New Kaseya MSP Benchmark Survey highlights growing compliance and supply chain challenges
Kaseya, a provider of IT and security management solutions for managed service providers (MSPs) and small to medium-sized businesses (SMBs), had an eventful 2021, involving a high profile supply chain ransomware attack, continued market disruption caused by the coronavirus pandemic, supply chain uncertainty, two strategic acquisitions and revenue growth of more than 25%, which is driving further expansion this year, including plans for 1,300 new hires across its operations in Miami, Dublin, Krakow and Sydney.
The ups and downs of Kaseya’s year will be familiar to the company’s MSP customers, many of whom will have experienced the same challenges and successes, albeit on a smaller scale, as the 11th iteration of Kaseya’s MSP Benchmark Survey makes clear (see findings overleaf).
Mike Puglia, Chief Strategy Officer at Kaseya, told Technology Reseller that there were three things that really stood out for him in the 2022 report: compliance, and specifically the fact that two thirds of MSPs says their customers struggle to meet regulatory compliance; cybersecurity; and supply chain issues.
On the subject of compliance, he said: “Throughout history, whenever you have more crime, in our case it’s cybercrime, governments and regulatory bodies enact more regulations and laws. And then they step up enforcement to make people feel something is happening to solve the crime problem. We’re seeing that with cybercrime; more regulations and more enforcement by auditors. They’re going deeper and every single one of them now talks to IT. Every time there is any type of audit at an organisation or a request from a regulatory body or from a customer, everybody turns to IT. So, there’s a great opportunity for MSPs to do more. Instead of being reactive – ‘Here’s a report on this scan and here’s a report on this scan’ – 75% say they’re now planning to roll out a more productised compliance offering.”
The risk of cyber attacks
This leads on to Puglia’s second point, cybersecurity, and the fact that 50% of MSPs believe their business is at more risk of a cyberattack than it was a year ago, up from 39% in last year’s report, and that more than half of MSPs have clients who have fallen victim to an attack.
Kaseya itself gained first-hand experience of this last July when a number of its MSP customers were targeted in a ransomware attack that exploited vulnerabilities in the company’s remote monitoring and management software – an experience that Puglia says was not wholly negative.
“There were unexpected silver linings, like the amount of assistance that was offered from the vendor and cybersecurity community – people from all over the world reaching out with help or technical data. That was very heartening. Another was a general understanding that things happen; there is no silver bullet that stops everything. That’s why every month Microsoft releases a patch with at least six zero-day and major vulnerabilities, and they have unlimited security tools and resources to draw on.
“Gartner has a statement out there somewhere in which they say ‘perfect protection is not achievable. You need also to increase your focus on detection, response and recover’. And we see this. Most of what we do in the world of cybersecurity is defensive, preventative – more firewalls, more AV – and you should absolutely do that. But what’s important is how quickly you can detect things to minimise the damage, how quickly you can respond to it and, ultimately, how quickly you can recover from it.
“I hate to use this analogy because I’ve used it before: cars had seatbelts; then cars got airbags; then cars got automatic braking and collision avoidance. It’s about how we add layers, and that’s where technology resellers and MSPs can really help.”
In February last year Kaseya strengthened its own capabilities in managed detection and response, with the acquisition of the RocketCyber managed security operation centre (SOC) which monitors threats across endpoints, networks and cloud attack vectors for MSPs and technology resellers.
Supply chain pressures
The third big challenge highlighted by Puglia are supply chain issues covering both technology and people. He points out that even before you factor in inflation and rising petrol prices, the skills shortage means that the pay and demands of qualified people are rocketing, which is causing prices to rise and putting a squeeze on MSPs.
In this context, he mentions recent additions to Kaseya’s IT Complete solutions suite including its second 2021 acquisition, the MSP consultancy TruMethods, and the launch of the Connect IT Community, an online collaboration platform that enables MSPs to share knowledge with peers from around the world.
“With our MSP business consulting and peer groups, instead of just providing technology we can provide independent consulting on how to operate your business in a high inflation environment. Your costs are going up, your customers are not yet fully recovered from the pandemic. How do you handle that other than by losing margin?”
The obvious answer, he suggests, is through process automation and vendor consolidation, both key selling points of Kaseya’s offering.
