The International Association of Cloud & Managed Service Providers (MSPAlliance) has issued best-practice guidelines for managed service providers for safeguarding their clients’ information in the cloud.
The guidelines, based in part on the Unified Certification Standard for Cloud & Managed Service Providers (UCS), also wrap in the MSPAlliance Code of Ethics and Conduct, as well as the Consumer Bill of Rights.
“Cloud computing has opened a lot of doors for customers and the service providers who manage their IT needs,” said Celia Weaver, president and co-founder of the MSPAlliance. “However, those customers do need to be aware of how cloud can also expose their sensitive data in ways they never contemplated. That’s why these guidelines based on the UCS cloud standard are so important.”
The idea to establish policies to help enable businesses to make well informed decisions about where their data is store and who has access to that data.
Highlights of the recommendations include:
- Communication to businesses about location of their data
- Disclosure to the business customer of any third parties who may have a meaningful access to that customer data
- Established controls that govern how third party service providers should handle sensitive customer data
- Controls for how service providers deal with both public and private cloud environments
- Transparency requirements for service providers when communicating with customers and prospects related to sensitive data
- Ethical, financial, and security controls governing how service providers handle customer data
“The MSPAlliance guidelines are very important for businesses if they want to know how to protect their data in the cloud,” said Michael Corey, CEO of Ntirety and an MSPAlliance advisory board member. “If you leave your house and want to protect what’s inside you use a lock. Business data should be no different.”