Email
Password
Remember meForgot password?
    Log in with Twitter

article imageQ&A: Digital tools offer help to businesses over data privacy Special

By Tim Sandle     Mar 15, 2020 in Business
While most businesses are aligned on the need for data privacy regulation, many small/mid sized businesses may find themselves dreading the next law, as one violation could mean fines upwards of $1.5 million. Mike Puglia, of Kaseya, looks at solutions.
To help businesses manage compliance complexities, Kaseya, a provider of IT solutions to MSPs and IT teams, has announced a new capability in its Compliance Manager platform that allows users to automate compliance processes and documentation according to the NIST Cyber Security Framework (CSF).
The aim is to enable Managed Services Providers (MSPs) to help small- and mid-sized companies prepare for nearly any existing of future data privacy law iteration. With this, Mike Puglia, Kaseya’s Chief Strategy Officer tells Digital Journal how MSPs can capitalize on the compliance gap in the marketplace with this tool.
Digital Journal: How are the various data privacy regulations impacting businesses?
Mike Puglia: Businesses are being held accountable for protecting personally identifiable information (PII) and protected health information (PHI) and for ensuring they’re securely creating, receiving, maintaining, transmitting and disposing of information.
Businesses that refuse to take the necessary precautions expose themselves to both regulatory and legal risks. Regulatory agencies have increased enforcement and issued a record number of fines, both in total number and overall cost to prevent data breaches before they occur. These penalties are meant to discourage organizations from not securing user data after a breach.
Nearly every data breach is almost immediately followed by a class-action lawsuit that seeks to compensate victims for a business’s lack of security and compliance. While fines and breaches have a direct impact on a business’s bottom line, the loss of consumer trust and goodwill often results in a greater negative impact and takes longer to recover from.
DJ: Are businesses well-prepared or are some still struggling? What should strugglers be doing?
Puglia: Most businesses, especially SMBs, are struggling with compliance and are, frankly, burying their heads in the sand, hoping it will go away. With the increase in cybercrime, it’s not a matter of if, but when an organization has a data breach, and those businesses ignoring the laws will suffer the financial and business impacts the most.
For businesses that are struggling and don’t have the internal resources necessary to maintain compliance, we recommend they work with a managed service provider (MSP) that offers data privacy and regulatory Compliance-as-a-Service (CaaS). An MSP is uniquely positioned to help a business with their compliance requirements, from auditing their environment and identifying and remediating risks, to generating the required documentation and providing end-user training.
A business that doesn’t have the internal resources to manage their own compliance should focus on their core competencies. They should outsource the management of their data privacy and regulatory compliance to a qualified MSP that’s better positioned to stay current on the latest regulatory requirements and changes.
DJ: How aware are consumers becoming of data privacy issues?
Puglia:The passage of state data privacy laws like California Consumer Privacy Act (CCPA) and NY SHIELD, coupled with the class action lawsuits that immediately follow what seems to be daily announcements of corporate data breaches, has increased consumers’ awareness of their rights regarding their data privacy. Consumers are now tracking their financial health with credit monitoring services and being more diligent on how their data is collected and shared.
However, despite their heightened awareness, most consumers still expect businesses to protect their consumer data. So, while consumers have become more aware of data privacy issues, many feel powerless to protect their own personal data and, instead, rely on businesses and government regulators to implement and enforce appropriate data privacy safeguards.
DJ: Why did you develop the Compliance Manager platform?
Puglia:Kaseya Compliance Manager grew out of our expertise in producing comprehensive network assessments. Many of our customers recognized the similarities between these network assessment reports and the reporting they were required to do for compliance standards like HIPAA, GDPR and NIST, and they encouraged us to build a product to support compliance.
After looking into the existing compliance tools and processes in the market, we saw two distinct gaps. First, most companies had no robust Policies & Procedure document describing the organization’s best practices to comply with a standard. Second, there rarely was a set of compliance-specific reports mandated under a particular standard. So, we built these, both of which resonated with our customers who were experts in remediating IT issues but did not necessarily have the skillset to build out the mandatory reporting requirement.
DJ: How does the Compliance Manager work?
Puglia:Kaseya Compliance Manager is the first and only purpose-built, role-based Compliance Process Automation platform. First, using an automated network, computer, data and security discovery technical scans, an assessment questionnaire determines the policies and procedures you need to implement. From this, the tool generates gap analysis, remediation plans and evidence of compliance, specific to each standard.
DJ: How do you ensure that the platform is up-to-date?
Puglia:Kaseya Compliance Manager has a dedicated team following the ever-changing rules and regulations for each compliance standard we support. We work with industry experts to ensure that the Compliance Manager stays up-to-date with the latest regulations, and we update the software with changes on a regular cadence.
DJ: How secure is the platform? How do you ensure that cybersecurity measures are in place?
Puglia:Compliance Manager uses the latest techniques in encryption and data isolation to ensure security. A dedicated security team is responsible for ensuring both development security and also operational security in the environment. Security measures include a defined change management process through which a Change Review Board reviews and approves all changes. Separation of duties and assignment of access on a least privilege model are also in place to help assure limited access to client data.
More about Data privacy, Compliance, Data, digital solutions
 
Latest News
Top News