SMBs should worry if internal IT or their MSP tells them Security & Compliance are the same...

Not too long ago a meeting held at @Upward (shared workspace) in Connecticut prior to the onset of the pandemic, there was an interesting discussion held between esteemed thought leaders in the compliance and cybersecurity space.

Given how little distinction is made between these two (2) related areas, it was refreshing to have two CEOs focus not how on their firms overlapped, but rather on how their firms could complement each other.

One firm is an #MSSP focused on selling through SMB MSP channels much like #Carvir did prior to its acquisition by #Continuum. The second firm started out providing IT compliance audits on a consulting basis but was perplexed by the lack of execution on their customer’s part.

Essentially, customers were not keeping up with changes in existing regulations such as DoD #DFARS and #GDPR.

During the meeting, the state of cybersecurity and compliance from an informational technology (IT) perspective was discussed with the consensus being the majority of #SMBs are left exposed whether using internal IT staff or a managed service provider (MSP).

There are exceptions, of course, within the SMB-focused MSP community who understand the space and can provide offerings that truly can provide pointed solutions that provide business outcomes that focus upon both compliance and cybersecurity issues.

Sadly, these types of partners are in the minority... although not in as great a minority as SMB internal IT staff that can effectively address SMB compliance and security.

Given this challenge of addressing both security and compliance, where is an SMB to go in search of a comprehensive approach? Referring to two (2) of my published articles from long ago here are a few starting points to consider:

1. "Consider integrating, in some aspect, your internal #security, #privacy and #compliance business and technology functions with your business continuity policies, processes and procedures.

These shifts can potentially alter what could be purely a cost function to a possibly profitable investment.

https://www.slideshare.net/gouimette/bests-review-03feb-data-blocker-privacy

2. Find someone to help lead you through this process - "By introducing a technology vendor-as-a-service (VaaS) function or by adding a formal #VaaS research / review process to existing vendor management functions... in addition to achieving short-term, tactical benefits, a more strategic perspective becomes part of the standard decisioning process.

https://www.slideshare.net/gouimette/vaas-article-bests-review-pc-tech-insight-dec-2010