You need to focus on your business, not your IT. Yet leaving the responsibility of your data, in fact your entire IT function, in the hands of a Managed Services Provider (MSP) can seem daunting. Your data is the backbone of your business. You cease to exist if you lose access to it. It requires protection. Not treated like an expense.
So how do you evaluate an MSP on their ability to protect your data. To run your IT as if your data was as important to them, as it is to you? Evaluate your MSP across these 3 categories on their approach to your data.
Productivity: The applications that run your business, are critical to the success of your business. Whether those applications run in the cloud, or on-premise, your MSP needs to understand the criticality of those applications and how long you can manage your business without them. Applications are classified into tiers of importance:
- Tier 1 applications generally get provisioned on enterprise-grade servers hosted locally with backup redundancy built in.
- Tier 2 and 3 applications often times get less focus with the recognition that these can be offline for a period of time without significantly impacting your business.
Yet all tiers need to be available and are instrumental in supporting the health of your business. MSPs needs to categorize the criticality of your applications (both locally and in the cloud), and the hardware that ultimately supports your business including servers, networking, storage, printers, and specialize hardware.
Security and Compliance: Protection not only from Ransomware and Phishing attacks, but from employees, is a unique responsibility for Managed Service Providers. Security is one of the top concerns for SMBs and should be the top concern for your MSP in how they protect your data. Many MSP’s have advanced security certifications and have evolved into MSSP, or Managed Services and Security Providers. MSSP’s have a higher degree of security certification to ensure the protection of your corporate assets.
MSPs should also be evaluated on their knowledgeable of compliance and privacy as it relates to your business. Compliance is no longer just focused on certain verticals like finance (FINRA & PCI DSS) or healthcare (HIPAA), state and local governments are now getting involved in regulatory standards like NYDFS, California’s CCPA and Nevada’s privacy regulations (Senate Bill 220).
When evaluating your MSP for how they will protect your data, ask them their policy and procedures on:
- Endpoint Security
- Firewall Security
- Email Security
- Web Security
- Mobile Security
- Security Training
- Identity and Password Management
- Application Whitelisting
Protection: When a natural disaster is imminent, or security fails, can your MSP ensure that your business remains operational. In looking at your MSP, they should be able to address the availability of your business across three spectrums (or layers): Application, Files / Folder, and Software as a Service (SaaS).
All three layers are backed up and managed differently and need to be incorporated in your Business Continuity & Disaster Recovery planning. How your MSP approaches the protection layers should match or exceed the value you place on your data. They have the knowledge and experience to understand the risk and ramification of working with multiple clients and should guide you in the best protection technologies to ensure the continuity of your business.
At Axcient, we focus on ensuring your business availability by eradicating data risk. No one can protect you from the all risks when it comes to data loss. Axcient can be your last line of defense, protecting your data from natural disasters, human errors, and bad actors injecting ransomware into your environment. And ensuring that when the worst happens, Axcient can recover your data, period.