ConnectSecure Co-Founder: 2024 Brings A Big Focus On Compliance As ‘Vulnerability Is Becoming a Hygiene Factor’
‘A more important aspect to a lot of our international MSPs is localized compliance. In the UK we have a large amount of MSPs who use our products specifically for cyber essentials, which is their local compliance standard. We give them the guide rails to help them guide their end customers through that process,’ says Peter Bellini, CEO of ConnectSecure.
As so many cybersecurity policies and regulations come down the line, ConnectSecure is focusing on making sure its partners hit compliance standards as well as helping them navigate through its processes.
“It’s not an option anymore given that the attack surface was grown just so much,” Srikant Sreenivasan, co-founder of the MSP-focused vulnerability management vendor, told CRN. “A focus there will be remediation of compliances where with one click you can apply those controls and a machine will be HIPAA compliant. And one of the things that we do is give country-specific compliance. We're going to focus a lot more on that as we help small businesses in America as well as in other parts of the world.”
Peter Bellini, CEO of Tampa, Fla-based ConnectSecure, said that a more important aspect is offering localized compliance.
“In the UK we have a large amount of MSPs who use our products specifically for cyber essentials, which is their local compliance standard. We give them the guiderails to help them guide their end customers through that process,” he said.
[Related: The 10 Hottest Cybersecurity Tools And Products Of 2023]
In December, ConnectSecure released version 4.0 of its vulnerability management platform which embodied a “soup-to-nuts rebuild.” Improvements were made to the interface and back-end architecture and programming to offer faster processing speeds.
“Vulnerability management is more of a hygiene, but as compliance becomes a bigger focus, MSPs want a GRC (governance, risk and compliance)-centric view,” Sreenivasan said.
The entire reporting engine has also been redone.
“At the end of the day, when it comes to vulnerability management and security it's really about delivering the data that matters most to the MSPs, and that's done through the report,” Bellini said.
“The end customer is not going through the in-depth vulnerability data. They really just want a consolidated report of the information.
“With the new reporting engine, [MSPs] can select the individual pieces of information and put them together into a completely customized report,” he added. “We've given total customization on the reports to deliver to your clients. That's going to be one of the things that really drives increased economic benefits for the MSPs.”
Sreenivasan and Bellini spoke further to CRN about cybersecurity trends, M&A and how Bellini, a 31-year-old, is running his business different than older generations.
Peter, what cybersecurity trends are you watching in 2024?
Bellini: There's always people finding vulnerabilities in various pieces of software. They're always going out there and doing massive external scans for those devices that have publicly posted vulnerabilities, and the technology to crawl through those devices is only getting better. I think one of the big attack surfaces is going to the browser as that’s the way you access your data these days in the modern workforce. It’s just continuously looking for and hardening those holes in your attack surface.
Sreenivasan: Unfortunately, the small and medium businesses are going to be the most vulnerable because unlike large enterprises [they don’t have] CISOs, CTOs and CIOs, or a large IT staff to take care of these things. We're going to focus there as new threats will be emerging. There'll be new threats emerging with AI. Threat actors are using it to come up with more and more sophisticated attacks so we have to keep in lockstep to make sure that we help customers scan for those vulnerabilities and help them produce remediations.
What does ConnectSecure’s 2024 roadmap look like?
Sreenivasan: There’s going to be more on compliance because, again, vulnerability is becoming a hygiene factor. It’s not an option anymore given that the attack surface was grown just so much. A focus there will be remediation of compliances where with one click you can apply those controls and a machine will be HIPAA compliant. And one of the things that we do is give country-specific compliance. We're going to focus a lot more on that as we help small businesses in America as well as in other parts of the world.
Bellini: A more important aspect to a lot of our international MSPs is localized compliance. In the UK we have a large amount of MSPs who use our products specifically for cyber essentials, which is their local compliance standard. We give them the guiderails to help them guide their end customers through that process. We're also going to be rolling out Mac and Linux patching, and then overall vastly increasing the number of applications that we patch for.
What are your partner’s biggest pain points?
Sreenivasan: A lot of them are struggling to add on cybersecurity as a new business line. One of the things that we're really helping them with is a lot of content and giving that content to their end customers. We have presentations, documentation and reports that they can share to their end customers to help them build a security practice. Then it’s what are the different tools that they need to make that happen.
Peter, what is your biggest challenge?
It’s making sure that we're hitting on all cylinders and making sure that we have the right support structure and the right educational materials in place. When we do roll this 4.0 version out on a massive scale and people have questions and need onboarding help, it’s that we have everything in line there. One of the things that keeps me up is making sure we're crossing all of our t’s and dotting all of our i’s.
What are your thoughts of all the M&A in the vendor space?
Bellini: We've seen a lot of it from about 2010 to 2021. It was kind of free money, if you will. I think we're seeing the back end of that where interest rates have skyrocketed and M&A activity has slowed down. We don’t have private equity involved at all and I think a lot of people tend to gravitate towards that. The ability for vendors who are nimble and don't have any private equity ties are able to navigate better and make their own decisions.
On the MSP side, we have seen that consolidation happen over the last few years where you see master MSPs and they acquire 10 or more MSPs. I don't know if that's going to slow down anytime because I think you do see compounding efficiency as you roll up these multiple MSPs under one umbrella. They can come to vendors like us and say, ‘We'd like to have ConnectSecure across all of our companies.’ and they're able to negotiate things. They're also able to consolidate their workforce under one umbrella so they don't need as many costs associated with providing the service that they do, so I think there's a lot of value there.
Peter how do you think you lead differently than someone of an older generation?
Our execution is very collaborative. We let our partners pick what our roadmap is. I'd say that's the attitude of the company as a whole. And we all run as collaborative leaders, we all like to get involved in the day-to-day stuff, and maybe that’s because we’re still a younger company. Everybody has a voice and we like to be pretty flexible with them.
How do you find working across multiple generations as a millennial?
I would say the big thing is just knowing your stuff. I am very specific about when you interact with somebody from ConnectSecure, I want you to interact with somebody who can answer at least 80 percent of your questions. We don't have salespeople per se, we don't really have your classic rep. We have what we call solutions engineers and every single person you talk to can demo the product at the company. A lot of people that are partner facing are millennials and Gen Z. I think as long as you know what you're talking about, people don't care how old you are. As long as you know what you're talking about and can answer their questions and can demonstrate what they're asking for, it actually comes across as a positive.
What’s your message to partners about what’s to come from ConnectSecure in 2024?
Bellini: In 2022 we really stormed onto the scene and we created a product that was sort of on parity with existing vulnerability management solutions for MSPs. In 2023 we really expanded out that theme. We built out better support, education and onboarding and we've also improved the product vastly to get ahead of what those vulnerability management tools for MSPs are. We're going to really get on the same level as some of those enterprise solutions that have been around the industry for decades but built specifically and only for the MSP market.