- Use Cases
- Why Dizzion
One major driver for adopting desktop as a service (Daas) is when a client tells their service provider that they need to be compliant. For companies that collect, handle or store payment card information, it’s often PCI DSS compliance. For organizations dealing with personal health information (which is everyone from healthcare providers to HR firms to medical billing, coding and insurance organizations), its HIPAA HITECH compliance.
This client request can hit a lot of different industries. We’ve seen it happen with business process outsources (BPOs), we’ve seen it with companies that provide customer care staffing or IT support, we’ve even seen it with a medium-sized legal firm that was about to sign a healthcare client. The bottom line is if a client asks if you can be compliant, your answer better be yes.
The plain and simple answer is lost business.
Compliance isn’t a “nice to have” or an option for organizations that handle PCI or PHI, it’s a requirement. (And strong security isn’t the same as compliance.) If a compliance breach occurs, the company who “owns” the data will face consequences – whether the breach is their fault or a vendor’s. Compliance breach consequences range from large fines to costly outside audits to brand reputation damage, so the stakes are high for your clients. For these reasons, if you can’t meet a client’s compliance requirements they’ll find another vendor.
This might affect one potential deal, or it could impact a service provider’s ability to attract more business overall and be competitive. Vendors that can answer the compliance requirement question with a confident “yes” are likely to win more business than organizations that answer with “well…” or “we probably could.”
Meeting the requirements of compliance is notoriously complex. PCI DSS compliance is routinely updated and has very clear (very extensive) requirements. HIPAA HITECH compliance presents its own challenges in that it doesn’t have a clearly documented set of standards that must be followed, making the process difficult to navigate without a compliance expert.
Achieving, maintaining and extending compliance is also becoming more difficult as the workforce as a whole becomes more mobile and uses a variety of endpoints. While a data center may meet compliance requirements (one of the easier elements to control), that compliance often fails at the endpoint if not specifically addressed.
Engaging a desktop as a service provider that offers a compliant solution is one of the easiest ways to meet clients’ compliance requests. These vendors (if they truly do offer a comprehensive compliant solution) will have worked to ensure their environment meets requirements and is designed to extend those controls to you and your clients. This requires special infrastructure design and safeguards and annual audits for maintenance.
A compliant DaaS vendor will be able to quickly provide you with an Attestation of Compliance (AOC) and a comprehensive responsibilities matrix that clearly outlines what controls and requirements they cover and what aspects remain your responsibility. This will help you plan with your client and explain how you’ll meet their needs. Already working with a compliant DaaS provider means you can quickly answer “yes” when a client or prospects enquires about compliance capabilities. If you have a new need, a DaaS provider can have compliant environments built within a few weeks if they’re well versed in the solution and are a trusted provider within the industry.
It’s important to note that not all DaaS providers or VDI as a service providers have compliant solutions, so DaaS in general isn’t the answer. Some providers offer more comprehensive solutions than others who claim to be compliant, so performing due diligence and requesting details such as an AOC and responsibilities matrix are critical. If you choose a sub-par solution, you’ll be the one on the hook when your client is disappointment in the level of compliance they’re receiving. But if you choose a true compliant DaaS partner, meeting client requirements will be a regular and easy part of doing business.