5 Things MSPs Can Do to Prepare for Regulation

Louisiana’s first-of-its kind legislation for Managed Service Providers (MSPs) gives the channel an idea of what regulation might look like. As other states and the federal government consider similar governance, MSPs can take steps to both prepare for future regulation, and potentially prove it unnecessary.

Regardless of if you think these laws are justified or not, today’s digital landscape challenges MSPs to keep up with a number of factors threatening data loss. Increasingly high numbers of mature cyber-attacks, an influx of remote workers, businesses choosing to forego security solutions, and service providers allowing clients to opt-out of business continuity and disaster recovery (BCDR). Fortunately, comprehensive security solutions and client-first business practices can prevent catastrophic breaches.

While authorities are considering regulation, rather than implementing it – which can be a nightmare – every MSP has a responsibility to elevate the industry. Prove your ability to self-regulate by preparing for the registration, reporting, and accountability requirements put forth in Louisiana Act 117 – Senate Bill 273. Regulations shift the blame and consequences of an attack away from the client and onto MSPs. It’s in your best interest to prepare for that responsibility with higher standards for your solutions, vendors, and clients.

1. Build a Layered Security Infrastructure

Today’s complex, targeted, and frequent cyber-attacks demand multiple layers of cybersecurity to keep data safe. Hackers are motivated by a positive return on investment (ROI). That motivation has increased targeted attacks on MSPs, and other businesses that store not only their own data, but also client data. MSPs need enough walls around data where it’s not worth a hacker’s time and effort to knock them all down. A comprehensive business continuity solution includes multiple layers, such as…

2. Utilize a Cybersecurity Playbook as Your Guide for Incident Response

Many MSPs think incident response, or a disaster recovery plan, are good enough. In fact, a  cybersecurity playbook is necessary to ensure true businesses continuity before, during, and after an event. Incident response defines the processes for identifying an issue, reporting on it, and how to communicate. A cybersecurity playbook includes incident response, and then goes above and beyond. Playbooks are comprehensive across an organization and are reviewed and practiced quarterly. Regular upkeep identifies new threats; ensures information accuracy; confirms the ability to adequately address current business needs; and serves as a complete manual and map for preventing, addressing, and recovering from incidents varying in criticality. There are five critical pieces addressed in a cybersecurity playbook:

  1. Protection
  2. Detection
  3. Communication
  4. Response
  5. Recovery

3. Eliminate the Risk of Allowing Clients to Opt-Out of Security

In an attempt to satisfy client budgets and preferences, many MSPs present certain security measures as optional. This is one of the biggest contributors to potential regulation of the channel. If MSPs are letting clients assume the risk of data loss, and that data does in fact get compromised, who is at fault? The client for assuming the risk? Or the MSP for allowing their client to take such a critical risk?

Security-first MSPs include backup and disaster recovery (BDR) as part of their standard services required for all clients. Mandating necessary solutions to ensure business continuity not only protects clients, but also your MSP’s reputation and ability to grow. Louisiana’s bill requires MSPs to report all cyber incidents and ransomware payments to the state for public display. Imagine the affect such information could have on your business. Remain competitive by protecting clients as if it was your own business on the line – because it is.

4. Partner with Vendors that Share Your Security-First Approach

MSPs are only as good as their vendors, and not all vendors are created equal. When building your vendor stack, explore your opportunities with different providers to find the cost, structure, and benefits you value. Ask for third-party assessments to validate the efficacy and reliability of solutions. Choose vendors 100% dedicated to the channel to get more than just the solutions clients need. These vendors often provide additional benefits aimed at helping you to grow your MSP. Resources like a tier-based partner program, done-for-you, brandable marketing campaigns, channel-specific resources, and educational opportunities.

If a vendor is not meeting your expectations, take advantage of free product demos and trials with other providers. Challenges like rising costs, surprise fees and overages, insufficient support, and the consequences of vendor sprawl can ruin your reputation and threaten profits. Switching vendors can seem overwhelming, but a good provider with comprehensive solutions will work with you to make a smooth transition.

5. Self-Regulate and Continue Your Education

Assert your MSP’s high standards, values, and focus by earning authenticated business credentials that position you above others. For instance, the CompTIA Managed Services Trustmark proves an MSP’s commitment to their clients. By providing a complete managed services agreement that includes standard operating procedures, best practices, and the right systems and tools for delivering services, MSPs can earn tangible proof of your dedication to quality. CompTIA also offers additional certifications, continuing education, events, and resources. Additionally, MSPs can adopt the National Institute of Standards and Technology (NIST) framework. Their cybersecurity framework provides standards and best practices to build trust in your products and services, and help meet compliance obligations by improving infrastructure.

Threats, tactics, environments, risks, and solutions change regularly in IT, so it’s important to stay educated. Attend webinars and Facebook Live events, join channel-specific LinkedIn groups, and follow vendors on your favorite social media channels to keep up-to-date. New product features, expert advice, and information from channel leaders might be just what you need to overcome the unknown challenges of 2021.

Join Axcient for a limited-time virtual lunch event covering everything MSP regulation. The Future of MSP Regulation: Understand What’s at Stake for Your Business is hosted by Axcient’s Senior Vice President of Product, Ben Nowacky.

  • Plan ahead for higher operating costs and compliance overhead.
  • Gain expert security insight to overcome remote work challenges.
  • Explore the impact of public breaches on regulation – including the SolarWinds attack.

Discover how a layered security approach can help you meet, and potentially avoid, incoming channel regulations. Reserve your spot today!


Liz Mellem

About the Author:
Liz Mellem // Technical Copywriter, Axcient

Liz Mellem has been a freelance copywriter for over three years in the technology, education, and alternative medicine industries. She produces content, sales collateral, and email marketing campaigns that contribute to digital marketing strategies for sales growth and brand awareness. In her free time, Liz enjoys reading, exploring Austin, and Netflix with her cat, Harlem.