CMMC, HIPAA, Insurance, and the Future of Security Standards with Craig Petronella
Business of Tech: Daily 10-Minute IT Services Insights - A podcast by MSP Radio
Categories:
Host Dave Sobel welcomes Craig Petronella, founder of Petronella Technology Group, to discuss the evolving landscape of technology compliance and cybersecurity. With a focus on the Cybersecurity Maturity Model Certification (CMMC), Craig highlights its significance for defense industrial base contractors and its potential to streamline compliance across various industries. He emphasizes that while regulations like HIPAA and FTC compliance exist, they often lack a consistent framework, leading to confusion and non-compliance among businesses.Craig shares his insights on the current state of compliance, noting that many organizations, including those in healthcare, are not adequately meeting regulatory standards. He points out that the CMMC introduces a more rigorous approach, requiring third-party validation for compliance, which could help address the shortcomings of existing frameworks. This shift towards a proof-based model aims to ensure that businesses cannot simply check boxes to claim compliance but must provide evidence of their adherence to security controls.The conversation also delves into the challenges of enforcement and accountability in compliance. Craig argues that without significant consequences for non-compliance, such as losing the ability to operate in certain sectors, many organizations will continue to neglect their security responsibilities. He draws parallels to the driving test analogy, suggesting that just as individuals must demonstrate their driving skills to obtain a license, businesses should be held to similar standards in cybersecurity.Finally, Craig discusses the role of cybersecurity insurance in driving compliance. He explains how insurance companies are increasingly requiring businesses to implement basic security measures, such as multi-factor authentication, to qualify for coverage. This trend reflects a broader movement towards a "don't trust, verify" model, where organizations must take proactive steps to secure their systems. The episode concludes with Craig advocating for a future where AI and third-party validation play crucial roles in ensuring software security and compliance across industries. Supported by: https://www.huntress.com/mspradio/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessoftech.bsky.social