MSPs Can Profit From Coming ‘Tsunami’ Of Compliance Rules: Industry Expert

‘It’s going to be a very lucrative line of business for all of us. There’s a growing demand for it,’ says MSP owner and author John Hill.

ARTICLE TITLE HERE

John Hill

Compliance and risk assessment are relatively new – and potentially lucrative – fields of cybersecurity that MSPs and other channel players should pursue in coming years as a way to expand their businesses, according to an industry expert.

Appearing at the XChange NexGen 2022 conference in Orlando, Florida, John Hill, CEO of TechStage Solutions and co-author of “Why Your Business Must Have Cybersecurity Risk Assessments,” said partners’ customers already face a slew of federal security regulations designed to protect sensitive information, from health-related HIPAA rules to the U.S. Department of Defense’s new CMMC requirements.

Meanwhile, states are starting to regulate the protection of information, such as New York’s SHIELD Act, and then there’s increasing cyber-insurance requirements in order for companies to get insurance coverage against ransomware attacks and other cyber woes, Hill said.

id
unit-1659132512259
type
Sponsored post

But Hill said a “tsunami” of more regulations are on the way due to the rise of cyberattacks and subsequent fears of devastating assaults on for-profit and nonprofit organizations, both big and small, Hill said.

“We haven’t seen anything yet,” Hill said of coming security regulations.

As a result, channel partners are in a good position to offer compliance assistance and risk assessments for customers in need of help, said Hill.

At the Renaissance Orlando Resort at Seaworld, Hill asked how many XChange NexGen attendees currently offered risk assessment and compliance assistance – and about half raised their hands. Hill then suggested that number will rise in the near future as more regulations pile up.

Providing compliance and risk assessments aren’t easy, he said. Extensive training, as well as money, is necessary, Hill said. But it could lead to substantial new business opportunities for many channel players.

After his XChange session, Hill, who runs his own MSP business out of San Antonio, Texas, told CRN it just makes sense for channel players to expand into the two related fields.

“It’s going to be a very lucrative line of business for all of us,” he said. “There’s a growing demand for it. There‘s a lot more cyber threat actors out there now than ever before in history. So it’s a monetary bandwagon that I think everyone needs to jump onto (if possible).”

Noting that many channel partners used to offer casual compliance and risk-assessment services for free, he said he’s hearing from a growing number of solution providers who have decided to start charging fees due to the increasing amount and complexity of such work.

“This role is growing as more people become aware of it,” he said.

But Hill warned it’s going to take a “lot of work” and “cost some money” for channel players to get proper compliance/risk-assessments services off the ground.

Michael Goldstein, chief executive of LAN Infotech in Ft. Lauderdale, Florida, said Hill is right to be pushing channel players to start thinking differently about compliance and risk assessment.

MSPs and others need to convince many of their customers that they really have no choice about complying – and proving they comply – with new regulations, he said.

“We tell customers, ‘You have to do this,” Goldstein said. “Compliance is just the next stage of security.”

Risk assessment is really nothing more than making sure a client actually has the security tools in place to comply with various regulations and rules, he said.

“That’s what it’s coming down to: you have to do it,” he said.