🖥️ CaaS: Unlocking Growth and Trust for Modern MSPs

The managed services industry is undergoing a fundamental transformation. As regulatory requirements tighten and cyber threats escalate, businesses are no longer satisfied with basic IT support — they expect their Managed Service Providers to be proactive partners in compliance and risk management. Enter Compliance as a Service (CaaS): a game-changing opportunity for MSPs to deepen client trust, and future-proof their business.

✅ Top Compliance Priorities for Healthcare Organizations in 2025

Healthcare organizations in 2025 face an evolving regulatory landscape driven by technological innovation and increased enforcement. MSPs and vCISOs should position themselves to help healthcare organizations proactively address these priorities.

🤔 Reader Poll!

⚒️ Forging Trust: Stakeholder Buy-In on Compliance

Achieving compliance success hinges on more than just policies and procedures; it requires a collective commitment from all levels of an organization. Stakeholder buy-in is the cornerstone of a robust compliance framework, ensuring that everyone from executives to front-line employees is aligned with the organization’s compliance goals. Now, we’ll explore the importance of stakeholder engagement, the strategies to secure their commitment, and how aligning compliance with business objectives can drive meaningful results.

Learn AI in 5 minutes a day

What’s the secret to staying ahead of the curve in the world of AI? Information. Luckily, you can join 1,000,000+ early adopters reading The Rundown AI — the free newsletter that makes you smarter on AI with just a 5-minute read per day.

Sign up to start learning.

Join us for live chat and lively compliance discussions (yes, they happen!) on our regular webinar series, GET NIST-Y!

⚠️ Threat Updates

🔴 Old SonicWall Vulnerability is Actively Exploited (4/17/25)

This week, SonicWall updated its security advisory for an SMA 100 series vulnerability patched in 2021 to warn customers that the flaw has been exploited in the wild. The vulnerability is tracked as CVE-2021-20035 and it has been described by SonicWall as an authenticated arbitrary command execution vulnerability. There does not appear to be any public information about the attacks exploiting CVE-2021-20035. Considering that exploitation requires authentication, the attacks may involve a second vulnerability — either a known issue or a zero-day.

🔴 CISA Guidance After Oracle Cloud Hack (4/17/25)

News of an Oracle cloud system breach emerged on March 20, when a hacker offered to sell millions of data records, including encrypted/hashed credentials, allegedly stolen from Oracle Cloud servers. Oracle confirmed that some servers were indeed hacked, but pointed out that the incident impacted two obsolete servers that were never part of Oracle Cloud Infrastructure.

In order to help mitigate potential risks, CISA has shared recommendations for both users and organizations. The list of recommendations includes a link to cloud security resources made available last year by CISA and the NSA. » View Recommendations

🗨️ Parting Words

“There are only two different types of companies in the world: those that have been breached and know it, and those that have been breached and don’t know it.” ― Ted Schlein

Are you a vCISO or MSP looking to streamline compliance management? We invite you to try Blacksmith, the channel’s fastest-growing tool for Compliance-as-a-Service!