Managed Service Providers have a real challenge when they try to talk to their customers about the benefits of encrypting their sensitive data. If your experience is like mine, pretty soon their eyes glaze over and they are wanting to change the subject. I get that - encryption is a subject that only nerds can love. But we also know how important encryption is. So how do we convey that?
One of our MSP partners shared this bit of wisdom:
“Ask them if they carry cyber insurance”.
“Why?” I asked, more than a little confused about how this related to encryption.
“Have you read your policy?” she asked. “Take a look at the section on encryption.” And then she shared a short form application for cyber insurance from a large carrier.
Wow! I’ve had my head in the technical weeds of encryption and compliance for too long. Here is an extract from a short form insurance application:
Indicate whether the Applicant encrypts private or sensitive data:
- While at rest in the Applicant’s database or on the Applicant’s network __Yes __No
- While in transit in electronic form __Yes __No
- While on mobile devices __Yes __No
- While on employee owned devices __Yes __No
- While in the care, custody, and control of a third party service provider __Yes __No
I am guessing that many organizations just answer “Yes” to all of these questions without thinking about it. As my MSP partner pointed out, if you respond incorrectly on an insurance application you negate any benefits you might receive. Are they covered in the event of a data breach or ransomware attack? Maybe not. That can be a shocker to the end customer.
Rather than talk about encryption in an abstract way, this MSP talks about their cyber insurance policy and what they need to do to ensure coverage. She said that this is the most effective method she has ever used to get agreement from a customer to implement encryption of their data at rest. She’s never had someone decline to implement this important security control once they realize what is at stake.
My takeaway is this: not everyone is as excited or interested in encryption as I am. But everyone knows how important it is to have insurance coverage. MSPs know that encryption is a core part of a defense against cyber attacks including ransomware. Modern ransomware attacks include encrypting your data to deny you access, as well as stealing your data and holding you hostage with the threat of making it public. You might have a good backup plan to recover your data, but you can’t defend yourself from the threat of public release if the hacker has your unencrypted data. If the attacker can’t read your data because you encrypted it, they can’t release it to the public.
I hope this practical example helps you talk with your customers about the importance of encryption.
How are we at Townsend Security helping MSPs get the job done?
Our MSP partner program helps MSPs protect VMware infrastructure by providing our key management solution, Alliance Key Manager, on a low cost, monthly usage basis. You can encrypt VMs, vSAN and deploy vTPM easily. Imagine offering encryption to your end customers and not incurring any upfront costs or annual minimum payments for the KMS. Imagine turning encryption into a profit center for your benefit and for your customer’s benefit. Imagine offering encryption to even your smallest customers and knowing that they can afford it! And, imagine doing this for your hosting platform, for the cloud, and for your customer’s on-premise infrastructure.
Imagine the relief of your customers after a data breach when they learn that cyber criminals did not steal unencrypted data!
Our MSP partners are doing this every day.
If you are a Managed Service Provider and want to know more about our partner program, you can learn more here.
If you are an MSP I hope you will take advantage of our MSP partner program. Talk to us to find out more.
Patrick