COMPLIANCE AS A SERVICE
CONTINUED
to guarantee compliance and delivery against contracted SLAs and contractual obligations against delivery, budget and legal controls. “Additionally, with increased concerns of over data breaches and hacks, emerging and maturing data privacy laws, using CaaS providers ensures compliance through specialised tooling and skills to support monitoring and managing data and, a joined-up approach for vulnerability management.” But as Ross Down, CRO, IO, notes, the consequences of non-compliance can be costly. “71% of all organisations we surveyed were fined for data breaches or compliance failures last year, with 24% of mid-sized businesses paying penalties of over £250,000,” he says. “This is on top of the reputational damage organisations suffer if they fail audits or fall victim to breaches.”
Contributors
Max Pruger
kaseya.com
“Additionally, regulations such as GDPR, CCPA, PCI and HIPAA, among others, are highly complex, and many SMBs lack in-house legal counsel and compliance experts to rely on for help. Finally, there are training gaps – employees may not understand compliance responsibilities. CaaS alleviates these issues by automating tasks and offering expert guidance.” Ian Ashworth, senior director partners and alliances EMEA at Qualys, agrees that with the NIS2 and DORA launch, changes in PCI DSS 4.0, more EU regulations coming in around AI and data too, it’s a challenge for businesses of all types and sizes to keep up with what is coming into force, where it applies to them and what practically they should do to address those problems. “Providing compliance advice on a continuous basis makes it easier to understand risks, then make changes or get plans in place where investment might be needed,” he adds. “Where business leaders understand the value at risk around compliance issues, they are more likely to support making changes. This approach also creates a long-term revenue stream for partners that they can offer alongside their other security services or products.” Getting into CaaS CaaS is a developing service, and for resellers and MSPs that want to add this to
Kevin Kriebel
Problems for SMBs This shows the dangers of non-
drata.com
compliance, and the problems it can pose for SMBs that don’t have the resources of larger rivals. “For SMB’s who must have security certifications to bid on tenders and demonstrate compliance under third- party supplier questionnaires, it is no longer enough for ‘someone’ to ‘do their best’ and it becomes a blocker for SMBs to trade up,” says Tracey. Max agrees that compliance is a major challenge for SMBs. “Compliance does not scale downwards,” he notes. “A five- person Department of Defense (DoD) contractor must meet the same 110 NIST 800-171 requirements as a 500-person DoD contractor. “SMBs struggle with resource constraints, which include limited budgets and small IT teams; cybersecurity risks, often, SMBS are prime targets for attacks, but don’t have a robust defense system in place; and manual processes, where they still rely on spreadsheets and outdated systems for auditing and reporting.
Tracey Hannan-Jones
ubdsdigital.com
Ross Down
isms.online
42
Powered by FlippingBook