Security vs. Compliance: An MSP Guide

Scott Calonico

speedometerA recent survey amongst IT professionals has revealed that the prospect of a security breach on the network is their most prominent concern.

The study, conducted by EiQ Networks, gathered the opinions of nearly 300 IT professionals in a survey entitled “What Keeps IT Pros Up at Night.”  For 34%, the answer was a security breach. Clearly, widespread news reports this year about security breaches (and privacy) have increased anxiety about information security.

Compliance is still considered a significant issue: 31% of respondents said they worried about failing an IT security audit, making compliance the second biggest worry for IT pros. In past years, compliance has been seen as the main concern.

So, what lessons should MSPs take away from the results of this recent survey? Here are three that we think are important:

IT Security is getting plenty of attention

Even though high-profile security breaches undoubtedly raise stress levels for IT professionals, they at computer keyboardleast emphasize to businesses the importance of taking sensible security measures.

Media attention to security breaches does in fact benefit MSPs, as it effectively works as free marketing. Perhaps it seems a little cynical to approach clients to sell security-related services just after a widely publicized breach, but wouldn’t it be a shame to waste the opportunity?

Compliance is still important

Compliance worries may have been (closely) trumped by security concerns on this occasion, but compliance is still clearly as issue that strikes fear into the hearts of professionals…and rightly so.

Failing to meet compliance obligations can cause companies serious reputational damage. In addition, in some company sectors, proven adherence to legislation is a prerequisite to winning contracts.

Some MSPs shy away from compliance issues, choosing to sit back and watch their clients call in other specialists whilst quietly envying their generous consultancy fees. MSPs would perhaps do well to remember that they can always undertake the necessary training to provide this type of lucrative consultancy themselves.

IT and “the business” need to improve communication

A secondary finding from the EiQ survey was that over 33% of respondents said that they had never discussed IT security implications with executive teams.

This is quite a frightening statistic, and one that MSPs should be assertive in trying to reduce. Nobody wants their first IT-security related meeting with management to take place when discussing the aftermath of a breach!

MSPs should ensure that the business shares ownership of IT security and IT-related compliance; IT cannot (and should not) be expected to shoulder all of the accountability. At the very least, they should expect to be given the budget and autonomy to do things as well as they can. After all, even IT staff deserve to sleep well at night!

Want to Know More About Compliance?

Be sure to watch our FREE November webinar on what MSPs need to do to comply with HIPAA!

Watch Now!