Selecting managed service providers can be a difficult task for customers, which can easily translate to difficulties for MSPs trying to convince prospects that their services are properly secured and managed. With this challenge in mind, the International Association of Cloud & Managed Service Providers (MSPAlliance), a professional association with more than 20,000 members worldwide, is introducing guidelines for the validation of MSPs, based in part on the Unified Certification Standard for Cloud & Managed Service Providers (UCS), as well as the group's code of conduct.
Key aspects include specific information on the location of customer data, disclosure and policies for the control of any third-party data access, transparency requirements, ethical and financial controls, and also requirements around the use of both public and private clouds.
"This is a vehicle for giving business customers transparency into who their service provider is, and how their data is being managed," said Charles Weaver, CEO of the MSPAlliance. "Businesses have a compelling need to know where their data is located, as well as who is touching their data. The UCS certification requires a full audit, including on-site visits."
[Related: MSPs: Where The Money Is]
In the midst of recent developments with the national security agency and related disclosures, location of data has emerged as a major issue among some circles.
"The Canadians are really freaked out about data leaking south of the border because of the Patriot Act," Weaver said. "They want to know if data that enters the United States might be subjected to further probing. Regardless of your politics, this can be an issue of concern. MSPs need to understand what kinds of cloud environments they are bringing the customer, and be able to answer questions quickly and concisely."
"Customers are asking not just about your infrastructure in the data center, but also about policies and procedures," he continued. "The strength of the data security is only as strong as the weakest link. The MSP operation extends to wherever the MSP personnel are logging in from, how they login, whether they go through a firewall, or whether they are leveraging third-party NOCs, help desks and after-hours support. People want to know who is touching their data. Are you handling credentials properly? We also talk about financial health a lot. It goes beyond [profit and loss], but also goes to financial risk tolerance, insurance, [service-level agreements] and cash flow."
NEXT: Potential For Government Regulation