Kaseya announced that it has partnered with SafeLogic, a premier provider of FIPS 140 validated cryptography solutions, to implement the encryption standard across its product suite. FIPS is a set of cybersecurity standards for companies working with the U.S. government. The National Institute of Standards and Technology (NIST) developed FIPS to protect sensitive information.
“This will enhance our security posture across the board while also helping MSPs and their customers meet requirements like FEDRamp and CMMC,” says Max Pruger, general manager, audit and compliance, at Kaseya. “MSPs’ customers that have regulated data are required to use software that implements FIPS encryption. This is not optional.”
Kaseya last fall committed to pursuing the FedRAMP standard to help support MSP partners with their CMMC (Cybersecurity Maturity Model Certification) and other compliance certification requirements.
Kaseya first implemented SafeLogic in VSA 9 several years ago, Pruger says, “so we are confident with their solution.” In addition, he says, “SafeLogic is one of the first companies that’s had their encryption algorithms validated on FIPS 140-3, and that’s what we’re going to implement.” The previous version, FIPS 140-2, is still widely used but will be phased out.
The partnership with SafeLogic allows Kaseya to continue updating and upgrading its encryption to meet the latest FIPS 140-3 requirements. Encrypting data using the latest FIPS 140-3 validated cryptography allows Kaseya partners to demonstrate their own commitment to security and meeting ever-changing compliance standards.
Positioning MSP Partners for the Future
Implementing FIPS 140-3 will not only open up to new opportunities for MSPs to acquire customers in regulated industries, but it will enable them to maintain their existing customers as enforcement of compliance rules becomes more widespread, says Jon DePerro, vice president of FedRAMP and compliance solutions.
“You have new rules and new enforcement of old rules, and then you have new proposed rules,” DePerro says. “They’re coming at you from every angle of regulated data—defense information, healthcare information, finance information, and criminal justice or small government information. If you store, process, or transmit protected data, you’re going to need these tools.”
Extending the SafeLogic partnership is MSP-driven, Pruger says. “We have partners who are actively pursuing contracts in regulated industries who, in order to maintain operational efficiency, address vendor fatigue, and reduce costs, have standardized on the K365 platform. This allows them to continue using our software while growing their business.”
Continuing Commitment to Partners
Kaseya’s commitment to the encryption protocol removes potential barriers for MSPs looking to grow business with customers in regulated industries, DePerro says. “You have to have secure offerings, and this adds depth to your offering.”
Pruger notes that the process of becoming FIPS compliant is time consuming and expensive, evidence Kaseya is putting its money where its mouth is to support partners. “The most important thing that MSPs need to know is that Kaseya is committed to implementing the appropriate encryption protocols to ensure that MSPs can continue servicing their existing customers as well as go after new customers and regulated industries.”
