I typically don’t comment publicly on political matters, but when a story comes so close to our profession it demands a public response. I will not comment on whether anything improper happened with regards to Hillary Clinton’s email handling; that will come out in due course. However, when the FBI starts to visit managed service providers, there are things which need to be discussed.
Managed Services Hits the Front Pages
First, any attempt to insinuate that this MSP did anything wrong should be reserved until after more facts are known. For example, we come across many MSPs (in the course of their certification examination) who are not responsible for data backup for their customers. If a customer says don’t back up my data, the MSP will not back up the data.
In this case, the issue seems to be whether any copies of Mrs. Clinton’s emails have been saved any place other than her server, which she claims has been deleted and wiped clean. Obviously, those of us in the industry know there are many types of backup solutions, both physical and cloud based which could provide redundant storage of such emails.
I would hope that any public servant (including their MSP) would know that introducing a 3rd party provider and allowing them to touch that sensitive data comes with significant risk issues. After all, the Secretary of State of the US is no ordinary customer.
Second, this is a great learning experience for MSPs and how they should be cautious about the types of customers they serve. MSPs assume risk every day. This is par for the course. The trick is not to take on too much risk without being compensated. Platte River Networks, the MSP in question, is now being scrutinized by everyone in the mainstream press, to the FBI, and Congressional committees. Assuming they did nothing wrong, Platte River now needs to prove that they did nothing wrong and that they abided by industry standards in their dealings with Mrs. Clinton’s server.
Documentation is Key
Whether Platte River assumes any blame in this could largely hinge on whether they had adequately documented policies and procedures and whether they followed those procedures. For instance, any MSP who has been MSP/Cloud Verified can show documentation signed by the 3rd party auditor concerning their backup and data retention policies, both internal for those performed on customers. If this MSP doesn’t have such documentation, it could be very difficult to prove their role in this growing scandal.
The point here is that managed service providers are now mainstream news worthy. Our industry is being discussed at many levels, and it is our time to show we have value to the end-user community. I just hope this press does not negatively impact the brand of managed services moving forward.