Guidance for MSPs / MSSPs Pursuing Compliance-as-a-Service (CaaS)

PC Encryption Regulatory Compliance

Encryption has become the de facto compliance standard to protect data on PCs and mobile devices. Effective encryption shields organizations from devastating breaches and violations, fines and penalties and public outcry and reputation tarnishing. This whitepaper covers myriad sources for such compliance mandates, the implementation specifics of which are often admittedly unspecific or seemingly discretionary. HIPAA, over the last two years, has become the bellwether compliancy standard and is often cited for specific guidance from auditors across all compliancy disciplines. Encryption is almost always prescribed by auditors as an interpretation of more loosely defined data security standards wherever sensitive data is concerned.

For the last of those who believe these new and more stringent requirements apply only to the largest of organizations, think again. The requirements are moving from enterprise through SMB, and the vehicle for its enforcement is coming in the form of compliancy questionnaires.