Kaseya adds governance and risk features to take advantage of what they see as a great growth opportunity for GRC in the SMB space, which can ideally be taken to market through MSPs
Today, Kaseya announced the launch of Compliance Manager GRC, an upgraded version of its original Kaseya Compliance Manager offering. It adds new features that support the governance, risk and compliance [GRC] needs for vendor risk management, IT policy attestation and security awareness training and tracking.
“The original version, Kaseya Compliance Manager, was fantastic but was purely a data audit and validation solution,” said Max Pruger, GM, Compliance Manager at Kaseya, who came to Kaseya from CloudJumper in August 2019 to take over the Compliance Manager business unit when it launched. “GRC goes beyond just compliance. We rebranded it because we added the GRC capabilities. Our aim with this one was to deliver the ultimate GRC platform for SMBs, to be delivered though MSPs.”
The enhancements includes a new scan of the Microsoft Cloud which lets technicians identify employee-initiated changes to the Azure environment and Microsoft Office cloud services.
“We added numerous technical enhancements, but the number one request was this Azure AD scanning,” Pruger said. “It lets you upload the Azure AD settings into Compliance Manager GRC, and map them to specific controls.”
Another new capability is Compliance Manager GRC’s Rapid Baseline Assessment option.
“We have added this concept of a Rapid Baseline Assessment, which allows the MSP to provide and show value to the end customer before they even do any scanning,” Pruger said. “This was another big request.”
The new version of the product provides much more flexibility around industry and government standards.
“We have significantly expanded the capabilities of the product, so any customer can build and expand whatever standard they like, “Pruger noted. “In the new system it is fully exposed so the customer can add their own systems and requirements. We have also added the ability to do a multi-standard crosswalk, which reflects the face that today most customers have to comply with multiple regulatory standards. In the new version, you can select as many standards as you want.”
New as well is a brandable web-based portal that makes it easy for employees to take mandatory trainings, and makes it easy to track their status and acknowledgement that they agree to specific employer policies. All this information is presented through a single dashboard.
“We added a vendor management portal, which creates a custom branded portal for each vendor a customer has and tracks status of the controls they are required to track,” Pruger said.
Pruger emphasized that the expanded solution will have a much broader addressable market.
“This expands our addressable market to every company out there,” he said. “All we see is more standards and guidelines. What’s really driving this market and what’s forcing SMBs to adopt compliance frameworks is cyberinsurance. Now, you can’t just check boxes. You have to show ongoing continuous compliance with evidence to back it up.”
Pruger said that cyberinsurance is becoming much more difficult to get.
“42% of companies wont even qualify for cyberinsurance this year,” he noted. “There is also a new market emerging around cyberassurance. Insurance is highly regulated at federal and mainly state level, while assurance is a different non- insurance product.”
Pruger also stressed that while GRC has been primarily the domain of the enterprise space – with GRC regulation becoming more ubiquitous after Enron – it is spilling into the SMB.
“There are a lot of players in the midmarket and enterprise space, but in the SMB there are not a lot of options,” he said. “What’s unique about us is while there are a lot of checklist products, we are not one. We couple that with software scans to automate large portions of data collection and make them much more efficient.”