General security

Interview: Charles Weaver, CEO of MSPAlliance

July 23, 2012 by Jack Koziol

Charles Weaver is the co-founder and CEO of the MSPAlliance. In addition to running the daily operational operations of the association, he writes and speaks extensively around the world on issues and topics related to the managed services industry.

Prior to founding the MSPAlliance, Mr. Weaver was an editor for an internet news organization with more than 140,000 readers. Subsequently, he led the startup of a software company that supported applications in the legal sector. Mr. Weaver has a Bachelor of Arts degree in Political Science from Arizona State University and a Juris Doctorate from Texas Wesleyan University School of Law.

1. What is MSP Alliance and what does it do?

The International Association of Cloud and Managed Service Providers (MSPAlliance), was established in 2000 by a community of dedicated Managed Service Providers, today’s MSPAlliance includes more than 15,000 corporate members from across the globe. MSPA has become the world’s largest industry association (and accrediting and certifying body) for Managed Services and Cloud Computing professionals.

Our mandate starts by educating business consumers on the benefits of Managed Services —and gives them access to a community of credible, ethical, certified and accredited Managed Services and Cloud Providers. The MSPA community is self-regulated and collaborates on a number of industry-shaping programs in order to enhance the professionalism, ethics and credibility of its members.

MSPAlliance also works closely with respected software and hardware vendors from around the world, helping advance the professionalism, ethics and integrity in the field of Managed Services and Cloud Computing.

2. How do your certifications work?

The Unified Certification Standard (UCS) is a NON-TECHNICAL business accreditation (similar to a SAS70 Audit) for the cloud computing and managed services industry. Developed by MSPs for MSPs, it’s the longest standing program of its type in existence.

The UCS was designed based on the recommendations from governmental agencies and regulatory bodies located throughout the world. MSPA created the highest standard for non-technical certifications in the managed services industry and is broadly accepted in the banking, healthcare and accounting industries.

Unlike general technology standards, the UCS was created specifically for the managed services industry. The certification process is validated by a third-party accounting firm (Frost, PLLC), and a report on the MSP’s performance can be shared with existing and prospective clients. SAS70, ITIL and COBIT are universal technology standards, not designed to meet the specific standards of the managed services/cloud industry.

While other certifications, seals, etc, may simply require a provider to submit information and promise to adhere to ill defined industry standards, the UCS certification requires all applicants to submit to a comprehensive audit and onsite facilities inspection. When MSPA first launched this accreditation and certification many years ago, the bar was firmly set high. All data is verified by third party auditors, so the accreditation validates the quality of a Managed Services practice and is an achievement any company can be proud of.

3. Could you tell us the story behind its founding?

We began when a few MSP executives wanted to have their own organization where they could meet, exchange ideas, and network in order to improve their own companies as well as the industry as a whole. From that mandate we have expanded the membership to include members who service the enterprise to the SMB market.

4. How often do managed services providers do security work? What particular kind of security work do they usually do?

Most MSPs come into contact with managed security issues on a daily basis. In fact, it’s probably so infused in the work of every day MSPs that it would be an exception to the rule to find a MSP that does not deal with security on behalf of their customers.

This work could be security dealing with sever or desktop management, application management, or it could be security in the course of doing data backups and archiving. If it touches data, chances are the MSP is going to be doing some level of security work.

5. What do you see as the future of managed services?

Naturally cloud will be playing a more pronounced role in managed services, especially since cloud computing began over a decade ago as ASP (application services). Data privacy and security will become even more critical to safeguard and therefore, organizations who cannot adequately protect their data on their own (which is the majority of orgs) will seek out the help of MSPs.

6. For someone with a security background who wants to work in managed services, what advice do you have?

They can either work for a MSP practice that performs security services or they can start their own managed security practice. Either way, there is a great need for skilled workers who understand both the technical and business needs of the end user.

7. What are some challenges in managed services right now that are being overlooked?

There is a shortage of business leaders who are working in the MSP profession. We need more people who understand the business issues; technical skills alone are not enough.

Posted: July 23, 2012
Jack Koziol
View Profile

Jack Koziol is president and founder of Infosec, a leading security awareness and anti-phishing training provider. With years of private vulnerability and exploitation development experience, he has trained members of the U.S. intelligence community, military and federal law agencies. His extensive experience also includes delivering security awareness and training for Fortune 500 companies including Microsoft, HP and Citibank. Jack is the lead author of The Shellcoder's Handbook: Discovering and Exploiting Security Holes. He also wrote Intrusion Detection with Snort, a best-selling security resource with top reviews from Linux Journal, Slashdot and Information Security Magazine. Jack has appeared in USA Today, CNN, MSNBC, First Business and other media outlets for his expert opinions on information security.