There has been public clamoring for and discussion around the idea of regulating cloud providers and managed service providers (MSPs). But Charles Weaver, CEO of MSP Alliance, said regulation is not necessary.
“We already have a good standard that works, and it’s been around for nine years. UCS is being updated regularly, and it’s better than anything else out there, and we have certifications and audits going on worldwide,” he said. About 500 MSPs worldwide are UCS-certified, according to Weaver, who pointed out that UCS was rebranded from the Managed Services Accreditation Program about two years ago, with reporting and auditing enhancements.
The We Support the Standard initiative asks industry participants capable of undergoing the MSP and cloud certification and audit to do so. And it's calling on those companies that are not ready to do so to show support for and spread the word about industry self-regulation, posting the We Support the Standard logo on their company website.
“It’s important that we show others that we support self-regulation and that we’re serious about regulations and standards in our profession,” said Weaver.
Certification is a hallmark of being a professional, and it helps to establish trust with business customers. For MSPs, establishing trust and transparency with potential clients is becoming increasingly necessary for doing business.
Mainstream Technologies Inc., a Little Rock, Ark., company that provides managed services, custom software and hosting, was the first company to receive the UCS cloud certification.
“We had two strategic reasons for getting the UCS certification: It was part of an initiative to improve the overall quality of our business and to make us eligible for certain types of business that weren’t available to us without it,” said John Burgess, president of Mainstream Technologies and an MSPAlliance board member.
Burgess said that having the UCS in hand for two years now has completely achieved what he had hoped it would. “It changed what used to be an angst-filled exchange with some potential customers to it being a checkbox item,” he said.
There are a growing number of regulated businesses -- such as regulated utilities, publicly traded companies, healthcare companies and financial services firms, to name several -- asking potential business partners for proof of certification and auditing.
“Certification hasn’t been a showstopper for MSPs until recently,” said Edward Ferrara, principal research analyst serving security and risk professionals at Forrester Research Inc. “Now, not having certification could hurt an MSP’s competitiveness.”
While the financial services industry has led the way with audit requirements, other industries are playing catch-up to the banks, such as healthcare (under HIPAA) and the insurance and legal sectors, where customer confidentiality is at stake.
Locknet, a LaCrosse, Wisc., MSP and a division of EO Johnson Office Technologies, acquired the UCS certification to satisfy its large client base of financial services companies.
“There are common guidelines for examinations under the Federal Financial Institutions Examination Council (FFIEC) that require companies, like ours, to have robust internal and external audit programs. There are many flavors of these certifications out there, but none were industry-specific except for UCS,” said Peter Kujawa, president of Locknet Division and MSPAlliance board member. "We needed something we could hand to our clients," he added.