Introducing the Shared Responsibility Model (SRM): What MSPs and Clients Need to Know
Cybersecurity and compliance have evolved dramatically over the last decade, and so too has the relationship between Managed Service Providers (MSPs) and their clients. The days of MSPs promising to “handle everything” are over; in today’s regulatory environment, both parties must clearly understand and document their respective roles. This is where the Shared Responsibility Model […]
Demystifying NIST: A De Facto Framework for MSPs
This post is adapted from the Blacksmith Infosec book, Forging Trust. The NIST Cybersecurity Framework (CSF) is widely regarded as the foundational standard for cybersecurity risk management in the United States and internationally. Originally developed to improve critical infrastructure cybersecurity, the framework has evolved to address the needs of organizations of all sizes and sectors, […]
EOS Principles and Operationalizing MSP Security Programs
Many MSPs have embraced the Entrepreneurial Operating System (EOS) to organize and grow their businesses. EOS is lauded for its structured approach to goal setting, team roles, and operational discipline — qualities that have helped countless MSPs reach new levels of performance. But what if you could apply the same proven principles that make EOS […]
SOC 2 and NIST CSF: Forging Trust and Differentiation in a Crowded MSP Market
For MSPs, aligning with SOC 2 and the NIST Cybersecurity Framework (CSF) offers distinct yet complementary advantages. Both frameworks enhance credibility, streamline compliance, and give managed service providers an edge in positioning in competitive markets. As two of the most influential frameworks in this space, SOC 2 and NIST offer distinct but complementary approaches to […]
Third-Party Risk Management: Extending GRC Beyond Your Organization
Third-Party Risk Management (TPRM) has become a critical extension of Governance, Risk, and Compliance (GRC) programs as organizations increasingly rely on vendors, suppliers, and subcontractors for essential operations. With 60% of organizations working with over 1,000 third parties — and many relying on fourth parties (the vendors of vendors) — modern GRC frameworks must address […]
The MSP Cybersecurity Newsletter: Building Client Trust Through Key Updates
As a Managed Service Provider, you face the dual challenge of protecting your clients while demonstrating your ongoing value. One of the most effective (yet underutilized) tools for accomplishing both goals is a well-crafted client newsletter. Even if you’re aware of the potential benefits, determining what content to include in each edition can be daunting […]
Shadow IT and the Hidden Compliance Threats in the Channel
You’ve heard of it. You’ve thought about it. Shadow IT. While the term conjures images of rogue employees, the reality is far more nuanced — and far more dangerous. Shadow IT refers to the use of unauthorized cloud apps, storage, or services by employees or partners, often in pursuit of productivity or convenience. For MSPs […]
Who’s Driving Compliance? Discussion and Upcoming Webinar
Today, we’ve got a sneak peek at the talking points for this month’s episode of Get NIST-y. We’ll be joined by Liongard’s Michael Cannady as we explore the driving forces behind the compliance trend. What sort of info and insight can you expect from this live chat? The Myth of Rollbacks: Is Deregulation the End […]
HIPAA-Covered Entity Strikes Back With Lawsuit
The MTL vs. Ntirety Lawsuit: Establishing New Precedent for Business Associate Accountability In an unprecedented legal move that could reshape healthcare data protection standards, Molecular Testing Labs (MTL) has filed suit against its MSP following a significant data breach. The Vancouver, Washington-based laboratory specializing in precision diagnostics discovered on March 12, 2025, that patient data […]
Top Compliance Priorities for Healthcare Organizations in 2025
Healthcare organizations in 2025 face an evolving regulatory landscape driven by technological innovation, heightened data privacy concerns, and increased enforcement. The following priorities have emerged as most critical for compliance leaders and boards: 1. Stricter Data Privacy and HIPAA Security Rule Updates Regulators have significantly strengthened HIPAA rules to address rising cybersecurity threats and privacy […]