Kaseya has introduced a new version of its Compliance Manager solution designed to turn what was primarily an auditing and validation tool for a defined set of regulatory mandates into a more complete and flexible governance, risk, and compliance platform.
“This is a pretty significant upgrade to the product,” says Max Pruger, general manager of Kaseya’s Compliance Manager unit. “We’ve actually completely turned the product on its head.”
Previously, Compliance Manager offered separate dedicated consoles for assessing adherence to HIPAA, GDPR, and the rest of the roughly dozen compliance mandates and standards the system supports. Compliance Manager GRC, as the new release is named, instead provides a consolidated view of every standard and control an MSP monitors in one interface instead. Users can also now create customized standards drawing on a library of some 400 compliance controls. “The product is infinitely extendable,” Pruger says.
New in Compliance Manager as well is a training component that lets technicians assign video-based courses to a company’s employees and specify how many days users have to complete each class. Then they can define a passing grade for the final exam and monitor employee progress. The system delivers that content through a brandable self-serve web portal.
Compliance Manager GRC comes with ready-to-use course materials for a variety of regulations. Users who also subscribe to BullPhish ID, the security awareness training solution from Kaseya’s ID Agent unit, will soon be able to import courses from that product as well.
Most regulations include an employee training requirement of some kind, Pruger notes.
Many privacy- and security-related laws also include rules obliging companies to collect compliance information from suppliers and business partners. HIPAA for example, requires vendors to sign “business associate agreements,” while the federal government’s CMMC standard includes “flow down” requirements for a defense contractor’s subcontractors. To help companies organize and execute that process, Compliance Manager now includes a portal for assessing and tracking vendor surveys.
A newly available integration with Microsoft’s Azure Active Directory allows technicians to import a customer’s identity and access management records into the system for evidentiary documentation purposes too.
“That was the number one feature request that we got,” Pruger notes. “Obviously, lots of organizations are moving to the cloud.” The Azure AD integration also lets technicians identify changes initiated by an employee rather than an administrator.
Data from Azure AD is included in a new Rapid Baseline Assessment feature designed to collect a quick initial view of an end user’s compliance posture based on a roughly half-hour questionnaire. Channel pros can use that information in client meetings and sales presentations, and as the basis for drafting a remediation plan. In the past, users had to complete a lengthy documentation checklist before the system would provide any reporting data.
“It could take 10 to 20 hours of labor to do all of that,” Pruger says. “One of the requests we got from our customers was the ability to provide something of value very quickly.”
For the moment, Compliance Manager GRC is priced the same as the previous version of the product. New, higher rates will go into effect early in the second quarter of the year.
“We added a lot of functionality to the product,” Pruger observes.
Compliance Manager first reached market in 2018 in conjunction with Kaseya’s acquisition of security, assessment, and compliance vendor RapidFire Tools. “For the last few years, we’ve been selling the kind of 1.0 version of Compliance Manager,” Pruger says. Though it gained support for the NIST Cybersecurity Framework and cyber insurance provisioning capabilities in 2020, and CMMC functionality last year, today’s upgrade is the biggest in the product’s history.
“This is our first foray into the GRC space,” Pruger notes.
As before, Kaseya positions Compliance Manager as both a tool for protecting clients from the potentially devastating repercussions of flunking a regulatory audit and a significant new revenue opportunity.
“There’s a lot of value in that offering,” Pruger says. “This is something that MSPs should make a lot of money off of.”
Close to three-quarters of MSPs agree that their clients struggle to meet compliance obligations, and 53% strongly agree, according to Kaseya’s recently published 2022 Global MSP Benchmark Survey Report. Nearly 75% of respondents to that study also said that they currently provide or are gearing up to provide compliance services to their customers.
