CMMC, HIPAA, Insurance, and the Future of Security Standards with Craig Petronella
Business of Tech: Daily 10-Minute IT Services Insights
Audio is streamed directly from the publisher (pdcn.co) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Host Dave Sobel welcomes Craig Petronella, founder of Petronella Technology Group, to discuss the evolving landscape of technology compliance and cybersecurity. With a focus on the Cybersecurity Maturity Model Certification (CMMC), Craig highlights its significance for defense industrial base contractors and its potential to streamline compliance across various industries. He emphasizes that while regulations like HIPAA and FTC compliance exist, they often lack a consistent framework, leading to confusion and non-compliance among businesses.
Craig shares his insights on the current state of compliance, noting that many organizations, including those in healthcare, are not adequately meeting regulatory standards. He points out that the CMMC introduces a more rigorous approach, requiring third-party validation for compliance, which could help address the shortcomings of existing frameworks. This shift towards a proof-based model aims to ensure that businesses cannot simply check boxes to claim compliance but must provide evidence of their adherence to security controls.
The conversation also delves into the challenges of enforcement and accountability in compliance. Craig argues that without significant consequences for non-compliance, such as losing the ability to operate in certain sectors, many organizations will continue to neglect their security responsibilities. He draws parallels to the driving test analogy, suggesting that just as individuals must demonstrate their driving skills to obtain a license, businesses should be held to similar standards in cybersecurity.
Finally, Craig discusses the role of cybersecurity insurance in driving compliance. He explains how insurance companies are increasingly requiring businesses to implement basic security measures, such as multi-factor authentication, to qualify for coverage. This trend reflects a broader movement towards a "don't trust, verify" model, where organizations must take proactive steps to secure their systems. The episode concludes with Craig advocating for a future where AI and third-party validation play crucial roles in ensuring software security and compliance across industries.
Β
Supported by: https://www.huntress.com/mspradio/
πΌ All Our Sponsors
Support the vendors who support the show:
π https://businessof.tech/sponsors/
π Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
π https://businessof.tech/plus
π§ Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
π² https://www.businessof.tech/subscribe
π° Story Links & Sources
Looking for the links from todayβs stories?
Every episode script β with full source links β is posted at:
π https://www.businessof.tech
π Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
π¬ https://www.podmatch.com/hostdetailpreview/businessoftech
π Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.