MSPs Missing Out on 'Continuous Compliance' Benefits: Report

Compliance services are good for partners to have in their portfolio, but "continuous compliance" services would be even better.

That's the central takeaway of a recent survey by Apptega, a prover of compliance and security solutions for managed services providers (MSPs) and end user companies.

Apptega surveyed executives from 115 security MSPs for its first ever "State of Continuous Compliance Report," and found many respondents who believe compliance services are a necessary partner offering, but don't know how to package them to generate recurring revenue.

Apptega defines continuous compliance, or compliance as a service, as a "proactive approach that helps turn one-off projects into long-term client relationships." The report explains:

[Continuous compliance] transforms compliance from a check-the-box exercise into a continuous state of improvement and scoring, from assessment to audit-ready programs. With continuous compliance, providers can increase recurring revenue, expand margins, and improve customer retention.

In short, compliance as a managed service -- that's the key to generating customer stickiness and recurring revenue from compliance, according to Apptega.

However, despite 74 percent of respondents viewing compliance as a "high growth" market and 80 percent of them offering some form of compliance service already, only half of those do it as a managed service. Instead, the market is filled with one-time, as-needed compliance solutions like assessments or consultations.

Compliance by individual services rendered
Compliance by individual services rendered. (Source: Apptega)

That's not what MSPs, nor their customers, want. Nearly 90 percent of those MSPs with an existing compliance practice professed a "strong desire" to turn these one-time deals into repeat customers, and 70 percent said their customers would prefer continuous compliance monitoring, too. However, "there appears to be a gap between the opportunity providers see and their ability to fill it," according to the report.

The MSPs who already offer compliance services in some form cited five main factors preventing them from offering managed compliance:

  • Lack of resources (45 percent)
  • Cost (42 percent)
  • Lack of expertise (37 percent)
  • Lack of the right tools/tech (36 percent)
  • Not enough client demand (34 percent)

To address those first four bullets, at least, Apptega suggests partners use a compliance automation platform to reduce the amount of specialized, manual, hyper-detailed and generally tedious work that MSPs are currently doing to deliver on each compliance project. (A full half of the surveyed MSPs with an existing compliance practice rely on spreadsheets as their primary software, while a small percentage don't use any software at all.) Apptega, of course, offers such a solution.

Regardless of how they do it, managed compliance is the way forward for MSPs, according to Apptega; even among those who don't currently offer compliance services, three out of five say they plan to do so eventually. Per the survey, "Providers that offer managed compliance are more optimistic about revenue growth, efficiency, and outcomes."

Apptega's full report is available here, with registration.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.


  • Red Brick Graphic

    Microsoft To Pour Millions into Partner Incentives, Azure and Security in FY2025

    Microsoft's inaugural MCAPS Start for Partners event took place this week, marking the beginning of its fiscal 2025.

  • New Microsoft Security Releases Aim To Smooth the Road to Zero Trust

    IT teams often juggle multiple tools to monitor and maintain the security of their environments. Two new products released by Microsoft this week aim to consolidate their toolboxes and help organizations achieve zero trust faster.

  • Antitrust Worries Hound Microsoft Off OpenAI's Board: Report

    In a move likely meant to assuage antitrust regulators' concerns, Microsoft on Wednesday stepped down from its role as a non-voting OpenAI board member.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.