Managed service providers once had what would be viewed today as a relatively simple responsibility when it comes to their own security and compliance procedures. However, a combination of much higher rates of cybercrime, data breaches and identity theft along with the transforming state of federal regulations, has made things a bit more complicated, and these firms are now also expected to take a stance on privacy protection that was once saved for advocacy groups and the like.
The United States government has done battle with several major Internet-based companies in the past few years, and this has had a dramatic impact on the ways in which business leaders provision their managed services from third-parties. Striking the balance between client trust and compliance with federal demands can be difficult, and it only seems as though this is going to continue to become more complex over time.
MSPs would do well to keep up with these movements, as they will almost always have some direct or indirect implication for the industry.
One of the most consistent battles in this space has been between Yahoo and the U.S. government, as the former continues to try and protect privacy of its users while the latter has asserted that these actions are impeding upon necessary criminal investigations. The Guardian reported that the National Security Agency had requested data from Yahoo, and the service provider declined to allow the investigators into its systems.
This led to a serious threat, as the source pointed out that the federal government looked to levy a fine of roughly one-quarter of a million dollars each day until Yahoo complied with the request, but this did not actually get the Internet giant to pony up the requested information. According to the news provider, this all came out in a document, classified and not available for public consumption.
The Guardian cited the comments of General Counsel Ron Bell who works for Yahoo and released some of this information on his blog.
"Despite the declassification and release, portions of the documents remain sealed and classified to this day, unknown even to our team," Bell wrote, according to the source. 'The released documents underscore how we had to fight every step of the way to challenge the US government's surveillance efforts. At one point, the US government threatened the imposition of $250,000 in fines per day if we refused to comply."
What's your take?
At the end of the day, these battles that make headlines will generally be saved to the biggest Internet giants out there, and smaller MSPs will not have to be quite as concerned. However, any entity that handles data backup and security for others might eventually have to make a decision between handing over client data or being fined and prosecuted by federal entities.
The time is now to write policies which will guide the firm through these challenging events.