IT and Business Insights for SMB Solution Providers

Why Regulations Could Mean More Revenue

With compliance or data-breach notification laws in 46 out of 50 states, what your customers don't do to protect credit card and other sensitive data can hurt them. That's where you come in. By Colleen Frye

Scott Barlow is vice president of sales at Reflexion Networks Inc., based in Woburn, Mass. He recently spoke with ChannelPro-SMB Publisher Michael Siggins about the importance of helping customers with compliance issues, and how that opens up new possibilities for partners to expand their core competencies.

ChannelPro-SMB: Tell me about Reflexion Networks.

Barlow: Reflexion has been around since 2004, and we have essentially created a services delivery platform for the purpose of delivering hosted services through the solution provider exclusively to the small and midsize businesses. Today we offer email security, email archiving for e-discovery, and email encryption for compliance, and this is all done through a centralized management platform that is fully brandable by solution providers. They can configure everything on their own, so it’s a true on-demand solution. Right now we’re working with approximately 1,800 solution providers in about 50 countries.

ChannelPro-SMB: What are some of the finer points of compliance and regulations that resellers should be aware of?

Barlow: For the Federal Rules of Civil Procedure, which is really around archiving and the ability to produce electronically stored information in a timely manner (typically between 30 and 60 days), solution providers need to be able to produce this information. So the FRCP essentially changed the rules of e-discovery—or of discovery—allowing electronically stored information to become discoverable in court during a civil lawsuit.

Any company that can be sued in civil court needs to be able to produce this electronically stored information in that timely manner. So that’s really about archiving. Archiving is also important in healthcare for HIPPA and high-tech 2.0. [There’s] FINRA, for financial services and brokers, and you can get into the whole alphabet soup with Sarbanes-Oxley and Gramm-Leach-Bliley and so forth, but I think the overarching concern or focus for solution providers should be on providing a best-practice compliance solution for their customers.

ChannelPro-SMB: How does Reflexion’s solution help with compliance?

Barlow: For instance, 46 out of the 50 states have compliance or data-breach notification laws as well privacy laws, which basically state that you cannot have any personally identifiable information—like a credit card, driver’s license number, social security number—sent out via email in plain text. So we’ll automatically apply a lexicon on the email encryption side to identify if there’s a violation of any of these policies. If there is a violation, we’ll encrypt that message and then send it to the end-user recipient.

So we’re providing a portion of the compliance for solution providers to actually get into a customer now, and transition from selling products and services as a trusted IT adviser to more of a compliance officer, and helping the customer increase their revenue and operational efficiency and lower the customer’s costs.

ChannelPro-SMB: Are there specific certifications and credentials that your partners can get or should get, and then leverage those to get more business?

Barlow: There are a few different certifications. Obviously with CompTIA you have Security, Network, A, and a variety of different certifications. From a HIPAA standpoint, you can get HIPAA Administrator certification. A lot of partners come to me and say, “Hey, are you HIPAA compliant?” and that’s really the wrong question, because compliance around HIPAA or any other regulation isn’t just the data center, it’s the operations of the solution provider.

It’s how you’re automating the implementation of these different services. One of the things that is important for solution providers to understand is their customer is going to say, “No, we don’t send that information out via email.” When, in fact, you can run an evaluation and instead of encrypting it and sending it to the end-user recipient, we can bounce it back to the administrator or to the owner of a business to identify exactly what people are sending out, and if there are emails that contain this personally identifiable information or individually identifiable health information. At the end of the day, the customer needs to comply with these regulations and if they don’t and there is a breach, you need to notify the authorities of that breach. There are a lot of statistics out there of companies going out of business after a breach.

You want to be able to protect your customer, and it’s just a best practice. I don’t want my credit card information going out via email, period. So it’s good for the solution provider to help the customer comply with the regulations as a best practice and as a customer-retention vehicle, as opposed to having the federal regulations drive that.

ChannelPro-SMB: Do you see that there is going to be more and more regulation?

Barlow: Absolutely. I know a lot of small and midsize businesses cannot afford a [large] fine. So you want to be able to identity the regulations. There are a lot of common regulatory themes centered around the protection of personally identifiable information—credit card information, account numbers, financial information, healthcare information—and you want to be more proactive at preventing leakage of that data. There’s a great website out there called datalossdb.org and that will provide solution providers every single customer that has ever had a breach. Solution providers can use that content to identity local companies that have had breaches and what the status of that company is—whether they’re still in business, they’re out of business, and how much they got fined.

Solution providers can now use that information, [and] whether the customer responds to pain or if they respond better to gain, they’re going to be more proactive at preventing or protecting their customer’s information. And in 2012, I read that there’s a national law for data-breach notification and privacy that will be coming out that will cover all 50 states. So solution providers definitely need to pay attention to compliance, and I think it’s a huge revenue opportunity for them.

ChannelPro-SMB: If there’s a lot of ramp-up time and resources that need to be spent on education—it’s not for everybody. Does that present more opportunities to a smaller group who want to prepare themselves and go this route?

Barlow: Absolutely, and I think that solution providers should definitely rely on their vendors, because the vendor has a solution to the problem. They’re going to try to educate the solution provider.

It’s almost like train the trainer. We need to train the solution providers and then they’re going to train their end-user customers [on] the best practice [and] what is appropriate. You don’t want to send profanity out via email. You don’t want to send an Excel spreadsheet with a list of credit cards numbers for all of your customers because that can be very easily hijacked. So the solution providers that want to pay attention to these compliance regulations I think will absolutely transition from being that trusted IT adviser to a higher role in the channel ecosystem, and they’re going to excel and be able to acquire more customers in specific verticals than the solution provider that just focuses on managed services.

Michael Siggins contributed to this report.

About the Author

Colleen Frye's picture

Colleen Frye is ChannelPro's managing editor.

ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.