We are no longer in the business of protecting data. We are in the business of protecting the underwriter’s liability.
We have traded engineering for "Compliance."
The IG1 Shopping List CIS Implementation Group 1 isn't a security framework; it’s a shopping list. It’s the "Minimum Viable Security" that conveniently requires you to buy exactly the stack of tools that the major vendors are selling.
It’s a grand collusion that keeps the subscription revenue flowing.
The After-the-Fact Inspection Imagine building a car and, instead of engineering the brakes to work, you just hired a guy to check if the brake pedal feels firm.
That is Cyber Insurance.
We aren't building secure systems; we are decorating insecure systems with enough paperwork to satisfy a claim adjuster.
The more "compliant" you are, the easier it is for the insurance company to deny your claim. They don't see a tragedy; they see a breach of contract.
If you’re building your security strategy around a questionnaire, you aren't an architect. You’re a clerk.
————————
The MSP Contrarian: Unstacking the Business Model
An independent publication. Not affiliated with, sponsored by, or particularly popular with any vendor in the managed services ecosystem. Subscriptions are free. Opinions are not.