Beyond PCI compliance

As data protection demands evolve, so must managed service providers

In the wake of some much-publicised data leaks, many countries are tightening their data protection rules. This trend often starts in the public sector and then spreads out to the wider business community.

However, there are few trans-national security rules in place and widely enforced. One of these is the Payment Card Industry Data Security Standard (PCI DSS), a common standard to stop security breaches and ultimately reduce credit card fraud.

The standard is audited through an independent assessor, and the credit card companies behind PCI have the power to enforce sanctions - including fines and the suspension of merchant privileges - for organisations that fail to meet the grade

PCI, at least within financial services, has forced organisations to step up their security game.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

It does not exist in isolation though. Increasingly, major international companies that dominate in areas such as logistics, automotive, retail and manufacturing are beginning to follow suit with their own security requirements imposed on suppliers before they are granted access to shared IT resources. This is on top of pan-European security and privacy regulations such as General Data Protection Regulation (GDPR), which also forces tighter security requirements around data retention and sharing.

Companies that need to adhere to these standards must find a way for the different parts of their organisations to work together, although this can often pose a challenge. IT departments are the core of this initiative but there is often a requirement to bring in HR elements for policy and training, legal experts for statutory obligations and compatibility with jurisdictional matters, perhaps even facilities managers to ensure that security extends to physical access policies.

Moreover, with regulators gaining more power to name, shame and ultimately fine organisations that fail to create satisfactory levels of security controls, MSPs have an opportunity to become indispensable partners in the goal to become certified.

But, for MSPs to reach this position, they need three key attributes.

The first is an investment in skills - especially an understanding of the key industry and governmental regulatory requirements. With clients seeking expertise, it is vital that MSPs can become an independent expert that's able to offer advice based on a depth of knowledge and practical experience. There are a number of training courses that can help brush up these skills and MSPs would be wise to invest in these as an initial position.

Next come technology platforms that help streamline the process of assessing a client's current position in respect to regulatory compliance and wider security best practice. For example, SolarWinds' MSP Risk Intelligence suite can run automated vulnerability scans along with PCI and HIPAA compliance scans to create a benchmark.

Advertisement - Article continues below

The last MSP requirement is a professional services capability that's needed to start the engagements that work towards solving any issues discovered in a risk intelligence scan, along with an understanding of the regulatory requirements that must be met to achieve full compliance.

Although PCI is the most noteworthy, having the skills and processes in place to meet client requirements for this standard also helps develop a service portfolio that can be extended to other areas.

What's more, PCI and other standards continue to evolve, requiring organisations to adapt to new threats and business practices, and helping the MSP relationship to grow and become more of a trusted partner over time.

Ultimately, as organisations move beyond PCI, the benefit of better security processes will impact across the entire organisation. For progressive MSPs, thinking further down the line is great way to build a sustainable and profitable security practice.

Advertisement
Advertisement - Article continues below

This is an independent article written by Channel Pro, sponsored by SolarWinds MSP to celebrate thought leadership in IT. Learn more about SolarWinds' MSP Risk intelligence and enjoy a free 14 day trial by clicking here.

Would you like to turn data protection into a differentiatior for your business? Download this whitepaper here to find out more.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020