2015's Big Opportunity For MSPs: Compliance-As-A-Service

The channel had better be ready for the next big as-a-service offering, as solution providers and vendors expect Compliance-as-a-Service to be a massive opportunity in 2015.

The vast majority of MSPs, upward of 88 percent, have at least one client who is subject to some sort of compliance standards, a recent RapidFire survey found. Of that majority, 50 percent have at least six clients subject to compliance standards, the survey found.

That's a huge opportunity for MSPs to sell additional services that clients need, RapidFire CEO Mike Mittel said, an opportunity that not all of them are taking advantage of. That opportunity will be realized in particular in the coming year, Mittel said, with one MSP customer of his estimating the opportunity will be 10 times greater in 2015 than in 2014.

[Related: Top 10 Data Breaches Of 2014 That Got Lost In The Noise]

"I think most MSPs, if not currently offering compliance services, they will be looking at them very seriously in 2015," Mittel said. "2015 is the year."

Brandon Ledford, director of policy and compliance at Oldsmar, Fla.-based Global Convergence, agreed, saying that compliance is "100 percent" likely to be a major business driver for solution providers and MSPs in 2015. However, while compliance services add a lot of value to the portfolio, Ledford said that it is a largely untapped opportunity.

There isn't just one factor driving the push toward Compliance-as-a-Service, solution providers said. Changes in regulatory requirements, such as HIPAA or PCI, are complicated for customers to stay on top of and that, combined with an increase in public awareness and regulatory enforcement, have added to the push to meet compliance standards, Mittel said.

Craig Hurley, vice president of product management at Omaha-based Cosentry, said headline-hitting security breaches, such as the ones at Target, Home Depot and Sony, are also a driving factor behind the push toward Compliance-as-a-Service. While clients still ask for a broad range of security offerings, the breaches are driving a push toward more advanced technology solutions and services across cloud offerings, he said.

That growth isn't coming just from customers who are required to meet compliance standards, said Lorie Dillon, senior product manager at Cosentry. As more customers adopt cloud solutions, they are seriously considering compliance solutions as the next logical step, regardless of whether they are required to, Hurley said. While the conversation doesn't usually start with compliance, customers are moving there as a second step in their cloud "journey," Hurley said.

Jamie Shepard, senior vice president of strategy, health care at Dallas-based Lumenate, said the increase in mobility devices has sparked an uptick in executive interest in internal processes and policies. That conversation about corporate governance, which includes compliance, opens the door to new conversations about data protection, mobility, security and more, he said.

The bottom line is, as with many other technologies, if an MSP doesn't start to offer compliance services, one of its competitors will, RapidFire's Mittel said.

"That's big for an MSP," Mittel said. "Most of the MSPs that we've talked to don't make a practice around compliance but it's an offering they have to bring to their clients that are required to have it or they risk losing their client completely."

However, that doesn't mean that every MSP has to deliver the same compliance offering.

Cosentry has offered a multitenant compliant cloud environment for a few years that includes a bundled offering of vulnerability scanning, log monitoring, access management and more. Recently, the company expanded the offering to 100 percent dedicated hardware environments, instead of only a multitenant offering.

Others, such as Lumenate, have focused on corporate governance, under which falls security, compliance and regulatory issues. Instead of just focusing on HIPAA compliance, for example, Lumenate's Shepard said the company addresses the whole package: the processes, policies, people and products that wrap around compliance.

"This is not an IT conversation," Shepard said, but opens the door to all sorts of conversations about how technology can serve the business needs.

PUBLISHED JAN. 6, 2015