N-able exec: ‘Cybersecurity and compliance are a team sport’
‘It’s not about dictating the solution,’ says Dave MacKinnon, N-able VP and chief security officer. ‘It’s about working together as an ecosystem.’
As the regulatory landscape for MSPs continues to evolve, businesses are increasingly focusing on building cyber resilience rather than just meeting compliance checklists.
N-able’s Dave MacKinnon, VP and chief security officer, said the goal of the Burlington, Massachusetts-based vendor’s recent compliance initiatives is not merely about adhering to regulations like CMMC 2.0 or NIS2, but about creating a more robust and resilient cybersecurity environment for MSPs, their partners and their end clients.
“The end goal of these compliance frameworks is building cyber resilience, not just security,” MacKinnon told CRN US.
“When we look at regulations like CMMC or NIS2, they’re all striving toward one thing, building a cyber-resilient ecosystem.
It’s about making sure businesses can react and recover quickly from cyberattacks, weather events or any other disruption with the least impact.”
One of the biggest challenges for MSPs is understanding how evolving compliance regulations, particularly CMMC 2.0, impact their operations. And any MSPs are still unsure of what their responsibilities are under these frameworks.
“We realised that a lot of MSPs didn’t know how these regulations apply to them,” he said.
“They weren’t sure what their customers expected or how they needed to transform their businesses as CMMC became finalised. Some are well ahead, with established programs, while others are just starting to figure out what these changes mean.”
In response, N-able has taken proactive steps to facilitate collaboration among MSPs, offering a collaboration hub where partners can share best practices, ask questions and learn from each other’s experiences.
The goal is to reduce the compliance burden by creating a support network where MSPs can find resources and guidance from peers who have already navigated similar challenges.
And N-able is putting its money where its mouth is. Last week, the vendor acquired Washington, D.C.-based Adlumin Inc., which will further allow N‑able to incorporate security, unified endpoint management and data protection solutions.
Adlumin was acquired for least $236m but that price tag could increase to $266m if certain performances targets are achieved, the company said.
“It’s not about dictating the solution,” MacKinnon said.
“It’s about working together as an ecosystem. Cybersecurity and compliance are a team sport. We need to collaborate, share information, and build resilience collectively.”
With global regulations like NIS2 in Europe, the compliance landscape for MSPs is not just complicated, it’s also diverse. To get ahead of this, N-able introduced a Global Compliance Advisory Council to bring together experts from different regions to help MSPs navigate the varied regulatory requirements.
Simon Beckett, director of UK-based MSP Dynacom IT Support Limited, is happy that N-able is considering international compliance requirements and not just US-centric programmes.
“The UK-based cyber essentials and CE Plus are gaining traction among UK businesses, and though they incorporate many of the same requirements as NIS2, the character of the regulations are different,” he told CRN.
“A characteristic of all these programs is that they are constantly evolving, so if treated purely as box-ticking exercises they will be less effective between annual renewals. Taking a more holistic approach and focusing on overall resilience will make the annual audits for compliance programs like NIS2 and CE much less painful.”
Brent Yax, CEO of Troy, Michigan-based Awecomm Technologies, said it feels like “the Wild West” when addressing security in terms of regulatory compliance.
“CMMC and NIS2 are getting better defined, but there is still a lot of confusion on how this applies to MSPs and what extends through our clients into our operations,” he told CRN.
He said what N-able is doing will foster valuable conversations that can help the entire industry tackle these types of challenges.
“The idea is to ensure that we’re not just looking at compliance from a U.S. perspective,” said MacKinnon.
“Regulations are global, and each country has its own specific requirements. Our council helps us understand these local challenges and make sure our solutions are adaptable and future-proofed for MSPs around the world.”
The council also helps MSPs think beyond just compliance, encouraging them to consider how security frameworks, like CMMC, affect not just their current operations but their long-term business strategies.
“It’s crucial to understand your customers’ needs and make sure you know exactly what your compliance obligations are,” he said.
“But at the same time, don’t think of compliance as a finish line. It’s a journey.”
This article originally appeared on CRN UK sister website CRN.