Jul
8

The Managed Service Provider’s Guide to Balancing Security, Privacy, and Usability

The Managed Service Provider’s Guide to Balancing Security, Privacy, and Usability

July 8
By

If you’ve been following the Google Glass story, you may know that the heavily hyped wearable device is causing a bit of a stir in the land of fish and chips. UK theaters have banned patrons from wearing the gadget while taking in a movie, a move seemingly driven by both piracy and privacy concerns. All the rage aside, theater operators are treating Glass like any other device with recording capabilities.

Where technology and data intersect, privacy concerns loom. This isn’t just an issue that impacts the giants like Google, Apple, and Microsoft. Any organization that collects, processes, and stores sensitive information needs to make privacy a top priority. With all the personal and financial data that runs through their systems, managed service providers are no exception. It takes a careful balancing act to deliver the type of protection and business efficiency that keeps MSP clients satisfied.

Optimize Data Collection

The info you collect from your clients generally falls in two categories: the essentials, and the extras that may have additional value later down the road. To minimize security and privacy risks, MSPs should  only ask for information that is absolutely necessary. Hackers can’t steal what you don’t have.

Secure Your Surroundings 

As an MSP, the fact that you’re in possession of credit card numbers, personally identifiable information, and other sensitive details makes you a prime target of cybercrimals. In order to protect your customers and reputation, you must be diligent in securing every bit of information you store. An end-to-end solution that protects your website, databases, network, and everything in between should be the focus of your security strategy.

Upgrade Your Security Prowess (If Need Be)

If you lack confidence in your current security capabilities, you may want to consider turning to a third-party for some help. There are vendors on the scene who offer MSP-friendly platforms you can use to secure your network, and keep our clients protected in the process. These solutions offer the added bonus of being flexible enough to pass off as you own and profit in the managed security service provider (MSSP) segment of the industry.

Make Privacy Transparent

I know I don’t have to tell you that unless your organization is operating as a nonprofit, you’re probably required by law to publish a privacy policy on your website. I will, however, go through the trouble of explaining which areas of that policy need the most transparency.

Data collection procedures. Whether it’s via cookies or a web form, your privacy policy should detail exactly what customer information you collect and how you plan on obtaining it.

Data usage. You should also disclose how you intend to use that information. Customers will surely want to know if their data is being shared with third-party partners.

Opt-out process. If you have a mailing list or optional features that collect data on your website, let people know how they can opt out or disable them.

Data changes. Customers should know how they can update their personal information when changes need to be made. If changes will possibly be made on your end, let the customer know how they will be notified.

A privacy policy can provide another layer of protection for your company should litigation come into play. Have a qualified legal professional go over it with a careful eye to make sure it’s properly drafted from beginning to end.

Talk Privacy with Clients

Unfortunately, a privacy policy is one of those documents that few people actually take the time to read. This is why it’s a good idea to occasionally communicate beyond the policy literature.

Contrary to the popular belief around consumer paranoia, many people will gladly hand over personal information if they know how it’s being used –  especially if it benefits them. For example, an email informing customers how tracking their activity will help personalize the administrative experience for the VPN or other MSP software they use may be something they embrace.

Preserving Usability

Implementing effective privacy policies and security mechanisms may calm customer concerns, but an MSP can’t stop there. It’s vital to address usability as well. Without accounting for usability, you could end up stifling the growth of your business. Just imagine how frustrated clients would be if your bulletproof authentication system keeps preventing them from logging in. The goal is providing the utmost security and privacy while ensuring that the features of your services are still readily available.

For a managed service provider, successfully balancing security and usability depends on its ability to communicate risks to both its internal resources and client base. Security personnel must communicate the risks of specific actions so the organization understands which risks it can afford to absorb. Many of these same risks should be communicated to the client so they can play their part. Most people will take the extra steps necessary to protect their privacy when they clearly understand why. They’re more likely to become disgruntled when left in the dark, and usability will suffer as a result.

A New Industry Focus

Privacy has become a huge deal across the technological landscape and the MSP vertical is taking notice. MSPAlliance, an internationally recognized association for the cloud and MSP industries, recently assembled a new commission to guide the collective market in its privacy and security initiatives. The committee is reportedly working on developing best practices for protecting the avalanche of data stored across both sectors. Bodies like the MSPAlliance can offer the guidance, but each MSP must execute the game plan that provides the best experience for their customers.

Photo Credit: Brandon Nedwek via Flickr