A growing number of managed service providers (MSPs) and managed security service providers (MSSPs) are embracing compliance as more than just a checkbox. Savvy MSPs know that compliance can be a powerful, strategic service offering. Compliance Manager GRC makes it easy for any MSP, regardless of their prior experience with compliance, to launch a profitable risk management program in just 10 minutes per client.
To explore how this transformation plays out in the field, Mike Brooks, Senior Director of Product Marketing at Kaseya, sat down with Randy Hall, CEO and founder of Securafy, and his brother, Rodney Hall, Securafy’s President and Operations Manager. The Halls have built a thriving compliance practice and shared their hard-won insights into what works — and what doesn’t — when offering compliance as a service.
Starting out: Lessons from the field
Mike kicked off the conversation with a simple but revealing question: What do you wish you’d known when starting your MSP?
Rodney Hall didn’t hesitate to offer advice on the best foundation for a modern MSP business. "If I knew what I know now, I’d base my business on compliance. Right off the bat that's where the money is," he responded.
Randy Hall agreed, citing compliance as a quick profit center. “It's highly profitable. I would say it's even more profitable than offering regular managed services.”
The Halls agreed that baking compliance into an MSP’s offering and treating it as a core service rather than an afterthought is critical for harnessing it as a growth engine. Randy Hall noted that all of Securafy’s growth in the past 15 to 16 months has been due to compliance.
From manual mayhem to seamless automation
Mike asked the Halls what the compliance landscape was like when they first got into the business, encouraging them to share the challenges that they faced. Both Halls were in agreement that managing compliance as an MSP has come a long way. Rodney Hall categorized their early experience with compliance as “painful,” noting that when Securafy first started, compliance management was a tedious, manual process.
Rodney recalled the early days. “We started with spreadsheets. Then there were some early tools that replaced the spreadsheets. But there was no automation. You had to manually run scans and pull data. For a 20-person company, it could take 40 hours.”
Randy agreed that the methods available to them when they first got into compliance management were not very good, describing the effort as grueling and inefficient. He was quick to point out how that isn’t the case anymore. Modern tools have completely changed the game.
“We had to manage every device separately. Now, we manage by exception. Compliance Monitor in Compliance Manager GRC makes that so easy. It’s now much easier than it was even three years ago,” he shared.
The automation advantage: Doing more with less
As the discussion transitioned into how the process of compliance management has evolved, everyone agreed that automation has revolutionized compliance. With the right tools, what once took days now takes minutes.
“If we weren’t using Compliance Manager GRC with integrations, it would take 2 to 2.5 more people to do what we’re doing now,” Randy explained. “With Compliance Manager GRC, it takes five to 10 minutes to run the discovery agent and see results right away.”
Automation, the Halls emphasized, is the key to delivering compliance at scale. With automation, compliance is no longer labor-intensive. Compliance as a service is now attainable for lean teams.
Selling compliance: A revenue-driving opportunity
Next, the conversation turned to the business case for adding compliance management services to an MSP offering. Randy revealed that compliance services are lucrative in both the long term and the short term.
“Selling compliance as a service is hugely profitable.” Randy said. “It’s great for your monthly recurring revenue (MRR). It's also phenomenal for your net revenue retention (NRR). Showing your customers all of the reasons their systems can’t meet compliance standards, like outdated machines and unsupported operating systems, creates urgency and sales opportunities.”
Randy highlighted the power of Compliance Manager GRC’s clear, color-coded reports when sitting down with their customers and prospects to discuss their compliance needs. Clients instantly see their current status and what needs to change.
“The reports are your business closer,” Randy explained. “Nobody likes red on a report. They want green.”
Compliance fears will torpedo your growth
Shifting gears, the discussion turned to why many MSPs are hesitant to dive into compliance. Despite the clear benefits, many MSPs hesitate to offer compliance for a myriad of reasons, like fear of complexity, potential liability or just not knowing where to start. But the Halls were emphatic that MSPs must overcome their fear of compliance to move forward in the business.
