https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Services Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
    • Diversity, Equity & Inclusion
  • MSP 501
    • Back
    • MSP 501 Information Center
    • 2021 MSP 501 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2022 Editorial Calendar
  • Awards
    • Back
    • 2021 MSP 501
    • Circle of Excellence
    • DE&I 101
    • Top Gun 51
    • Channel Partners 101 (CP 101)
  • Events
    • Back
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

From the Industry


Getty Images

Sponsor Content

Compliance Issues

Understanding Compliance for MSPs

  • Written by Barracuda MSP Guest Blogger
  • May 3, 2022
To successfully gain business in new verticals, MSPs need a good grasp of the standards, frameworks and other compliance issues specific to those markets.

MSPs searching for ways to differentiate and grow can often do so by providing solutions for vertical markets like government, defense, healthcare, finance, education and others. However, to successfully gain business in such verticals, MSPs need a good grasp of the standards, frameworks and other compliance issues specific to those markets.

Standards and Frameworks Are Not the Same Thing

While they are often used interchangeably, there’s a difference between a standard and a framework for compliance. Standards are a set of controls a company needs to achieve to be considered compliant with a regulation or requirement. The best practices followed to meet the standard are called frameworks.

In other words, frameworks serve as a guideline. For MSPs, the good news is that while these standards and frameworks may be pretty specific in their security requirements, service providers can tie these requirements to other security measures and technologies that would benefit clients beyond simply achieving compliance. Remember, compliance standards represent a minimum requirement, not a complete security program.

The security framework that may be most familiar to many MSPs would be the National Institute of Standards and Technology (NIST) Cybersecurity Framework. However, different organizations may have to follow different standards and associated frameworks. For example, organizations dealing with the U.S. Department of Defense must comply with the Cybersecurity Maturity Model Certification (CMMC) framework. In addition, there are several others, such as:

  • Service Organization Control (SOC) Type 2, a cybersecurity framework and auditing standard for accounting/financial operations
  • The North American Electric Reliability Corporation-Critical Infrastructure Protection (NERC-CIP) cybersecurity standards for utility providers
  • The Health Insurance Portability and Accountability Act (HIPAA) for the healthcare industry
  • The Federal Information Security Management Act (FISMA) cybersecurity framework for federal government agencies

 

Compliance Management Best Practices

Compliance management can be complex for many companies, particularly small and midsize businesses. As a result, there’s an opportunity for MSPs to take on the compliance management role as part of their security services, but doing so requires that the MSP be fully educated on those standards and frameworks, and ensure their systems are also compliant.

MSPs should follow industry frameworks such as NIST and ISO internally and within their security and services portfolio. That should also include continuous monitoring and reviews to maintain compliance as the solution portfolio evolves.

Staff should be educated on the specific standards and frameworks for the targeted vertical market, including ongoing training to stay current with industry best practices. That background will be critical for demonstrating to clients that the MSP can help with their compliance management needs.

To that end, MSPs will need to research those pain points and how their services and technology offerings could help. For example, compliance is generally not a core competency for smaller businesses. Still, they may have particular needs when it comes to compliance, such as records retention or meeting response and reporting requirements related to data loss or security breaches.

Centralized security management and monitoring technology will also be necessary for compliance, as most standards require a greater level of visibility than many SMBs can achieve on their own. For security-centric MSPs, that type of cybersecurity framework is also essential for meeting their service level requirements.

MSPs should conduct regular internal audits to ensure their internal systems are adequately secured and that their service and technology offerings to clients are still fully compliant with industry standards.

Compliance management also comes with risk, so MSPs should evaluate insurance options that can protect them if they were subject to liability related to regulatory fines or penalties levied against a client after a security incident.

Providing compliance services to clients in new vertical markets presents a profitable opportunity for MSPs, offering a way to build on their security solutions portfolio. Moreover, vertical specialization can pay big dividends for those who can invest in the technology and education required to take on compliance management.

Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.

 This guest blog is part of a Channel Futures sponsorship.

