the exclamake! blog

An article in Channel Insider explains that state legislation that requires companies to report data breaches stengthens the case for MSPs (Managed Service Providers). Mike Rothman provides a viewpoint in Security Incite Rants.

My thoughts on this are… who are we talking about here, the enterprise or SMB’s? If the enterprise, I think this is a weak argument since they’re not relying on VAR’s (reactive) for service, they have their own IT staff and first option is to bolster that. Seriously, would hiring an MSP reduce your company’s liability for breaches? Distribute it, maybe, but if you’ve ever seen an MSP contract, there are a lot of disclaimers.

If we’re talking about SMBs, the issue of liability exists whether the breached company reports or not. I don’t know what the penalty is for not reporting, but if you look at the breaches reported in California, you won’t find one small or medium business in there. An MSP is attractive for an SMB because they get a proactive security provider (proactivity?), but I don’t really see liability toward reporting as being a major selling point.

As an MSP, I definitely like pro-MSP arguments, but this article was a little underwhelming. It seems the report was based on the recent MSP Alliance Expo. Maybe they’re stretching the press on this event a little too far. More compelling arguments for MSPs can be found here.