The very mention of “compliance” is enough to send IT managers running for cover. With the rise in privacy regulations worldwide, pleading ignorance or allowing compliance to take a back seat is no longer an option.
The trend toward increased privacy is worldwide. While GDPR has gotten more and more attention as the May 25, 2018 deadline looms closer, nations outside of the EU are also tightening their privacy regulations. In February 2018, the Privacy Act in Australia will be augmented with the Notifiable Data Breaches (NBD) scheme, which establishes requirements for entities in responding to data breaches. Under the NDB, organizations must notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.
In general, compliance falls into two buckets: general compliance requirements typically around privacy (such as GDPR and the Privacy Act in Australia) and industry-specific requirements (such as HIPAA for healthcare organizations in the United States and Sarbanes-Oxley for financial services companies).
And being familiar with the requirements is far from permanent understanding. Requirements evolve to keep pace with changing marketplaces and technology. PCI-DSS is a prime example. First established in 2006, the PCI Data Security Standards help protect the safety of payment security data for merchants, financial institution, and other entities that store, process or transmits cardholder data. Starting in July 2018 SSL/early TLS will no longer be an acceptable security encryption protocol. At a minimum, TLS 1.1 must be deployed (though TLS v1.2 is strongly encouraged) to meet the PCI DSS safeguarding payment data.
Compliance and the MSP
Part of what makes compliance so thorny is that it must be managed from every angle and thus touches every corner of a business. MSPs are in a unique position of having to deal with this on multiple levels. At a base level, you must ensure your business is in compliance with regulations that impact you directly. Then, you must look at your customers’ businesses and the requirements to which they must adhere. Not following compliance requirements damages your credibility as an IT expert and puts you at risk for financially crippling fines that would endanger your business.
If doctors’ offices are among your clients you must be sure they are in HIPAA compliance, if a restaurant that accepts credit cards is a customer, you must ensure PCI compliance, a college must adhere to FERPA, and the list goes on. An MSP whose clients span multiple industries must be well-versed in multiple evolving compliance requirements.
Or have a solution in place that leverages the customer’s knowledge with policy and automation capabilities. For starters, you need a solution that captures the right data. A layered model is ideal because it confirms you are doing the right things to keep your organization and customers safe. (Or informs you if you are not.)
Kaseya’s product portfolio is designed to facilitate the end-to-end regulatory compliance you need to keep your business and customers’ business’ secure and in compliance.
Discovery, patching and software management, and automation are key components of VSA by Kaseya. In addition, integration with antivirus, antimalware, and backup captures everything down to the hardware level that is needed for an audit.
AuthAnvil by Kaseya makes it easy to provide 2FA to secure your organization as well as your customers’ business. It can be used standalone or integrated with other products in the portfolio. In addition, Traverse by Kaseya addresses networking needs, monitoring back-end security infrastructure. It can also be used to audit changes to key devices like firewalls and routers.
Pulling it all together is reporting to demonstrate compliance or lack thereof totake any necessary action. The Kaseya GDPR Compliance Pack consists of four reports. GDPR Compliance, the main report, provides an overview of your security environemtn including antivirus status, anti-Malware status, VSA Users, the local Admins and patch status of your environment. The other reports provide a detailed summary of Antivirus, Anti-Malware and the patch status of all endpoints.