Security and data resilience vendor N-able recently announced it has established an initiative to guide IT solution providers through various regulatory and compliance frameworks. N-able chief security officer (CSO) David MacKinnon spoke with Channel Insider about the initiative and why 2025 is the year compliance becomes a key piece of channel attention.

Compliance comes to the channel: why the time was right

Regulations and requirements are not necessarily new, but Mackinnon said N-able saw a gap in the market concerning focus on and understanding of the various programs and how they impact end customers and MSPs alike.

“We’ve been doing the leg work on this and laying the groundwork for a while now, and part of that included talking with providers around the world about compliance and how they were approaching keeping their customers compliant,” MacKinnon said. “What we kept hearing was that many partners didn’t understand the various complexities and changes within different standards, and then also that many MSPs were asking, ‘what does this mean for me and how do I need to adapt,’ and they couldn’t find answers.”

Part of this confusion is likely due to the sheer number of different standards businesses might be held to depending on their geographic location, industry and customer base. In much of Europe, the General Data Protection Regulation (GDPR) is common, but individual countries also have additional regulations in place; in the United States, CMMC 2.0 and NIST 800-171 are national requirements for some, but not all businesses and individual states such as California have privacy and compliance requirements of their own. Then, businesses must also consider industry-specific requirements, including the Health Insurance Portability and Accountability Act (HIPAA).

If that sounds confusing to navigate, that’s because it can be. As these standards continue to impact more businesses, channel partners need to be aware of whether they or their customers need to be compliant.

“We essentially say, ‘which is the most difficult or complex of all the standards, and what does that require’ and we start with being compliant with that standard,” MacKinnon said. “We know from experience that if we attain the most comprehensive standard then we can also qualify for others that require some but not all of that first one we worked toward.”

But how does a business gain that qualification in the first place? N-able wants to help its partners answer that question through educational and technological resources.

The announcement listed several resources and N-able solution ehancements, including:

  • NIST 800-171 Attestation: Mapped out security measures to help N-able’s partners more easily meet requirements for securely managing controlled, unclassified information, necessary for CMMC 2.0 while furthering cyber resiliency best practices.
  • FIPS 140-3 expansion: Continued buildout within core products through the adoption of federally approved encryption libraries and algorithms.
  • Audit Logging: Enhanced audit logging adding tracking for both logins and digital asset changes, furthering N-able’s commitment to the CISA Secure by Design Pledge
  • Separated Hosted Environment: Designed to specifically meet controls for CMMC 2.0 and like-regulations.
  • Product Training: Guidance for utilizing N-able solutions to successfully map to required cybersecurity controls.
  • Designated Compliance Leadership: Addition of expert staff to help N-able and its partners successfully navigate increasing regulatory requirements. 
  • Compliance Resource Center: Including expert blogs, content, and resources such as checklists designed specifically for IT service providers.

N-able sees the initiative as educational, not a “vendor play”

MacKinnon said N-able wanted to invest in this initiative to support community enablement, not to only help N-able customers or build a new product line.

“We want to build the encyclopedia on compliance,” MacKinnon said. “We didn’t want to create this in a bubble; we want this to be shared out and seen as an open ecosystem.”

MacKinnon also noted these resources will be “living documents,” as regulations and compliance requirements will continuously be updated and added upon.

Peer-to-peer sharing, best practices, and more coming in the future

MacKinnon hopes this initiative will develop over the course of 2025 to be a facilitator of knowledge sharing between MSPs and others to bring best practices and success stories forward within the channel.

The overarching goal of the program, according to MacKinnon, is to guide MSPs, no matter their maturity level or current capabilities, towards a more secure future for themselves and their customers.

“Compliance is not a line in the sand where you get it once and then you stop. It’s a set of guiding principles towards a north star.”

CMMC 2.0 was announced in 2024, and many IT solution providers will need to know the requirements and benefits of becoming compliant with the regulation. Read our full guide to CMMC 2.0 now to get answers to your questions.

Subscribe for updates!

You must input a valid work email address.
You must agree to our terms.