The U.S. Department of Defense is about roll out a new security requirement for any organization doing business with the entity, an action that will have big ramifications—and could spell tremendous opportunity—for small managed service providers, according to Vince Crisler, founder and CEO of Dark Cubed, and Alex Rutkovitz, co-founder and COO of Choice CyberSecurity.
The pair will detail the upcoming Cybersecurity Maturity Model Certification and what it means for tech companies in a session at ChannelCon Online, CompTIA’s three-day digital event slated for Aug. 4-6. The session, titled “Holistic Approaches to Cybersecurity” is scheduled for 2:15 pm EDT on Aug. 5.
The CMMC framework, expected to launch in November, was created to ensure that any organization working within the DoD supply chain meets certain cybersecurity controls and processes. Organizations will be audited and received a certification ranging from 1 to 5 based on their level of adhering to the framework.
It behooves any company that does business with the DoD, or even those that want to, look to achieve the CMMC, according to Rutkovitz, vice-chair of CompTIA’s IT Security community.
“Our goal with the ChannelCon session is to take fear out these frameworks for MSP. And really help them dip their toes in the water with NIST (National Institutes of Standards and Technology) and CMMC and see cybersecurity as not scary. Compliance to these frameworks could help even small MSPs generate new revenue and it could be huge revenue,” Rutkovitz said.
Don’t Wait on Security, Opportunity is Here Now
With new DoD requirements, as well as other cyber compliance and regulatory changes—as well as increased threats—MSPs should be making proper investments to ramp up their security, according to Crisler.
“Historically, MSPs have gotten away without embedding security in all offerings. The CMMC is one example how this is changing, and quickly,” he said. “You can’t be a government contractor and not have these frameworks built in. If you’re an MSP and you want to make sure you stay competitive, you need to start baking security into what you’re doing.”
Crisler admits that cybersecurity frameworks and acronyms such as NIST 800-171 can be overwhelming to manage, but there’s a good chance they’ll become standard, or even required, across many industries and solutions, and gaining a working knowledge of them now will provide MSPs with a competitive advantage.
“That’s a key takeaway from our session too: don’t shire away from these terms because you don’t understand them. You may not care about them or think you need them today, but that may change in six months. We’ll talk about what it all means to the industry as a whole,” Crisler said.
The pair will also discuss how to find a partner to take advantage of DoD and other work within the context of the new CMMC cybersecurity framework, Rutkovitz said. Typically, MSPs may not ask what type of contracts their clients have, but they should be asking if they have any DoD contracts or plan to bid on any.
“A good partner would help generate new business, new projects. As everything moves to the cloud, projects around cybersecurity will be important. The larger companies will look to bring in new partners and together create secure policies and procedures and help with additional controls on physical components. That’s typically not in the MSP’s wheelhouse, but working together can accomplish more,” she said.