jump in for help.

Verizon’s 2015 PCI DSS Compliance Report found that four out of five organisations were still not compliant.

A 2017 study from SecurityMetrics reported that in 2016 the largest single origin of compromise (39%) was through insecure remote access, while according to the Ponemon Institute, which tracks the costs of data breaches every year, the average total cost per data breach is $4 million - up 29% since 2013.

This statistic highlights the opportunity for third-party service providers to capitalise on the issue and assist struggling companies with their compliance needs.

Australia’s notifiable data breaches legislation, due to come into effect on February 22, 2018, may well result in a similar lack of preparedness.

Adding Compliance-as-a-Service (CaaS) to a menu of service offerings is a strategic way for Managed Service Providers (MSPs) to cater to the regulatory requirements of existing clients and to attract new business.

Compliance is a virtual goldmine for service providers with the management expertise to simplify and satisfy the complex requirements associated regulations.

At the same time, hopping on that bandwagon is akin to opening Pandora’s Box because of the requirements that come with the territory.

MSPs must walk a fine line in order to ensure that the convoluted legal component of compliance doesn’t land them in hot water.

Lingo and liability

Borrowing the ‘as-a-Service’ moniker popularised by cloud computing, CaaS is far more than a cleverly named fad - it’s recognised as a legitimate industry on the rise.

CaaS providers make their money by customising solutions around individual compliance requirements.

Their management efforts are designed to help organisations prioritise internal policies and processes per mandated regulation and rule.

In a perfect world, CaaS is a cost-effective solution that enables regulated businesses to minimise the risk, cost and complexity of meeting compliance.

CaaS is a rather vague term that could be interpreted in more ways than one.

Based on the name’s general nature, one might assume that the provided service involves direct handling or securing of confidential information.

On the other hand, a potential customer might assume that it refers to managing internal processes typically performed by employees or actually guaranteeing compliance for one legislation or another.

There’s ambiguity in the CaaS term that can lead to a lot of confusion.

Third-party providers are often needed to help with aspects such as auditing, storage management, and disaster recovery.

These services come in handy and allow organisations to free up valuable time and eliminate some of the challenges associated with meeting industry regulations

Technology and expertise

The move from MSP to CaaS requires a special set of tools and procedures.

While the targeted field and legislation will determine the specifics, every successful transition is built around three key elements:

  • Providing rock-solid security that prioritizes data protection
  • Training personnel on the finer details of the regulations in question
  • Integrating new technology in a manner that is consistent with billing cycles and overall service offerings

Practitioners in emerging businesses are buckling under the pressures traditionally regulated industries have been dealing with for years.

When it comes to CaaS or compliance work in general, MSPs must be careful not to take on risks they cannot properly assess or manage - or the risk to their own business will quickly outsize the rewards.

JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Cisco dominates record-high Ethernet switch & router markets
While the market is flourishing, it’s tough-going as Cisco has increased its majority share of the pie.
SAP provides partners with free access to their cloud platform
“Now that over 3,700 SAP partners have joined our cloud strategy, the free resources will help them accelerate application development."
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Why the future of IT infrastructure is always on and always available
As more organisations embrace digital business, infrastructure and operations leaders will need to evolve their strategies and skills to keep up.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.