News

MSPs Missing Out on 'Continuous Compliance' Benefits: Report

• By Gladys Rama
• June 20, 2024

Compliance services are good for partners to have in their portfolio, but "continuous compliance" services would be even better.

That's the central takeaway of a recent survey by Apptega, a prover of compliance and security solutions for managed services providers (MSPs) and end user companies.

Apptega surveyed executives from 115 security MSPs for its first ever "State of Continuous Compliance Report," and found many respondents who believe compliance services are a necessary partner offering, but don't know how to package them to generate recurring revenue.

Apptega defines continuous compliance, or compliance as a service, as a "proactive approach that helps turn one-off projects into long-term client relationships." The report explains:

[Continuous compliance] transforms compliance from a check-the-box exercise into a continuous state of improvement and scoring, from assessment to audit-ready programs. With continuous compliance, providers can increase recurring revenue, expand margins, and improve customer retention.

In short, compliance as a managed service -- that's the key to generating customer stickiness and recurring revenue from compliance, according to Apptega.

However, despite 74 percent of respondents viewing compliance as a "high growth" market and 80 percent of them offering some form of compliance service already, only half of those do it as a managed service. Instead, the market is filled with one-time, as-needed compliance solutions like assessments or consultations.

That's not what MSPs, nor their customers, want. Nearly 90 percent of those MSPs with an existing compliance practice professed a "strong desire" to turn these one-time deals into repeat customers, and 70 percent said their customers would prefer continuous compliance monitoring, too. However, "there appears to be a gap between the opportunity providers see and their ability to fill it," according to the report.

The MSPs who already offer compliance services in some form cited five main factors preventing them from offering managed compliance:

• Lack of resources (45 percent)
• Cost (42 percent)
• Lack of expertise (37 percent)
• Lack of the right tools/tech (36 percent)
• Not enough client demand (34 percent)

To address those first four bullets, at least, Apptega suggests partners use a compliance automation platform to reduce the amount of specialized, manual, hyper-detailed and generally tedious work that MSPs are currently doing to deliver on each compliance project. (A full half of the surveyed MSPs with an existing compliance practice rely on spreadsheets as their primary software, while a small percentage don't use any software at all.) Apptega, of course, offers such a solution.

Regardless of how they do it, managed compliance is the way forward for MSPs, according to Apptega; even among those who don't currently offer compliance services, three out of five say they plan to do so eventually. Per the survey, "Providers that offer managed compliance are more optimistic about revenue growth, efficiency, and outcomes."

Apptega's full report is available here, with registration.