Tags: MSPs From the Industry Intelligence Vertical Markets Barracuda MSP Sponsor Content

Most Recent


  • Eight, 8
    8 Takeaways You Need to Know from AWS’ Public Sector Summit
    Get the scoop from Jeffrey Kratz, who now leads the vendor’s public sector partner program.
  • Managed Security Services
    Verizon Data Breach Investigation Report: Employee Cybersecurity Training Still Lagging as Stolen Credentials Rise
    The DBIR team examined more than 914,000 incidents and nearly 235,000 data breaches.
  • leverage your MSP's people power
    Leverage Your MSP's People Power
    The foundation of any company's success is, and always will be, its people power.
  • Business megaphone
    Top 5 Cloud, Data Announcements from Informatica World
    The cloud data management vendor is hosting its event this week in Las Vegas. Get the news here.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cybersecurity terms
    How to Make Sense of the Alphabet Soup of Cybersecurity Terms
  • Woman on phone
    How Unified Call Recording and Voice AI Improve the Customer Experience
  • Map of the United States
    Cyber Defenses Must Rise to Meet Increasing Cyber Threat Levels
  • secure remote access
    Virtual Engine Partners with Corel to Drive New Customers

Upcoming Events

View all

Channel Partners Europe

June 14, 2022 - June 15, 2022

MSP Summit

September 13, 2022 - September 16, 2022

Galleries

View all

8 Takeaways You Need to Know from AWS’ Public Sector Summit

May 24, 2022

Verizon Data Breach Investigation Report: Employee Cybersecurity Training Still Lagging as Stolen Credentials Rise

May 24, 2022

Top 5 Cloud, Data Announcements from Informatica World

May 24, 2022

Industry Perspectives

View all

Leverage Your MSP’s People Power

May 24, 2022

How SD-WAN Helps Secure the Expanding Network Perimeter

May 19, 2022

A Sneak Peek at the 2022 BrightCloud Threat Report

May 17, 2022

Webinars

View all

Simplifying SaaS Security for MSPs

April 27, 2022

How to Supercharge The Network to Support Your IT Superhero Moves

May 3, 2022

The 2022 MSP Challenge: Scale Service Delivery Despite the Talent Gap

April 21, 2022

White Papers

View all

The New Bottom Line: How MSPs Can Meet the Healthcare Crisis While Evolving Their Businesses

April 19, 2022

How to build a Security Operations Center (on a budget)

April 4, 2022

The AT&T Cybersecurity Incident Response Toolkit

April 4, 2022

Channel Futures TV

View all

AT&T, Microsoft, Cisco, ThreatLocker on Unlocking Partner Potential

Agents Share ‘Secrets,’ Industry Opportunity

May 11, 2022

Vonage Addresses Potential Partner Opportunity via Acquisition by Ericsson

May 5, 2022

Lumen Technologies ‘Built for Growth and Scale’

May 4, 2022

Twitter

ChannelFutures

.@Avaya doles our Partner of the Year honors to @ATTBusiness @VerrizonBusiness @Converge_One @Jenne_inc @TELUS… twitter.com/i/web/status/1…

May 24, 2022
ChannelFutures

.@IngramMicroInc's John Dusett talks @ThisIsCloudBlue, MSPs, cybersecurity, AWS and more. dlvr.it/SR0Cw1 https://t.co/OpcZRj9fdb

May 24, 2022
ChannelFutures

.@VZDBIR dove deep into the latest #databreach trends. @TheMediaTrust @saryunayyar @Gurucul @olsontmt… twitter.com/i/web/status/1…

May 24, 2022
ChannelFutures

Using people power to drive #profitability and capitalize on emerging #tech @Sherweb #MSPs dlvr.it/SQzrrl https://t.co/XwLfY492B0

May 24, 2022
ChannelFutures

.@Unit4Global @embridgeconsult talk the shift away from service delivery to sales #ERP. dlvr.it/SQzmPV https://t.co/dKLAPIKfzS

May 24, 2022
ChannelFutures

This Thursday, join us online for this incredible discussion, hosted by @chachelly of @figfirm, and featuring the i… twitter.com/i/web/status/1…

May 24, 2022
ChannelFutures

Check out the news coming from @Informatica today regarding cloud, data, #AI. #InformaticaWorld… twitter.com/i/web/status/1…

May 24, 2022
ChannelFutures

What are traits of a valuable vendor/partner relationship? We asked our roundtable partner participants to weigh in… twitter.com/i/web/status/1…

May 23, 2022

MSSP Insider

Business advice for MSSPs and news from the broader security channel.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X