NY-based MSP Secure Now developed a HIPAA-focused security offering for the health care industry in 2009, and has now added a new offering aimed at the more general market, targeting SMBs, and sold only through partners. Canadian partners are being eagerly sought.
Secure Now, which has been selling its HIPAA Secure Now offering to the health care industry for several years, has significantly widened its horizons with its new Breach Secure Now platform. Aimed at general MSPs, the service is a white-labelled offering sold entirely though partners. Designed to minimize the changes of a client having a data breach, the service focuses on employee security training, and gives the MSP an advanced security solution.
Secure Now started off as a Greater New York City MSP – and still is. In 2009, however, when new HIPAA regulations came in, they developed a specific service for this market, which established a strong HIPAA compliance framework to protect patient information.
“When the new HIPAA regulations around electronic health records were introduced, none of our 75 health care clients were talking about them, and a lot of medical practices were ignoring them,” said Art Gross, Secure Now’s CEO and President. “So we built our own service for both our own clients and other organizations covered by HIPAA compliance mandates.”
Expanding the HIPAA Secure Now service beyond their own client base proved an initial challenge.
“We built the HIPAA service, and nobody came,” Gross said. “So we started to work with other IT companies and built a channel to sell the service. We now have about 350 partners.”
HIPAA Secure Now is not a white-labelled offering, and is very much a niche one, which is laser-focused on HIPAA. Accordingly, it is sold through a hybrid model, with Secure Now selling it direct as well as through partners.
Breach Secure Now is a new offering aimed at a much broader market than healthcare. Designed to reduce the likelihood of a customer having a data breach, the service includes continuous training for users, security risk assessments, and simulated phishing attacks.
“The Breach Secure Now service is focused on protecting confidential information from a breach,” Gross said. “It is not aimed at health care at all, and isn’t a substitute for HIPAA Secure Now. It is appropriate though for financials, government, legal, HR – basically anyone who handles sensitive information.
“The market for this is very broad. We think these services could be sold to just about anyone, because breach protection affects everyone,” Gross said. “The HIPAA service is much more niche. This is not. The rise of ransomware is one of the biggest threat MSPs have. And it’s especially a problem because an attack doesn’t come from something the MSP did. They have very little control over what a customer employee did.”
Gross expects ransomware will only get use, because it better fits the crooks’ business model.
“It’s a lot easier to encrypt and hold data hostage than it is to try and use the data, because using it is where you are more likely to be caught,” he said.
Gross cited an IBM finding that 95 per cent of data breaches are caused by employee mistakes. These include falling for phishing scams, losing a laptop, and posting sensitive information on social networks.
“Breach Secure Now addresses this by being focused on employees, and their security training,” Gross said. “The simulated phishing attacks the partners send are based on the principle that while you can send users to training, simulated phishing attacks are the best way to get them to evaluate every email with suspicion.”
The service also comes with breach forensics if there is a breach, as well as optional insurance protection through AIG sufficient to cover the damage to SMB audiences this is aimed at.
“It’s also all white-labelled, so employees log into the partner branded portal to take the training,” Gross said. “They see the risk assessment, and the results of the phishing. The face of security is our partners branded portal.”
The white-labelling is a key reason why Breach Secure Now is sold 100 per cent through partners, while HIPAA Secure Now, which is not white labelled, is not.
“Partners said they didn’t want us to sell this one direct,” Gross said.
He indicated that the target audience is SMB-focused MSPs, rather than more security-focused MSSPs.
“This is a good add on for an MSP, that allows them to deliver advanced security.”
“When you get into those groups, the conversation spreads quickly,” Gross said.
“We are also educating MSPs with ongoing outreach programs and webinars,” he added.
The Canadian market is close to virgin territory for Secure Breach now. Most of the partners are in the U.S. with small scatterings in other markets like Hong Kong, Australia – and Canada.
“We have only three or four Canadian MSPs, so there is lots of room for growth there,” Gross said.