“The two big posts our consultancy helps with are around automation – what processes should MSPs automate – and consolidation. Most MSPs have 12 to 16 vendors and they usually have multiple products that do parts of the same thing. So, are there areas where you can consolidate your stack and save money?
“MSPs often say ‘We have this that does this type of scan and this that does this scan’ or ‘Joe really liked this product, so we kept it around for these three customers’. There’s a lot of overlap of tools and even clouds. ‘We do most of our stuff in Azure, but we’ve got a couple of customers that really like to be in AWS or Google Cloud.’ Well, maybe it’s time to take a look at those services and say can we deliver this profitably or are we just costing ourselves money?”
He adds: “Most MSPs say they’re busier than ever. Gaining business isn’t the big issue – it’s delivering it profitably and not burning out the people you have.”
More acquisitions likely
For this reason, Puglia says Kaseya is likely to make further acquisitions this year as it builds out a complete toolkit for MSPs to draw on and integrate as their needs change.
“Our goal is to provide MSPs with everything they need, whether they need it today or in the future, so that they can just pull something off the shelf and integrate it with what they’re already using to gain some efficiency. That’s one benefit. The other is if you’re already a customer, we should be able to supply it at a lower price. So we’re going to continue to add on to the stack to make people more efficient and to enable them to buy things at a lower cost.
“The way we look at acquisitions is, is this something that our customers are doing today? Is this something that we can integrate into some of our other products, kind of like Microsoft Office – Word and Excel are two different programmes, but they work well together? And can we offer it to our customers at a lower price because we don’t have all those sales and marketing acquisition costs when selling to existing customers. If it meets those criteria, we have the financial wherewithal to make a move.”
Puglia adds: “We are also going to keep growing organically. We’ve got a lot of plans for our existing products, to keep them best in class, for example by adding more cloud features, because if we’ve seen one thing during the pandemic, it’s that everyone’s going all in on anything cloud.”
Kaseya 2022 MSP Benchmark Survey
Compliance is becoming a bigger pain point for MSPs’ customers. Compliance has become a significant challenge for SMBs, with 74% of MSPs stating that their customers struggle to meet regulatory compliance requirements. MSPs have been stepping up to help customers navigate this complex landscape, with 75% either offering or interested in offering compliance services.
Cybersecurity remains top of mind. MSPs are increasingly concerned about cybersecurity – 50% said their business is more at risk of cybercrime, up from 39% one year ago. Almost half report that a significant portion of their client base has fallen victim to a cyberattack within the last 12 months. Cybersecurity is also a revenue driver; 50% of MSPs say they evaluate the threat landscape quarterly to add new service offerings.
Active incident response plans are a big opportunity. Only 4% of respondents say that 100% of their client base has an active incident response plan. About half state that 25% of their clients have one; 8% of MSPs say that none of their clients do.
Most MSPs test disaster recovery capabilities – but frequency varies. Due to the increasing complexity of IT environments and the cyberthreat landscape, IT professionals are instructed to test their disaster recovery capabilities regularly. Almost one third (30%) of MSPs say they simulate disaster recovery capabilities quarterly, 25% test annually and 9% test monthly. One in seven MSPs (15%) admits that they never test.
Remote work remains a Top Three IT problem in 2022. The pandemic has permanently reshaped the work environment, with 22% of respondents stating that remote workforce setup was the top service requested by clients last year, followed by cloud migration (21%) and business continuity (13%). More than one third (36%) of MSPs see remote work as a Top Three IT pain point for customers in 2022.
MSPs value integrated solutions. Almost two thirds (64%) of MSPs say that integration of core applications, including RMM, PSA and IT documentation software, is either critical or very important to them, with 78% stating that this integration helps drive bottom-line profits.
Supply chain issues hold back MSPs. 92% of MSPs say supply chain issues have impacted their ability to sell solutions.
Hiring remains a challenge. Almost one in five MSPs (19%) believe hiring will be their primary challenge in 2022, up from 4% in last year’s survey.
M&A appetite is still strong amongst MSPs. Many MSPs are actively surveying the landscape and assessing their readiness to buy or sell. More than one third (36%) of respondents plan to sell or acquire within the next 24 to 36 months.