MSP Regulation: 5 Ways to Prepare Now for ‘Good Standing’ Later
Louisiana Act 117 – Senate Bill 273 went into effect February 1, 2021, as the first-ever state legislation regulating Managed Service Providers (MSPs). Due to increasingly intelligent and targeted cyber-attacks, dependence on remote environments, the ability to opt-out of security, and insufficient business continuity requirements, widespread legislation is expected in the future.
While we don’t know much about implementation, Louisiana provides a glimpse into what new requirements might look like. The bill seeks to hold MSPs responsible for security breaches, rather than the business attacked. MSPs are now required to register with the state and remain in ‘good standing’ to lawfully contract with government bodies. All security incidents and ransom payments must be reported, and are made public for the benefit of consumers.
As cybersecurity challenges increase, it’s up to MSPs to demand better from solutions, vendors, customers, and the industry as a whole. Prepare your MSP as if your local laws required it. Fail-safe business continuity and disaster recovery (BCDR) does exist, but it’s up to MSPs to prove capable of managing it, no matter what.
Establish your MSP’s high standards, values, and focus by earning authenticated business credentials, such as the following:
- CompTIA Managed Services Trustmark showcases an MSP’s commitment to customers and quality by providing a complete managed services agreement – including standard operating procedures, best practices, and effective systems and tools for delivering services.
- National Institute of Standards and Technology (NIST) framework provides standards and practices to instill trust in your products and services, while helping to meet compliance obligations through infrastructure.
It’s also important for MSPs to stay on top of changing treats, new infiltration tactics, risky environments, and improved BCDR solutions. Take advantage of industry resources featuring channel experts and IT leaders via webinars, Facebook Live events, LinkedIn groups, and social media channels.
2. Choose Partners Wisely
MSPs and the their customers are only as protected as their solutions allow. Building your vendor stack requires a good amount of due diligence to find the provider and solution you trust.
- Explore your options with free product demos and trials.
- Validate the efficacy and reliability of solutions with third-party assessments and case studies.
- Partner with a 100% channel-focused provider for more than just IT solutions.
- Weigh the benefits of included perks, like a tier-based partner program, done-for-you marketing campaigns, channel-specific resources, and educational opportunities.
- Maintain high vendor standards by saying “no” to unwarranted rising costs, surprise fees and overages, insufficient support, and succumbing to vendor sprawl.
Switching vendors can seem overwhelming, but a partner with comprehensive solutions will work with you to make a smooth transition.
3. Layer Security Infrastructure
Cybercriminals feed on positive ROI, which is why MSPs and other businesses storing aggregate data are often targeted. In order to lower that return on investment, MSPs need to amass enough layers of security protection around data to thwart a hacker’s interests. Business continuity is made up of multiple layers, including…
- Managed Security Operations Center
- Identity and Password Management
- Security Training
- Endpoint Security
- Email Security
- Mobile Security
- Adherence to Compliance Regulations
4. Create a Cybersecurity Playbook
Cybersecurity playbooks go beyond incident response or disaster recovery plans to ensure true business continuity before, during, and after an event. Inclusive of the entire organization, a cybersecurity playbook is reviewed and practiced quarterly to identify new threats, ensure information accuracy, and adequately address current business needs. Cybersecurity playbooks address five critical pieces to prevent, address, and recover from incidents varying in criticality.
5. Bundle Security as a Non-Negotiable
A big reason for MSP regulation is because many MSPs present certain security layers as optional. Attempting to meet varying preferences, MSPs are knowingly enabling data loss rather than requiring data protection. When data loss does occur – and it will – who’s to blame? Customers for opting out of security? Or MSPs for allowing it?
Backup and disaster recovery (BDR) must be a standard solution required for all customers. This structure both ensures business continuity, and protects your MSP’s reputation and ability to grow. If you had to publicly divulge all cyber incidents, would potential and current customers still choose you? Today, it’s not enough to just suggest BDR. To do your job, MSPs must mandate it.
The unified Axcient x360 platform keeps business running with a single pane of glass for BCDR, Cloud to Cloud Backup, and Secure Sync & Share. Axcient Direct-to-Cloud hardware-free BDR, and Bring Your Own Data Center (BYODC) gives MSPs the choice and flexibility necessary to protect any environment with just one vendor.