Rapid7 increases focus on compliance

It has been a few weeks since Rapid7 and Hitrust announced a partnership aimed at addressing the growing demand for security assurance tools, combining their expertise to streamline compliance processes and reduce risk for customers.

The collaboration integrates Rapid7’s Surface Command tool, which helps customers monitor their attack surface, with Hitrust’s assurance framework, ensuring compliance with established standards. The partnership is designed to automate traditionally manual compliance tasks, making the process more efficient and less burdensome for organisations.

Tim Goodwin, director of international channel partnerships at Rapid7, emphasised the significance of this partnership and hinted at future developments. “It’s an area that we’re moving into, and we do have some more product releases coming. We’re in a pilot phase of some stuff which could enhance this still further. But fundamentally, the partnership with Hitrust has been informed out of the reality that we have most of the data that an organisation needs for compliance,” he said.

Goodwin highlighted the inefficiencies of traditional compliance processes, which are often manual and time-consuming. “Most of the time, compliance is all about manual stuff, and it’s a real point-in-time thing as well. With our technology and marrying it to their framework, we’ve worked with them so that we can automate an awful lot of this and really save time to be able to show an ongoing measurement of the risk,” he added.

He also noted the increasing pressure on customers to meet compliance requirements and respond to audits, which can be stressful and resource-intensive. “Evidence of compliance is what they’re after in terms of an audit. We’ve got most of the dataset that you need to prove that,” he said.

Goodwin further emphasised that customers are under growing scrutiny to demonstrate risk reduction efforts. “That burden of proof is becoming more and more relevant.”

Currently, Rapid7 and Hitrust share around 160 customers, but the goal is to expand the offering to a broader audience, particularly those struggling with compliance challenges. Goodwin pointed out that many organisations face difficulties due to fragmented systems and siloed products, which hinder their ability to gain a comprehensive view of their compliance posture.

“One of the challenges some of these organisations have is that they’ve got so many different products and silos, they don’t get a full view,” he said. “When you get to a security audit, first of all, they’re very expensive, because it’s going to take a lot of time and they’re going to want to look at everything. And they’re inefficient, because the majority of the options right now are spreadsheets.”

Goodwin said the joint offering would appeal to managed service providers (MSPs), which are already adept at maintaining continuous visibility into customer risks. He said the firm was keen to identify those across the channel with compliance knowledge, “working with partners, who are experts in this particular field, to bring additional benefits to the channel”.

Hitrust, a not-for-profit organisation, has experience in compliance, working with 60 recognised standards to help customers adhere to the appropriate frameworks. This not only reduces risk but also lowers insurance costs, providing tangible benefits to organisations.

By combining their strengths, Rapid7 and Hitrust aim to simplify compliance, reduce operational strain, and deliver measurable value to customers and partners alike.