The MSPAlliance, a Chico, California-based industry organization for managed service providers, today announced changes to its MSP/Cloud Verify certification program.
A rarity in the managed services world first launched in 2004, the MSP/Cloud Verify certification provides third-party validation of an MSP’s processes and capabilities that they can use for sales and marketing purposes or to satisfy security audit requirements in customer RFPs. The rigorous, multi-month qualification process can also help providers uncover and eliminate gaps in their procedures and offerings.
Today’s updates to the MSP/Cloud Verify program are part of an annual review process led by MSPAlliance’s advisory board. Among the additional hurdles for certification introduced today is a new infrastructure-as-a-service risk assessment aimed at confirming that MSPs are in compliance with IaaS software licensing requirements.
“Different vendors out there on the software side especially have in recent years been going after end users and service providers alike to shore up their missing revenue from misuse of licenses,” says MSPAlliance CEO Charles Weaver. “The penalties by the software vendor could be significant.” The new IaaS exposure check aims to protect MSPs and their customers from such fines.
Also added to the MSP/Cloud Verify qualification process today are new security-related prerequisites, including one requiring applicants to have policies in place for preventing and responding to ransomware attacks, and another obliging providers to keep client passwords solely in encrypted storage repositories. According to Weaver, that last mandate stems from the unfortunate fact that MSPs all too often store credentials in plain old spreadsheets.
“They should be using or adopting password management technology,” he says.
At present, Weaver states, around 800 to 900 MSPs either have the MSP/Cloud Verify certification or are somewhere in the application or renewal process.