Louisiana Now Requires MSPs Serving Government to Register: Here's Why It's a Great Idea!


Louisiana Now Requires MSPs Serving Government to Register: Here's Why It's a Great Idea!

By Special Guest
Stuart R. Crawford

Though managed service provider registration has been discussed, it's only recently come into play. Louisiana Act 117 was recently signed into law to go into effect on February 1, 2021.

According to Baton Rouge IT professional, Landon Futch with Essential Solutions, This law requires MSPs handling infrastructure or end-user systems for public bodies to register with the State of Louisiana. Though the terms are defined within the law's text, the definition of "public bodies" is still ambiguous, though it will become more fully defined as time passes and the law is tested within the court system.

Type of Activity Requiring Reporting to the State

The law will require MSPs to notify the State of Louisiana in the event of a range of online security incidents, including if ransomware payments take place, data breach notifications need to go out and similar events. Though all 50 states have laws covering data breaches on the books, this law requires the MSP to not only contact the impacted parties, usually the data owner, but also the state.

By taking this action, the state can provide businesses who are pursuing MSP services with information on the companies that they are considering doing business with. This allows the business owner or manager to make smarter decisions about which service to hire to handle their IT needs, avoiding potentially costly mistakes in hiring the wrong company.

Benefits of MSP Registration

This information can actually benefit MSP businesses, allowing them to showcase the low number of incidents it has had to report, providing transparency and building trust with the public and their clients. This helps to not only boost business for good MSPs, but also limits the amount of damage that a bad or poor-performing MSP can inflict on the business community.

This bill has come into effect to protect state and local agencies because of issues with both poor-performing MSPs as well as the tendency for government intervention in the industry. However, businesses who undertake registration and report properly will see the unseen benefit of gaining additional private-sector business, as businesses check the registry to determine whether the company they're working with has had any issues with public-sector agencies.

Will the Louisiana Law Cause Regulatory Issues?

As this bill has rolled forward, it is unique in that it requires MSP companies working with public agencies to register, but does not actively work to regulate the industry. Certain incidents must be reported, but there are no direct consequences of having a particular number of reports on your MSP's record. It does, however, allow higher levels of transparency, accountability and trust between both public- and private-facing organizations and the MSP.

The legislators who were questioned about the law have stated time and again that they do not want to regulate the MSPs through certification, especially because existing testing and reporting frameworks are in place, as well as technology standards. Available options of these tools include MSP Verify, SOC 2 and similar options. The law does not so much condemn the role of MSPs as recognize the importance of these services in our businesses, helping us keep our country connected and working efficiently.

Limitations the law could put into effect on MSPs are possible within the law, however. Registration of MSPs could expand. Applications can be approved, denied or revoked in the future, allowing the state to have a say in the MSPs delivering services to public bodies. Further proscriptive action, not yet revealed, could come into play down the road. Other industries could start developing registration frameworks.

Shawn Maggio, who owns a Managed services provider in Lake Charles, LA sums it up this way, “Make sure you're working with a qualified MSP service.”

Related Articles

Cyberattack Protection, Detection, and Recovery with SaaS

By: Greg Tavarez    11/23/2022

DataHawk from Cohesity is a data security SaaS solution that helps customers protect, detect and recover from cyberattacks and ransomware attacks.

Read More

Cloud Marketplace Innovator Pax8 Ranks 131 on the Deloitte Technology Fast 500

By: Juhi Fadia    11/23/2022

Pax8 has been named in the Deloitte Technology Fast 500 among the fastest-growing technology, media, telecommunications, life sciences, fintech, and e…

Read More

Arizona Department of Homeland Security Picks Tanium for Cybersecurity

By: Stefania Viscusi    11/22/2022

With a new, state-of-the-art cybersecurity solution from Tanium, AZDOHS is able to better share key information in real time, creating a stronger secu…

Read More

IT Teams Fall Short in Microsoft 365 Security Protections

By: Greg Tavarez    11/21/2022

A surprising number of enterprises have major gaps in the Microsoft security policies and practices, leading to unnecessary risks.

Read More

Phishing Attacks Sprout from Unexpected Places

By: Greg Tavarez    11/21/2022

Users more frequently click on phishing links that arrive through other channels, including personal websites and blogs, social media, and search engi…

Read More