Kaseya is making a multimillion-dollar investment to achieve FedRAMP authorizations across its tech stack to help support MSP partners with their CMMC (Cybersecurity Maturity Model Certification) and other compliance certification requirements.
As part of this initiative, Kaseya has appointed Jon DePerro to the newly created position of vice president, FedRAMP and Compliance Solutions. DePerro has over 20 years of experience in compliance, serving as a counterintelligence officer for the U.S. Army for 15 years and spending the last five years building compliance solutions for MSPs. In addition, Kaseya has engaged certified third-party assessor organization (3PAO) SERA-BRYNN.
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud solutions. Kaseya is one of the first MSP-centric platform vendors to make a tangible commitment to achieving FedRAMP authorization.
MSPs that service Department of Defense (DoD) contractors will need to be CMMC compliant. While CMMC and FedRAMP are two different frameworks, many of the security practices mandated by FedRAMP will support CMMC requirements, especially for CMMC Level 2 and above.
“We’ve made a multimillion-dollar commitment in pursuit of FedRAMP authorization across our IT Complete platform. This investment ensures that partners Powered by Kaseya can leverage this authorization not only to power their SMB customers without disruption, but also to grow their business—making them more profitable,” said Kaseya CEO Fred Voccola, in a press statement. “It will open massive opportunities for them as it’s estimated more than 80,000 organizations will need a CMMC Level 2 certification. We are early adopters in the MSP space for this and are fully committed to making sure our partners have the best chance to achieve the highest levels of success.”
The Kaseya Commitment
Kaseya’s FedRAMP initiative has been underway for about nine months, Max Pruger, GM of Kaseya’s Audit and Compliance Suite, tells MSP Success. “Every single product manager was mandated in Q2 to allocate 20% of their time towards FedRAMP. They’ve primarily been working on access control, which always takes the longest.”
At the pre-day of Kaseya Connect Global in April, during a Q&A with Voccola, MSPs were asking about Kaseya’s plans for FedRAMP. Voccola told partners that Kaseya was committed to pursuing FedRAMP and investing significant resources toward that effort.
“We’re now ready to announce our intentions publicly,” says Pruger, adding that he’s fielding calls with MSPs every day on the topic.
Achieving FedRAMP authorization or equivalency is typically a multiyear process to comply with all 325 security controls in the cybersecurity framework, Pruger says. Each of Kaseya’s more than 40 modules (solutions) must be assessed and authorized on their own, and then re-certified yearly.
Compliance Is A Critical Business Function
DePerro will play an integral role in Kaseya’s quest to achieve FedRAMP authorization. “Whether it’s FedRAMP or European regulations, the world is regulating IT more and more every day,” DePerro tells MSP Success. “Kaseya recognizes this. Compliance is a critical business function now. You have to be able to demonstrate to your partners and your partners’ customers that you’re doing the right thing.”
In his new position, DePerro says the first order of business “is to enable our MSP partners to not only protect their existing book of business, but to grow it. By us getting on the road to meeting more advanced compliance requirements like FedRAMP, we are trying to position our partners to take advantage of these changes in the IT industry. Instead of being victimized by them, we want our partners positioned to grab all this extra work and spend that is going to come.”
Benefits for MSPs
Using FedRAMP equivalent or authorized solutions will open up opportunities for MSPs in the defense industry.
“We’re helping support the MSPs because there are 80,000 DoD supply chain contractors out there that are small and medium-sized businesses that are being supported by MSPs. And MSPs today do not have a platform that they can leverage that meets the CMMC requirements,” Pruger says.
In addition, he says, “By following a government provided framework, you are in a better position to secure your customers. So we want the MSPs to be provided with a much more secure service offering.”
The FedRAMP initiative also supports one of Kaseya’s goals of reducing vendor fatigue. Current Kaseya partners won’t have to add additional products to support some percentage of their customers that are defense contractors, Pruger explains.
DePerro sums it up this way: “Kaseya spends a lot of time and resources staying abreast of and being a leader in the changes in the software industry. We know the problems. We appreciate the problems that our clients are going to run into over the next year or two. And we’re spending a ton of time and money to bring solutions to them before it impacts their business.”
Related: MSPs With The Chops To Deliver CMMC Compliance Can Save Customers Time, Money, And Headaches