Last time, I discussed the four basic types of managed service providers (MSPs) with which organizations commonly partner. Those categories help to determine the types of services offered by MSPs. In general, MSPs provide five primary services to customers.

Regulatory Policy Compliance

The privacy regulatory landscape is constantly expanding. According to Gartner, privacy regulations will cover the personal information of 65% of the world’s population by 2023. That’s up from 10% at the beginning of 2020, with 60 jurisdictions around the world having already enacted or proposed data privacy or protection laws.

Those regulations operate at various levels, making it difficult for organizations to keep up with their compliance obligations. For instance, 26 U.S. States introduced privacy bills in the first eight months of 2021; both Colorado and Virginia ratified their respective proposals in that period. What’s more, organizations need to balance their industry-specific regulations such as the Health Insurance Portability and Accountability Act (HIPAA) with their use of Zoom and other third-party apps to meet their evolving business requirements.

Fortunately, MSPs can do the ongoing work that’s required to ensure organizations maintain system compliance with mandates such as PCI DSS, SOX, and others.

Best Practice Framework Enforcement

While compliance with privacy and data protection regulations is mandatory for in-scope entities, organizations can augment their security postures even further by opting to adopt best practice frameworks. Take the Center for Internet Security’s Security Controls (CIS Controls) as an example. These Controls consist of recommended actions that organizations can use to defend themselves against the most pervasive attacks in the threat landscape today.

In the spring of 2021, CIS released Version 8 of its Controls. The updated set includes measures that organizations can use to secure their cloud and mobile technologies. It also groups (Read more...)