VigiTrust had been working with MSSPs before, but with a version of VigiOne that was designed for end users, and they expect the new version will significantly expand their MSSP partner base.
VigiTrust, a risk management and compliance-focused solution provider that is based in Dublin Ireland, and has offices in New York City and Paris, has launched a new version of its VigiOne Cyber Security Compliance platform. Unlike past versions of VigiOne, this one is specifically tailored to meet the needs of MSSPs.
VigiTrust has been in business since 2003, but has gone through several incarnations since then.
“We went through a number of lives, starting out as a network security VAR, selling firewalls, two-factor authentication, and AV,” said VigiTrust founder and CEO Mathieu Gorge. “After a couple of years, we started doing data privacy training, which was novel in 2005. We then turned to payment security in PCI, which was also new then, and from that to training on PCI, and from that to security auditing work through consulting. Then in 2012, we decided to productize the training into a platform, and started doing assessments online which evolved into our VigiOne SaaS platform.”
The channel is a relatively new addition to the model
“In last two years, we realized there was another market – MSSPs and InfoSec advisors – who were looking to industrialize the way they do assessments,” Gorge said. “So in the last 18 months, we have been working on collaboration features in VigiOne that allowed third parties to interact and make it much more proactive, and ease collaboration back and forth.”
Gorge summed up the changes in the new version, emphasizing that while MSSPs were working with them before, the new platform better meets their needs, and is likely to draw more MSSP partners to their ranks.
“The platform has been updated and augmented to suit the requirements of the MSSP channel better than it was,” he indicated. “It was designed for end users originally. They wanted a tool to industrialize the process and make sure that the assessments were all done the same way. Now, we have made it easier for MSSPs to manage that. We now have dashboards and an approval workflow, which was not required for an end user – now have capabilities that are relevant for MSSPs.” They now also have a pricing model suitable for MSSPs as well.
“This pricing model is new,” Gorge said. “One of the challenges with compliance is you have to do multiple types of regulatory validation, such as NIST, PCI DSS, HIPAA. From a licensing perspective, we work differently from our competitors. It is all available from the same database that we maintain. The MSSP pays an onboarding fee to get access for a set umber of users and then pays a la carte, only paying for what they use.”
Also part of the package for MSSPs is a new tool, Assessment 360,” Gorge indicates. “It lets them upload their own methodology, and within three or four few clicks, create a product out of their own methodology. That’s unique in the market, to provide this in a self-service way, without a consulting cost.”
Gorge said they are looking to use the new platform to significantly grow their channel.
“We have had channel partnerships with big companies before, and with Tier 2 and 3 consulting houses, as well as with security associations and industry associations,” he stated. “We have made it easier for partners to white label and customize the solutions themselves. But we are looking to grow this further. We are a scaling company, onboarding new partners every week. We think the sweet sport there is a partner that has a minimum of about ten full time security consultants. That certainly reduces the number of targets for us, and leaves out the little guys, but it also doesn’t reduce it dramatically.”
Gorge noted that are getting a lot of traction in Africa, especially sub Saharan Africa, and in Asia Pacific and the DACH.
“We are looking at adding several new partners,” he said. “I don’t think it would be thousands but I wouldn’t complain if it was.
“The Canadian market is interesting for us,” Gorge added. “It is very distributed and bilingual, with both regional and global compliance mandates. The MSSPs in the region are good partners for us.”