For most organizations, the mention of regulations is rarely welcomed with open arms. However, for managed service providers (MSPs) regulations can definitely be a good thing, certainly from a security perspective.
Yes they can be difficult to plan and implement and costly to audit, but they can also be the carrot organizations need to get them to become more secure.
As organizations in heavily regulated industries will tell you, their spending starts with having to meet the regulations first before they do anything else. Issues relating to regulations are always top of the agenda when it comes to spending as companies cannot do business unless they meet them.
Driving deeper security
Regulations are driving behaviour that is not optional, and the majority of regulations have some level of security component to them. This is good news for security. It’s also great news for MSPs as it gives them a powerful entry point to offer security services, as companies need to have the relevant security controls and management controls in place to be compliant.
As MSPs you should be thinking about how regulations can help increase your business. There is huge value to be had guiding your customers through their regulatory landscape, and offering additional services as well as taking a more active role in their businesses as a strategic partner—not just the guy that sorts out their IT issues.
Naturally, to be able to do this effectively you do need to fully understand exactly what the regulations are that your customers must comply with, what services they need to deliver in order to help drive better compliance, and what technologies they need to implement in order to make their environment secure enough to pass their audits. While MSPs don’t need to be the auditor—nor should they be expected to fill that role—they should know enough to help provide their customers with a clear pathway to compliance.
Using regulations to grow your business
By focusing your expertise and practice on a regulated industry you can help guide your customers in meeting their regulatory burden. In order to do this, it is important that at a minimum you understand the regulations that a specific industry falls under and learn the basics of that regulation, and there is a great deal of public information detailing most regulated environments to help you do this.
However, if that is not enough, you also have a network of other MSPs that can provide additional knowledge. In a case where you need knowledge and/or services that are beyond your capabilities, then find a partner that can bridge the skills gap for you. Partnering with other specialized MSPs does not show weakness, on the contrary it shows strength as it clearly demonstrates that you are looking out for the needs of your clients.
Once you establish the relevant expertise and working practices you can then use them to expand to other customers facing the same regulations. You also have an opportunity to expand into adjacent spaces and help organizations that are suppliers and partners to that regulated industry.
And, finally, once you’ve helped companies meet their required level of compliance you can then move on to helping them see a path forward that has security at the centre of what they do.
This article was ghost-written by three-sixty for Tim Brown is VP of Security for SolarWinds MSP and published on the SolarWinds MSP blog.