‘It’s not about fixing a solution,’ says Dave McKinnon, N-able VP and chief security officer. ‘It’s about working together as an ecosystem. Cybersecurity and compliance is a team sport. We need to collectively collaborate, share information and build resilience.
Dave McKinnon, vice president and chief security officer of N-Able, said The target of the Burlington, Mass.-based vendor’s recent compliance initiative It is not just about complying with regulations like CMMC 2.0 or NIS2, but about creating a more robust and resilient cybersecurity environment for MSPs, their partners, and their end customers.
“The ultimate goal of these compliance frameworks is to build cyber resiliency, not just security,” MacKinnon told CRN. “When we look at regulations like CMMC or NIS2, they are all striving towards one thing, building a cyber-resilient ecosystem. This is about ensuring that businesses can react and recover quickly from cyber attacks, weather events or any other disruption with minimal impact.
One of the biggest challenges for MSPs is understanding how evolving compliance regulations, particularly CMMC 2.0, impact their operations. And any MSP is still unsure what their responsibilities are under these frameworks.
“We realized that many MSPs did not know how these rules applied to them,” he said. “Once the CMMC was finalized they were not sure what their customers expected or how they needed to transform their business. Some are well along with established programs, while others are just beginning to understand what these changes mean.
In response, N-Able has taken active steps to facilitate collaboration between MSPs, offering a collaboration center where partners can share best practices, ask questions, and learn from each other’s experiences. Can. The goal is to ease the compliance burden by creating a support network where MSPs can find resources and guidance from peers who have already faced similar challenges.
And N-Able is putting its money where its mouth is. This week, The vendor, Washington, DC-based Adlumin Inc. acquired, Which will allow N‑able to include security, integrated endpoint management and data protection solutions. Adlumin was acquired for at least $236 million, but the price could rise to $266 million if certain performance targets were met, the company said.
“This is not about dictating solutions,” MacKinnon said. “It’s about working together as an ecosystem. Cybersecurity and compliance is a team sport. We need to collectively collaborate, share information and build resilience.
With global regulations such as NIS2 in Europe, the compliance landscape for MSPs is not only complex but also diverse. To get ahead of this, N-Able launched a Global Compliance Advisory Council to bring together experts from different sectors to help MSPs meet various regulatory requirements.
Simon Beckett, director of UK-based MSP Dynacom IT Support Ltd, is pleased that N-Able is considering international compliance requirements and not just US-focused programs.
“UK-based Cyber Essentials and CE Plus are gaining popularity among UK businesses, and although they include many of the same requirements as NIS2, the character of the rules is different,” he told CRN. “One characteristic of all these programs is that they are constantly evolving, so they will be less effective if they are treated merely as box-ticking exercises between annual renewals. Taking a more holistic approach and focusing on overall flexibility will make annual audits for compliance programs like NIS2 and CE much less painful.
Brent Yax, CEO of Troy, Michigan-based Avacom Technologies, said it feels like the “Wild West” when addressing security in the context of regulatory compliance.
“CMMC and NIS2 are becoming better defined, but there is still a lot of confusion over how it applies to MSPs and what spills over into our operations through our customers,” he told CRN.
He said what N-Able is doing will foster valuable conversations that can help the entire industry tackle these types of challenges.
“The idea is to make sure we’re not just looking at compliance from a U.S. perspective,” MacKinnon said. “Regulations are global, and each country has its own specific requirements. Our Council helps us understand these local challenges and ensure our solutions are adaptable and future-proof for MSPs around the world.
The Council also helps MSPs think beyond just compliance, encouraging them to consider how security frameworks like CMMC impact not only their current operations but their long-term business strategies.
“It’s important to understand your customers’ needs and make sure you know exactly what your compliance obligations are,” he says. “But at the same time, don’t think of compliance as the bottom line. It’s a journey.”