For most organizations, the mention of regulations is rarely welcomed with open arms. However, for managed service providers (MSPs) regulations can definitely be a good thing, certainly from a security perspective. Yes they can be difficult to plan and implement and costly to audit, but they can also be the carrot organizations need to get them to become more secure.
As organizations in heavily regulated industries will tell you, their spending starts with having to meet the regulations first before they do anything else. Issues relating to regulations are always top of the agenda when it comes to spending as companies cannot do business unless they meet them.
Regulations are driving behaviour that is not optional, and the majority of regulations have some level of security component to them. This is good news for security. It’s also great news for MSPs as it gives them a powerful entry point to offer security services, as companies need to have the relevant security controls and management controls in place to be compliant.
As MSPs you should be thinking about how regulations can help increase your business. There is huge value to be had guiding your customers through their regulatory landscape, and offering additional services as well as taking a more active role in their businesses as a strategic partner—not just the guy that sorts out their IT issues.
Naturally, to be able to do this effectively you do need to fully understand exactly what the regulations are that your customers must comply with, what services they need to deliver in order to help drive better compliance, and what technologies they need to implement in order to make their environment secure enough to pass their audits. While MSPs don’t need to be the auditor—nor should they be expected to fill that role—they should know enough to help provide their customers with a clear pathway to compliance.
By focusing your expertise and practice on a regulated industry you can help guide your customers in meeting their regulatory burden. In order to do this, it is important that at a minimum you understand the regulations that a specific industry falls under and learn the basics of that regulation, and there is a great deal of public information detailing most regulated environments to help you do this.
However, if that is not enough, you also have a network of other MSPs that can provide additional knowledge. In a case where you need knowledge and/or services that are beyond your capabilities, then find a partner that can bridge the skills gap for you. Partnering with other specialized MSPs does not show weakness, on the contrary it shows strength as it clearly demonstrates that you are looking out for the needs of your clients.
Once you establish the relevant expertise and working practices you can then use them to expand to other customers facing the same regulations. You also have an opportunity to expand into adjacent spaces and help organizations that are suppliers and partners to that regulated industry.
And, finally, once you’ve helped companies meet their required level of compliance you can then move on to helping them see a path forward that has security at the centre of what they do.
For more on Tim's top security tips, visit our Security Resources Centre here.
Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.
© 2018 SolarWinds MSP UK Ltd. All rights reserved.
The SolarWinds and SolarWinds MSP trademarks, service marks, and logos are the exclusive property of SolarWinds MSP UK Ltd. or its affiliates. All other trademarks are the property of their respective owners.