While the growth of punitive regulations has led some MSPs to back off clients with ample regulated data, others are responding by establishing compliance-as-a-service using encryption.
AUSTIN – San Jose-based Beachhead Solutions, in attendance at the CompTIA ChannelCon event here, is a provider of remote encryption management for mobile devices, sold as a service through the MSP channel. It’s a hot market – with government regulation being the principal driver. Beachhead has seen a surge in channel partner interest, and the number of partners signed up has grown significantly as a result.
Beachhead has one of the more colourful histories in the industry.
“We have been around for ten years,” said Cam Roberson, Director, Reseller Channel, at Beachhead. “We were originally a company with a few technologists who worked with government agencies including Defense, and were looking for ways to secure data where things were confiscated, blown up or otherwise threatened. The premise was developing ability to destroy data in cases like where a Humvee was captured or wrecked. How do you make the data go away?”
They developed a way to eliminate vulnerable data remotely.
“Lost Data Destruction was that first product,” Roberson said. “It was the worst product name ever, because it scared people. As a result, even though it was very highly acclaimed, it wasn’t fully adopted.”
More successful – what Roberson called a more articulate approach to eliminate access – is the remote control system that they use in their present SimplySecure Management System, a multi-tenanted tool to enforce encryption and access control.
‘It quarantines the impacted data, and a lot of what it does is encryption key management techniques,” he said. “The partner can remove keys and repopulate – all remotely, and all through the Web. It’s a nice approach for MSPs to be able to eliminate access to clients’ data at their request, if a mobile device is lost or stolen.”
While encryption technology has had a historical barrier to adoption from being overly complex and hard to use, SimplySecure is, as the name indicates, designed to be simple. For the end user, it’s transparent and easy to deal with. For the MSP, it’s easy both to deploy and to manage, with small IT shops – even a staff of one person – being able to handle it.
“We are encryption first, and are not so much concerned with the device as we are about the data,” Roberson said. “It’s the data that causes problems if it’s breached, and which opens up the end user – and the MSP – to fines and penalties.”
Roberson said that historically, MSPs have been slow to realize that if data under their management is breached, their neck is on the line as well.
“MSPs have always been willing to take this business even though they are vulnerable to regulatory issues through compliance, with shared liability,” he said. “They have been starting to realize this, and some MSPs have responded by not being willing to take business which deals with data subject to regulatory compliance. As a result, some HIPAA-covered entities in particular have found it harder to find support.”
Roberson said that their solution offers an answer for MSPs.
“A company like us aren’t ever going to get the visibility of the RMMs, but MSPs do understand encryption, and many of them are using us to develop compliance practices, with compliance-as-a service,” he said.
While partners have been part of Beachhead’s go-to-market model from the very beginning, there is more interest now than ever, particularly as the date for adoption of the EU’s General Data Protection Regulation (GDPR) regulation draws closer, with its provisions affecting anyone anywhere who does business in the EU.
“We have now close to 200 partners worldwide, and the numbers have really ramped up over the last six months,” Roberson said. “We are growing at a much higher rate than ever before. There’s nothing like the government to motivate, with threats of very substantial fines for failing to meet audits or failing to meet audits after a breach. We are seeing a lot of interest around the GDPR, including from European MSPs. In the last six months, people have started to move on this.”
Roberson said that, not surprisingly, interest in what Beachhead has to offer has been strong at ChannelCon.
“This show is always worth attending, even beyond meeting potential new partners, because it’s always a big think tank of smart people in the channel,” he said.