Skip to the main content.

4 min read

How to Make Data Actionable with Compliance Policies

The sheer amount of raw technical data that a managed service provider (MSP) can pull is astounding. And while that data is great for troubleshooting efforts, it’s not ideal for showing to clients.

CloudRadial’s data-gathering agent pulls information into a customer’s portal that ends up being very similar to what you’d find with an RMM tool – however, the goal here is entirely different.

Rather than just stopping at data aggregation, the next step is to set rules (or policies) for that data. These rules work to highlight issues, opportunities, noncompliance, and more.

Making Sense of CloudRadial’s Policies

Let’s briefly walk through what a client would see.

The agent data comes into a client’s portal, displayed “raw” within the Infrastructure tab. Here’s an example of what a client might see in Infrastructure > Endpoints as they select a specific computer:

 

compliance-policies-1

 

As you can see, even the cursory information may already dive too deep into a technical hole that a typical user couldn’t follow. However, when we go to the Compliance > Policies section, the big picture starts to make more sense.

 

compliance-policies-2

 

There are three main reasons why this policy-based approach makes more sense.

  1. It’s visual
    1. People like to see what the deal is quickly – and with a red, yellow, green system of policy alerting, you get a good idea of trouble areas in the organization.

  2. It’s business-oriented
    1. Note that the risks to the organization aren’t technically listed – the issue isn’t with lacking RAM or outdated processor performance. Instead, the breakdown is based on things that any business cares about improving, like security, productivity, continuity, and more.

  3. It’s easier to navigate
    1. Rather than having to sweep every individual computer for potential issues, the selections allow you to display all of the affected computers with specific issues, like a slow PC or unencrypted drives.

So Why Do You Need Another Agent?

In most cases, your compliance policies will be subjective based on your own standards.

CloudRadial comes with a policy list out of the box – however, it’s heavily recommended that you change these to suit your own needs.

While some policies are simple yes or no questions (like if the user is saving their files to OneDrive), others are based on specified parameters (like what specific antivirus the computer should be running).

Because of this fact, there’s a bit of a research phase that you must apply before deploying the policies out. This rationale is why CloudRadial uses its own agent rather than an RMM; to make policies effective, you must know exactly how the respective agent checks for that data.

With the CloudRadial agent, there’s an open and transparent list of each policy and how the data agent goes about gathering the information – that article can be found by clicking here.

On the other hand, each RMM varies dramatically. Without knowing how each RMM agent pulls data, it becomes next to impossible to accurately run policies against the data.

Practically speaking, that means that your clients lose confidence in your reporting and are less likely to take your suggestions in the future.

Setting Up Policies for Yourself

Though policies may vary slightly, the process is generally the same. You must:

  • Determine the policy Type you wish to set up
  • Determine the specific policy you want to apply
  • (Optional) Edit the name, description, and recommendations for that policy
  • Select the risk factor of that policy, if found as an exception

 

compliance-policies-3

 

The risk factor is important here – this is what determines where that policy is flagged if found out of compliance. There’s also a section for scoring that is important to understand. CloudRadial’s policy display works on a simple logic that works like this:

 

Red

Risk score exceeds 100 points in the category

Yellow

Risk score is between 1-99 points in the category

Green

No risk exists – the score is 0

 

As you set up your policies, keep this logic in mind. Though the numbers are ultimately arbitrary, they’ll help you establish a foundation of visual risk association that will make it easy for an account manager to spot the actual trouble areas.

 

compliance-policies-4

 

The last option on each policy is the scoring method. The default setting is Each Occurrence, which treats each policy exception as a tallied point. As exceptions are found, the risk score goes up for each policy exception by that number (in the example above, it would be 5x the number of exceptions).

The alternative rule is by Any Occurrence, which can scale better for larger organizations.

This methodology applies the risk score once if ANY exceptions are found in the organization. As long as this policy is found non-compliant, the risk score will show. Using the example above, if one PC were found in exception, that’d accrue 5 points of risk. If 6,000 PCs were found in exception, it’d still be 5 points.

This methodology works better for larger organizations to stop them from having ludicrously high scores that would take forever to reach below the 100 point threshold to return to a yellow status.

Interpreting the Policies

The concepts listed above apply to every single policy. It doesn’t matter if you’re using one or 200 – if you set them up the way you like them, you’ll have a consistent data set of rules that you can apply against client environments.

Now, let’s go back to the original thought process at the beginning – the alternative would be to display RMM data and try to manually correlate the data to the client.

Which isn’t ever going to happen.

Displaying the IT environment issues out like this makes it easier for the account manager to correlate trouble spots with potential solutions and initiatives.

Discussing a PC refresh becomes a breeze when you can easily show the productivity slowdowns.

Making a case for an enhanced security service makes more sense when you can tie MFA, AV, encryption and patch data to the mix.

In a sense, the better your policies, the more return on investment (ROI) potential there is to make money from your portal. Your clients will love the transparency, too.

Give Policies a Shot

Policies are a potent tool that are useful for MSP organizations of all sizes. Go out and give them a shot – or, if you’d like some help setting them up, you can always get support@cloudradial.com to help you get started.

If you want to get them established as a pillar of a greater business review process, you can also consider one of our Professional Services, Jumpstart, to get them set up.

How to Run Assessments in CloudRadial

How to Run Assessments in CloudRadial

If you’re already running assessments for your customers or even thinking about running assessments, you should consider putting those into...

Read More
Better Together: Addigy and CloudRadial

Better Together: Addigy and CloudRadial

On July 29th, 2021, we participated in a fantastic webinar with Ricky Cecchini (Director of Product Services, CloudRadial), Jason Dettbarn (CEO,...

Read More
The Importance of First Impressions for MSPs

The Importance of First Impressions for MSPs

Usually, I write content that’s focused on how to leverage CloudRadial to achieve a specific goal. This article will be a bit different since I...

Read More