MSP Tip: Managed Security Offerings--More Than Just Meeting Compliance

MSP Tip: Managed Security Offerings–More Than Just Meeting Compliance

Written by Netsurion Guest Blogger
May 29, 2019

Adding compliance and security is a strategic decision that requires an assessment of your technology capabilities, staff skills and expertise, and strategic focus.

Over 65% of managed security providers (MSPs) plan to expand their business and grow revenue but are unsure of the best path forward. MSPs find success by augmenting their portfolio of products with managed security services. It is recommended to take it one step further and dip into compliance. Being compliant with regulations is necessary for many verticals; MSPs that offer compliance products or services with compliance frameworks are able to capitalize on a large portion of IT spend. MSPs that offer compliance products typically experience increased revenue, realize enhanced customer loyalty and improve their margins.

Compliance might be a necessary step for IT leaders in many organizations, but it’s not adequate to reduce residual IT security risk to tolerable levels. This is not news. But why is this the case?

Compliance regulations are focused on “good enough,” but the threat environment mutates rapidly. Therefore, any definition of “good enough” is temporary. The lack of specificity in most regulations is deliberate to accommodate these factors.
IT technologies change rapidly. An adequate technology solution today will be obsolete within a few years.
Circumstances and IT networks are so varied that no single regulation can address them all. It is not possible to prescribe a common set of solutions for all scenarios.

The key point to understand is that compliance frameworks represent a starting point to comprehensive cybersecurity for MSP customers, but they are not a “silver bullet” for achieving security. Getting trained and certified for standards such as Health Insurance Portability and Accountability (HIPAA), Payment Card Industry Data Security Standards (PCI DSS), and National Institute of Standards and Technology (NIST) 800-171, while necessary, is not sufficient. If your customer’s network becomes the victim of a security breach, then compliance with guidelines alone may not be an adequate defense, although it may help mitigate specific regulatory penalties. It is recommended to:

Implement all reasonable steps to minimize the potential for harm to others, regardless of whether those steps are listed within the compliance guidance and documentation.
Arm your customers to meet and exceed compliance standards.

Compliance Support Through Technology and Partnership

MSPs can gain compliance support through a Security Information and Information Management (SIEM) solution that provides visibility and monitoring, which can lead to greater IT and infrastructure efficiency and effectiveness. Demonstrate your capability as an IT problem solver to your customers and show return on investment with security and compliance. Don’t take adding compliance and security lightly, though–it’s a strategic decision that requires an assessment of your technology capabilities, staff skills and expertise, and strategic focus.