With ever-increasing data and cybersecurity risks in the marketplace, the natural inclination for governance, risk and compliance (GRC) technology may be to scale up. But Lockpath, the creator of the Keylight GRC platform, is looking instead to serve a new customer segment by scaling down with two new GRC offerings focused on small and midsized businesses (SMBs).

On Oct. 11, Lockpath introduced Keylight Team Edition and Keylight Standard, which aim to give SMBs and small enterprises similar features to the company's core platform, now sold as Keylight Enterprise, without the need for extensive customization or configurations.

Keylight Team Edition is intended for customers who want a primarily out-of-the-box solution; Lockpath said it comes with prebuilt roles, processes and dashboards to “get users up and running with effective risk management in days.” Keylight Standard, meanwhile, is the middle ground between Team Edition and Enterprise, and it features enhanced reporting and addresses IT risk and vulnerability management, incident and issues management and business continuity planning.

The ultimate goal, the company explained, is to provide an opportunity to scale up or down as GRC needs change within an organization. Lockpath CEO Chris Caldwell explained that “a simple license key change enables the next edition without conversion or training costs.” And it's not completely predicated on size. Caldwell told Legaltech News that he foresees Team Edition and Standard also being used by legal departments in fast-paced industries, where “many large organizations have older, slower and less nimble GRC platforms that cannot keep up with the market changes that mission critical departments often face.”

Lockpath focused on these smaller businesses and enterprises with its new tool because it found a need in the market for an integrated, wide-ranging tool similar to what Keylight provides, but at a lower cost.

“There are point solutions out there that SMBs can use to solve one or two of their challenges like policy or audit management software that may or may not fit their budget,” Caldwell said. “However, these solutions provide limited visibility into risk dependencies and how these risks affect other parts of the business.”

And particularly in these smaller businesses, the combination of a fast-moving marketplace and a talent pool that doesn't have many risk management professionals could spell disaster. That's where Lockpath hopes the technology comes in.

“Change means more cost, more risk and more regulations to manage. Risk management skills are scarce,” Caldwell noted. “Team Edition and Standard were designed to simplify the processes and absorb the change.”

The GRC market is a growing one. A July report from Grand View Research expects the market to reach more than $64 billion by 2025. That's why it's not a surprise to see companies receive increasing investment for new technologies to govern not only U.S.-based risk, but international risk with the implementation of regulations such as the EU's General Data Protection Regulation.

And especially for smaller businesses that might not know where to start in this growing GRC paradigm, it's important to have a jumping-off point. Lockpath is hoping that its new offerings can provide that stepping stone.

“Compliance and risk management is becoming more and more important regardless of the size of an organization,” Caldwell said. “Some companies try to retrofit existing office management tools, such as spreadsheets and email, to meet their needs. If management needs are simple enough this may work. But as the business grows, requirements change, and they take on more risk, this approach results in inefficient and labor-intensive processes that can't adapt and/or scale to meet business needs.”