Written by: Charles Weaver, CEO of MSPAlliance
If you’ve been listening or reading MSPAlliance for the last ten years or so, you’ve probably heard this before: “it’s better for MSPs to regulate themselves, rather than wait for someone else to do it.” This mantra has been something we’ve been promoting for a long time because it has been part of the DNA of the MSPAlliance to help MSPs be self sufficient when it comes to governing their industry.
Recently, there have been a number of articles written in the non-technical press about cloud regulation being proposed. These articles have proposed everything from standardized SLAs for cloud computing to guidelines and best practices for cloud computing providers. What’s wrong with this? Nothing, but if these guidelines are being imposed by governmental bodies, who also have the power to write laws and levy taxes, it’s not difficult to conclude that we may soon be facing laws dictating how cloud providers operate, what SLAs they can use, and whether they pay taxes on the “managed services” they offer.
The real issue for us is that most, if not all governmental bodies are ill equipped to understand managed services and cloud computing. The industry moves very rapidly these days, and it is difficult for professionals in the industry to keep up, much less a bureaucrat writing a law. The MSP profession, like most other professions, needs to guide itself rather than have inexperienced legislators attempting to make sense of a very complicated and quick changing part of our world.
Sure, you may have guidelines like FedRAMP, dealing with cloud computing providers who want to work with the Federal government, but these certifications were designed for Federal government use, not necessarily for private sector. Even within the federal government you may have a wide variety of use case scenarios, each demanding different levels of scrutiny, security, privacy, and transparency.
The point is, service providers, whether cloud or MSP, need to be aware of initiatives like this, which may eventually lead to direct or indirect regulation. Themes like transparency, privacy, and security, are essentially what guidelines like FedRAMP are all about. For that matter, these same themes are the bedrock of the MSP/Cloud Verify Program, developed over 10 years ago.
The days when service providers could operate without any oversight are officially over. While this is a good thing, it’s not a good thing if the government decides it will be the body providing the oversight. MSPs have thrived for decades precisely because they have not be regulated. MSPs have had the freedom to experiment, innovate, and push their own limits of service delivery. This is part of what makes the IT industry so successful, particularly during periods of economic stagnation.
MSPs should be more transparent, secure, and cautious about data privacy. Doing these things and being able to show that they can do these things will go a long way to establishing trust with the end user community. It may also help keep the MSP and cloud computing profession unregulated!