As I mentioned earlier this week, in my previous life in the channel at MSP Mentor, I had the opportunity to interview Fred Voccola during his first week of work as Kaseya’s new CEO. Back then, the questions MSPs asked Kaseya were all about whether the company was going after the enterprise market to the detriment of the core constituents that had built its business—MSPs. That was one of the first things on Voccola’s agenda eight years ago.
These days, the questions from MSPs might be a little different. What’s going on with the Datto integration? What are you doing about the security threats out there? I was glad to have the opportunity to interview Fred Voccola again during my first month on the job here at ChannelE2E. Here are some of the highlights.
The MSP Market
Voccola says 99% of Kaseya’s customers are small businesses with fewer than 25 employees, which he said is generally true of most MSPs out there. Even though some MSPs have gotten the attention of venture capitalists and private equity, those larger MSPs still have maybe 300 employees, so they are far from the size of, say, Citibank, according to Voccola. He estimates that about 2% of MSPs today have VC or PE funding versus just 0.5% eight years ago.
Kaseya is also bigger. Voccola says the company’s annual run rate was at about $50 million eight years ago compared to where it is today–close to $2 billion.
The Rise of Cyberthreats
The other thing that’s grown exponentially over the last eight years is security threats and security threat vectors that impact anyone using any kind of system, Voccola said. For instance, the institutionalized and commercialized ransomware machine didn’t exist eight years ago. Today, it's a high-priority threat.
MSPs Getting Squeezed
Which leads to another problem. Voccola says that MSP margins are more likely to be squeezed today because they are being asked to do more – for always-on infrastructure and protection against many more security threats—for the same or a little higher price. Voccola says that’s why Kaseya’s strategy has been to integrate more of what MSPs need into the Kaseya IT Complete platform–such as endpoint management, backup, networking, security compliance tools and more. Voccola says that Kaseya is adding these components into the platform through both internal development and acquisition. He declined to mention any new features he’s looking to add to the platform, but says that a few announcements are coming at Kaseya Connect, April 24-27, 2023.
There are additional benefits to growing through acquisition, Voccola said. “When we acquired Datto, they had a really kick-ass partner program.” That led the way to Kaseya incorporating a lot of the benefits that Datto was offering into the Kaseya partner program.
The Kaseya Ransomware Attack
I also asked Voccola about last year’s ransomware attack on Kaseya and whether it changed the company’s approach to security. He said, “Yeah, it really sucked. I don’t want to sit here and give you the standard BS answer of yes, we learned a ton and we’re trying to get better. All that is true, though.”
Voccola went on to tell me that because of the attack, he connected with some of the top global government and non-government experts on ransomware. As a result, he better appreciates the magnitude of today’s problem of ransomware and “the potential risk it poses to our way of life. That’s a big statement. That’s a big dramatic statement.” In a worst-case scenario, a supply chain shutdown could lead to hunger and chaos in a couple of weeks, he says.
Voccola told me that since that attack, Kaseya has added a number of security modules to IT Complete and lowered the price of the entire security kit. “Because we realize our MSPs need all of it. I don’t ever want to have one of our MSPs say, ‘I didn’t want to use your managed SOC for 24/7 security awareness of my customers because I couldn’t afford it.’”
Advice for Ransomware Victims
Here’s some advice Voccola wants to share for those hit by a ransomware attack: “Anyone who gets hit by a cyberattack—the first people you should call are the FBI, and then engage Homeland Security. That’s what a lot of people don’t do. They get worried that if they call the FBI, the FBI is going to come in and start finding something that the company did wrong. They won’t want to bring them in. That’s the worst thing they can do. The FBI just wants to catch the bad guys and help you recover ... The first call we made was to the FBI and we were just very lucky that we did that. It was one of the best decisions we made. They caught the people who did it.”
