Foresite Drives 110% Increase in Managed Compliance Customers in Year One with Apptega

For more than a decade, Foresite Cybersecurity has been making it easy for organizations to manage cybersecurity and compliance programs.  

Combining human expertise and cutting-edge technology, Foresite empowers clients with a range of solutions to better secure their businesses. 

But evolving cyber threats and regulations have made it more difficult than ever to meet onerous regulatory requirements and security best practices. They’ve also highlighted the need for a more holistic approach to cybersecurity and compliance as the two processes more closely intersect.  

To help clients better manage their programs and protect their businesses, Foresite needed a partner and platform that could not only simplify the process but also help carry out its mission to deliver unified security and compliance solutions.

Working with Apptega, Foresite created a continuous compliance offering that delivered significant returns in year one of the partnership.

‍

“Sorry, We Don’t Speak Compliance” 

Today’s cyber threats are more sophisticated than ever, and businesses face increasing complexity when managing compliance programs. And without resources, experience, or an understanding of all the moving parts — the “language of compliance” — many of them struggle.  

Part of the problem is that organizations are managing their programs in antiquated ways, tracking compliance efforts across scattered spreadsheets and files. While this has long been the industry standard, it’s also highly manual, resource intensive, and time consuming.

“Even though there’s a big market for GRC tools, we often come across client organizations that aren’t using anything,” said Marc Brungardt, president and co-founder of Foresite Cybersecurity. “They’re doing it the hard way, unnecessarily complicating their programs. Keeping everything organized, on time, and in one place becomes a major challenge.” 

Managed security providers also struggle with the highly manual, specialized, and resource-intensive nature of compliance work. Many lack the right tools or expertise to help clients meet their compliance needs, which also makes it difficult to show the value and ROI of their cybersecurity services.

It's those security services and products that go toward satisfying compliance framework controls. So, without a holistic approach that combines the two practices, providers and their clients lack key insights needed to properly track and show progress throughout the security and compliance journey.  

“We’ve always provided both security and compliance services,” Brungardt said. “It’s a differentiator for us in the market because most MSSPs are only focused on the security piece. But to build well-managed programs, you need to lead with governance. At Foresite, we start with risk and gap assessments to understand client security postures. From there, we can tailor our security services to fit each client’s unique needs.”

While well-versed in both security and compliance, to truly deliver on their mission of a unified solution, Foresite needed a platform that could help clients more easily manage the complexities and constant changes inherent in their programs.  

After acquiring its own compliance tool, Foresite hoped it had found a better way to minimize compliance lift for its clients. There was only one problem.  

“It was complicated and difficult to use, which we see with a lot of the GRC software market,” Brungardt said. “So, we had to decide if we were going to continue investing in the tool and run it ourselves, or if we wanted to partner with another organization to deliver the functionality for us.”

Deciding on the partner route, Foresite scoured the market for a tool that was not only easy to use but also capable of combining security and compliance in a meaningful way.

“We looked at all the big players — ServiceNow, Vanta, Drata,” Brungardt said. “And while they all had interesting concepts and features, the common thread was they were all complex and difficult to use, much like the tool we already owned. It would take weeks to implement the systems and train our staff on how to use them. They were also extremely expensive.”

Enter Apptega …

‍

‍

A Unified Approach to Security and Compliance

In its search for the right partner and platform, Foresite was immediately drawn to the Apptega platform’s simplicity and ease of use.  

“It’s very straightforward,” Brungardt said. “It almost feels like a consumer product in that after only a couple hours of onboarding, our staff and clients were pros. That wasn’t true of the other tools we explored.”

Through the Apptega platform, Foresite empowers clients to meet framework requirements and ensure strong security postures while also validating work that’s already been done, enabling detailed reporting on progress toward compliance goals at the control and sub-control level. 

“Robust program management was the most critical thing we needed in a platform and partner,” said Thomas Allen, CISO and principal consultant at Foresite. “All the technical stuff is great. But we were looking for a more seamless way to collaborate with our clients and keep their programs on track.” 

The Foresite team can now prompt clients to complete program management tasks they may have otherwise forgotten. These reminders can be linked to specific framework controls, helping justify each task based on what the framework requires. 

“We built the Apptega platform directly into our system as part of our ProVision tool,” Brungardt said. “When we’re trying to bring customers into the Foresite program, Apptega is driving the bus for the governance piece, and we’re complementing that with gap assessments, vCISO services, and other security offerings.”

Within the platform, Foresite can map these services to the framework controls they help satisfy, providing a powerful and lucrative way to deliver the bread-and-butter offerings. And for clients, the Apptega platform is a critical tool for articulating where they are in their security and compliance journey as well as what to prioritize going forward.

‍

‍

The Results — More Clients, Greater Profitability, and Higher ROI  

By making Apptega central to its managed services business, Foresite is better equipped to deliver unified security and compliance solutions for its clients.  

As an organization that leads with compliance for all client engagements, Foresite is not only simplifying compliance management, scoring, and other critical tasks but also helping clients articulate where they are on their security and compliance journeys.

“To get the budget they need, clients often have to justify spend to a board of directors,” Brungardt said. “The Apptega platform helps them move things forward from a prioritization standpoint. And for us as an MSSP, we can match compliance controls to our managed security services and show clients what they need to move the needle, which helps us build trust and ongoing relationships.”

At a time when growth is at a premium for the managed services industry, continuous compliance — where security and compliance services are combined and delivered in the context of a recurring revenue model —  represents a lucrative opportunity for providers to accelerate revenue, margins, and client retention with a differentiated solution. 

The benefits of a continuous compliance approach are threefold:  

1. Foresite can further differentiate its security and compliance services, helping win new business. 

2. Foresite can show client compliance and security posture improvement over time — as opposed to checking boxes for a single event — which typically yields higher renewal rates.   

3. Mapping security services to compliance outcomes, Foresite can show the value and ROI of its services in an unbiased way. 

In its first year working with Apptega, Foresite achieved a nearly 110% increase in managed compliance customers.

Foresite also increased profitability per engagement by 40% through greater efficiency and faster assessments, while also achieving a 45% average return on investment for its clients.

“As an MSSP, we’re focused on increasing recurring revenue,” said Media Landry, senior V.P. of sales at Foresite. “Apptega is committed to helping us reach our recurring revenue goals so we can grow the company, and we’re already seeing the results after our first year of partnership.” 

The Foresite team spends less time chasing down clients to complete important tasks. And clients can more easily track their own activities and understand their compliance lift. 

“The combination of Foresite’s expertise and the Apptega platform are helping guide our clients through the new processes and compliances they’re facing,” Landry said. “This comprehensive approach empowers them to achieve their security and compliance goals more efficiently.” 

‍