Randy was unequivocal, offering straightforward advice: “If you’re scared of compliance, don’t be. You have to do compliance.”
Rodney took it a step further: “If you don’t do compliance, don’t plan on staying in business.”
Randy agreed, noting that by opting out of offering compliance services, MSPs risk customer churn. “If you're not doing compliance for a customer, another MSP will — and eventually, they’ll win the whole customer.”
Managing risk: Compliance as legal protection
The conversation then shifted to the subject of liability for both MSPs and their clients. Randy Hall noted that one of the best ways to win over hesitant clients and prospects is to emphasize the importance of documentation for preventing a company from incurring costly fines in the event of data security trouble. This is a powerful motivator for less tech-savvy decision-makers.
“Every business owner owns 100% of the risk for compliance and security. If you’re woefully negligent in protecting your customers' data, the fines will ruin your business and tie you up in court,” explained Randy Hall.
Even after that point is made, it can still be challenging to get clients to agree to your suggested adjustments to move them toward compliance. Instead, they may think that you’re just trying to get them to spend more money.
Randy disclosed that the clear reports that can be obtained from Compliance Manager GRC are the key to showing customers that you’re telling the truth about exactly what’s wrong and what’s required to fix it.
“You can say ‘This is not me telling you this. This is the independent third-party software that we've run that has analyzed your network, your endpoints and your cloud environment. It's telling you these are all the things that are required’ and make your point with data.”
Randy went on to say that reiterating the potential financial consequences of non-compliance with customers after their assessment can bring home the danger in a relatable way and offer a path to closing a sale.
“You can then tell them ‘Don't you think it would be better that we solve this now, before it happens?’” he said. “And sometimes some of the bigger companies, I said, spending 50 grand now could protect you from paying six or 7 million later. I mean, it's a risk. It's like having any type of insurance.”
But there is another side to compliance that impacts MSPs. Randy warned that failing to properly manage compliance could also expose MSPs to legal risk.
“If a company has a breach and you’re their MSP, guess who their insurer is going to sue?”
Randy went on to emphasize that documenting efforts to help clients achieve compliance is critical for MSPs to minimize their liability in the event of a customer breach.
“Unless you can prove you warned them and got their sign-off, you're exposed,” he cautioned. “The liability is on us. You need to do compliance to protect yourself.”
Simplify sales and get a leg up with line-item packaging
The conversation shifted to practical sales advice. Mike asked the Halls for tips on pitching compliance in a way that lands. Randy’s tip: keep it visible. Then be sure to point it out to your client or prospect to emphasize the additional value that you offer.
“We sell it as a line item. It has to be there because your competitor’s quote won’t include compliance. That’s your edge.”
He continued to explain that once you’re in the door you can upsell compliance and other services by educating the client.
“Use that first technical data review (TDR) to explain why they need compliance. That’s when it clicks.”
Future-proof your MSP with compliance
As the discussion wrapped up, the conversation turned to the future. Rodney bottom-lined the ongoing value of Compliance Manager GRC for an MSP’s success.
“It gives you real-time information that would take tons of manual labor to get. With a fraction of the time and resources, you can ensure compliance is being maintained.”
Randy offered a final word of advice: MSPs should embrace compliance services now to ensure they’re perfectly positioned for the next chapter of growth.
“It’s the next evolution. To me, compliance is like AI. You better jump on board now or you’ll be so far behind you can’t catch up.”
Take the next step
Offering compliance services is no longer optional, it’s essential. With the right tools, it’s also easy and highly profitable. Compliance Manager GRC gives MSPs a turnkey way to offer comprehensive compliance services that differentiate their offering in a crowded field.
Enjoy Mike’s full interview with the Halls when you watch the panel on-demand.
Want to see how easy it is to get started? Book a demo of Compliance Manager GRC
