Making sure a client doesn’t run afoul of an auditor is a tedious and confusing business.
Compliance services are a growing cash cow for managed service providers (MSPs) that have the wherewithal to provide them. Last year, the implementation of the European Union’s General Data Protection Regulation (GDPR) raised the regulatory-compliance conversation to a global one and made business owners everywhere rightfully nervous. As a result of those nerves, the enterprise governance, risk and compliance market is set to hit $65 billion by 2025.
MSPs are in the perfect position to help customers comply with stringent regulations like GDPR, HIPAA, PCI and others, but it isn’t an easy service to spin up — or to get right. The nuances of data regulations can be incredibly difficult to wrap your head around, and, similar to security, compliance is one area you definitely don’t want to get wrong.
IT assessment solution provider RapidFire Tools, now part of the Kaseya family, on Wednesday released a new web-based solution to automate the delivery of compliance services. Audit Guru for HIPAA is marketed specifically to the health-care industry, but the company says it can be similarly applied to other regulatory standards.
“We think the opportunity is very big,” says Michael Mittel, president of RapidFire. “There’s PCI for credit card processing. NIST for government customer. There [are] banking regulations. FERPA. FINRA. We’ve designed a platform that can handle all these compliance areas.”
Mittel says that once MSPs are in the game and have rolled out compliance services to their customers, it’s only natural they’d want to expand that offering to support customers with other compliance needs. RapidFire has designed the platform to be able to handle those, saying users can simply upgrade to handle other compliance standards.
Possibly the biggest selling point is the help it gives MSPs when dealing with the dreaded external auditor. The auditing process isn’t only difficult to understand, it’s extremely ambiguous and tedious, even to industry experts. In developing the product, Mittel says RapidFire tried to encapsulate the knowledge of consultants, IT professionals, and even lawyers to develop a repeatable and sustainable process that shows an auditor that elusive “reasonable attempt” to comply.
To that end, Audit Guru does its best to automate the compliance reporting process. The administrative safeguard of HIPAA and other regulations details required documents such as policies and procedures, risk analyses and management plans. Each of these reports has different variables that are outlined in the regulations, but can also be time-consuming and resource-intensive to produce. The RapidFire solution scans the network, collects the information, allows for manual collection of information from other stakeholders, and automates the production of the report.
“The product is kind of like a compliance administrator in a box,” explains Mittel. “It’s like someone who’s watching over all the information that needs to be collected, from the stakeholders on the client side to technicians on the MSP side, with an understanding of what an internal auditor needs to produce these reports.”
Under the composite reports, the tool also provides a detailing of all of the issues found that violate HIPAA or other regulations. As the MSP fixes them, it’s automatically documented within Audit Guru.
RapidFire’s license model for the product allows the use of Audit Guru up to 150 endpoints at all of an MSP’s sites for one annual subscription. Mittel says that should cover the vast majority of an MSP’s customer base. Also available are “enterprise” versions, with various models that service up to 1,000 or more endpoints. For those enterprise versions, the company provides discounted VAR pricing, which Mittel says opens up more services opportunities.
Compliance can be big business for MSPs, and we’ll likely see releases from other security and business-management software providers touting the same opportunity this year. If partners can find a way to tame the compliance chaos, they could find a lucrative revenue stream.