Achieve Laser-Focus on M365 Security Compliance for Your Customers
The new Security Navigator features are live within Security Manager. Join us at the upcoming official launch event for Security Navigator on April 30, where you can be among the first to learn about this new feature set. Register Now
Selling Customers on Pursuing Compliance
2024 is the year for security compliance. It is estimated that only 20% of companies have attained an adequate security compliance standing for their industry. But 75% of businesses today are willing to invest in assistance from an MSP; The market is ripe for MSPs to deliver compliance. Here’s how top MSPs are running these projects successfully and profitably.
Regulatory Body | Framework | Enforced | ||
CISA |
Cybersecurity And Infrastructure Agency | CISA Cyber Essentials CPG (Cross-Sector Cybersecurity Performance Goals) |
Recommended | |
NCSC |
National Cyber Security Centre | Cyber Essentials | Mandatory when working with UK Government Suppliers | |
NIS2 |
European Union | 10 Minimum Measures | EU Cybersecurity Regulation | |
BSI |
Bundesamt für Sicherheit in der Informationstechnik | IT-Grundschutz | Recommended | |
ACSC |
Australian Cyber Security Centre | Essential 8 | Recommended | |
Cert NZ |
New Zealand’s Computer Emergency Response Team | 10 Critical Controls | Recommended |
In 2023, the world experienced a 400% increase in cyber-attacks. They are increasing both in number and sophistication. Compliance is more imminently required in certain industries and geographies, and it’s no surprise the businesses of the world are expecting one another to be compliant with security standards. What may be more surprising is that most businesses have yet to take their first step towards compliance by investing in help from their MSP.
When a customer agrees to invest in a compliance journey with their MSP, it can be difficult to frame the project and provide meaningful updates along the way.
There are up to over 150 baseline settings to manage across all of the M365-related compliance settings. MSPs using SkyKick’s Security Manager know how they can easily run the “Get Microsoft 365 Security Baseline Report” to gain visibility on these 150+ settings.
However, each security compliance framework only has a requirement of a sub-set of these baseline settings. So managing a customer’s journey towards compliance often has involved remembering which of the 150 settings pertain to each customer, and only then investigating whether those settings are configured in M365 per the compliance guidelines.
That is, until a recent feature released in SkyKick Security Manager, which brings all these steps into one.
Laser-Focus Managing of Security Compliance
Security Manager recently launched the ability to filter the M365 Security Baseline Report specifically by any of the major international compliance frameworks. This means that when meeting with a customer about their security compliance status, the report can be customized to only show the security settings pertaining to their compliance goals.
For example, for HIPAA compliance, instead of all 150+ M365 baselines settings being in this report, it will filter down to the 48 which are required by HIPAA. Or Essential Eight is filtered down to 33 settings which are required to be configured for M365 compliance to Essential Eight.
This filtered down lists still includes any and all baseline settings required for M365, Entra ID, M365 Defender, and Intune for each compliance standard.
Interactive and Intuitive Compliance Management
The M365 Security Baselines Report contains several elements designed to make compliance management easy for MSP’s. The top of each report starts with the percentage of completeness a customer has attained towards their target compliance.
Simply filter by the security compliance of your customer’s choosing:
Each report is available in formats including the interactive HTML, notepad, and good old Excel. The interactive html output allows you to expand/collapse more detailed information.
One useful piece of information available is the exact security control each M365 setting pertains to. For example, for this HIPAA customer where Exchange sharing policies are not stringent enough, expanding the HIPAA details shows which exact HIPAA control requires this action:
Turning Opportunity into Reality
Security compliance represents a huge opportunity, both for customers to become more secure, as well as the MSP industry to help them get there. The above report is just one of dozens of operations made possible through Security Manager.
With a simple way to report on a customer’s compliance status and the action required, MSPs are equipped with everything they need to have targeted, action-based conversations to manage their customers to their security compliance standard.