Thrive made a strategic move early this month, picking up Abacode to deepen its compliance bench. The Florida-based firm brings a combined cybersecurity and GRC model that fits right into Thrive’s approach, especially as customers face a wave of changing regulations, from CMMC updates to new AI and data privacy laws.
Thrive is stacking momentum heading into the second half of the year with its third acquisition of 2025 - this time
bringing Baroan Technologies into the fold. It’s part of a broader pattern: three acquisitions this year, 13 over the last two, and a growing emphasis on compliance and cybersecurity.
Thrive’s acquisition of
Abacode and
Baroan gives the MSSP more tools to help organizations navigate a
regulatory compliance environment that is becoming more complex and dynamic amid increasing numbers and sophistication of cyberattacks.
“In the past, many frameworks followed a checkbox approach: meet certain technical requirements, document policies, and you were largely covered,”
Thrive CEO Bill McLaughlin told MSSP Alert. “But as threat landscapes have evolved, regulators have recognized that those early models, like the initial versions of GDPR [Europe’s General Data Protection Regulation] and HIPAA [the United States’ Health Insurance Portability and Accountability Act] didn’t go far enough in practice.”
Now, updated standards and new regulations, like those addressing AI and frameworks like CMMC – a U.S. Defense Department security framework for defense contractors – are forcing organizations to adopt more proactive and risk-based approaches, McLaughlin said.
“That means continuous monitoring, real-time threat detection, and faster response strategies are now key to demonstrating compliance, not just having the right paperwork,” the CEO said. “This shift raises the bar but also provides more room for organizations to tailor their security strategies to their actual risk profile. Compliance is no longer a static checklist – it’s an ongoing process that will continue to evolve as new technologies and threats emerge.”
Abacode Brings Compliance Depth, Baroan Expands Regional Reach
Abacode, an MSSP and managed GRC (governance, risk, and compliance) services provider headquartered in Tampa, Florida, brings with it a range of tools, including its MCCP Core managed
cybersecurity and compliance platform that includes GRC and professional services, access to real-time risk scores from third parties, and around-the-clock managed threat detection and response. Abacode also offers a security operations center (SOC) and CMMC compliance.
Thrive executives said Abacode’s approach of integrating cybersecurity and
compliance onto into a single platform is unique.
“Compliance is a useful benchmark, but security should always be the goal,” McLaughlin said. “Many of the steps taken to ensure compliance are simply good cybersecurity practices. Abacode understands this on a deep level and caters to each client’s needs based on their unique risk profile and IT architecture, which perfectly aligns with Thrive’s approach to building what a customer needs to be successful.”
Now with Baroan’s strong regional presence and customer-first approach, Thrive is expanding both its footprint and its ability to deliver business-aligned tech outcomes. The company isn’t just acquiring talent or logos - it’s building a deeper bench to support clients navigating the next wave of tech, risk, and regulation.
Bolstering Compliance
Boston-based Thrive has always offered compliance services, but with the rapidly evolving regulatory environment, it is taking steps to bulk up what it can bring to organizations. In February, the company
bought Secured Network Services, an IT services provider in the New England region that focuses on several industries. Those include health care, which is seeing regulations continue to evolve, including a range of proposed changes to HIPAA. In May, the company
announced its Compliance Center, which provides mid-market businesses and public sector organizations with information that falls in line with industry-specific needs and international regulations.
Similarly, the Abacode acquisition also will help the mid-market, as well as grow Thrive’s regional presence, this time in the Southeast United States. For mid-market businesses, having flexibility in meeting regulators can be a “double-edged sword,” McLaughlin said, noting that the more adaptable IT environments can improve security but that it also introduces greater complexity when it comes to compliance.
“These companies often operate across multiple jurisdictions with data footprints large enough to draw regulatory attention, yet they typically lack the budget to staff full-scale compliance teams,” the CEO said. “That makes it challenging to maintain the 24/7 monitoring and resilience strategies needed not only to meet today’s requirements, but to keep pace with ongoing changes across each region they serve.”
The MSSP Advantage
This challenge also shows the benefits that MSSPs bring, delivering compliance worldwide for a price that no mid-market company could pull off. The Abacode acquisition adds to those capabilities for Thrive, he said.
“MSSPs play a critical role in helping organizations stay ahead of increasingly complex compliance and security demands,” McLaughlin said. “For enterprises and especially mid-market companies, we offer access to enterprise-grade tools, 24/7 monitoring, and proactive guidance across jurisdictions without the overhead of building everything in-house.”
Rather than managing everything from evolving regulations to fragmented security stacks to expanding threat landscapes, organizations can tap into the expertise and infrastructure of MSSPs, he said.
Cynomi, which offers
vCISO services to MSSPs and MSPs, listed embracing compliance-as-a-service among the
top 10 best practices for organizations that want to ensure they meet regulatory requirements.
“Delivering compliance-ready cybersecurity services requires more than technical controls – it’s about structure, accountability, and continuous improvement,” the vendor wrote. “The MSPs and MSSPs thriving in today’s market embed these best practices into their operations, transforming compliance from a cost center into a strategic advantage.”