Listen to the podcast
Read Transcript
In this special bonus episode of MSP Chat, sponsored by Datto, Erick and Rich talk about why there’s still plenty of growth potential in backup and security for MSPs and why their clients need help in both areas now more than ever, as well as why speed is the ultimate competitive advantage for MSPs and how to cultivate it. Then they’re joined by Kaseya’s Adam Marget for a look at why cyber resilience solutions should be part of every MSP’s service offerings and why every end user needs cyber resilience. And finally, one last thing: When those cute items you see on a store shelf turn out to be lifelike because they’re alive.
Discussed in this episode:
2026 Kaseya Cybersecurity Outlook Report
Rethinking cyber resilience for modern IT
Owl found napping on antique store shelf in New York
Real-life possum found hiding in soft-toy display at Tasmanian airport
Transcript:
Rich: [00:00:00] This episode of MSP Chat is brought to you by Datto, BCDR, the all in one backup and disaster recovery solution built for MSPs. Let’s be real. Your clients don’t care about backup. They care about up top. No disruptions, no lost data, no downtime. That’s where Datto BCVR comes in with. Built-in ransomware protection, instant virtualization, and 24/7, 365 Human support.
Datto helps you keep your clients running even when disaster. Strikes you get fast, reliable recovery and a single pane of glass to manage all your client backups locally and in the cloud. So if you’re still juggling backup tools or patching together, DR Plans, it’s time to upgrade. Visit datto.com to see how you can deliver [00:01:00] continuity as a service with Datto.
Request a demo and see the solution live to appreciate the power, peace of mind, and the recurring revenue stream it can bring you now. Onto the show. And 3, 2, 1. Blast off. Ladies and gentlemen. Welcome to another episode of the MSP Chat podcast. Your weekly visit with 2 talking heads, talking with you about the services, strategies and success tips you need to make it big in managed services.
This episode actually is in between our regular weekly episodes. It’s sponsored by the folks at Datto and we thank them for that. My name is Rich Freeman. I’m chief analyst at channel Mastered of the organization responsible for this show. I am joined side by your other co-host on the show. He is also our CEO and chief strategist at Channel Mastered.
He’s Erick Simpson. Erick, how you doing?
Erick: Doing well, rich. How you doing?
Rich: I am doing pretty well. I’m doing pretty well. It, it’s a sunny morning in Seattle and that’s really all I need to get my day [00:02:00] off to a good start.
Erick: Yeah you’re in Seattle this week, but that’s gonna change rapidly over the next few weeks here, the rest of this month.
Rich: There is a lot of travel coming up folks and yeah I predict you’ll be seeing me in particular, but the two of us in multiple locations other than the the virtual ones you’re used to here. So lots of good trips coming up. Let’s dive into our top story. I won’t call it the story of the week for this episode of the show sponsored by Datto.
And Datto obviously is a cyber resilience company. We’re gonna be joined by somebody from that company shortly to talk about cyber resilience. I wanna set things up a little bit in, just in terms from my perspective about the need. The business opportunity around cyber resilience and cyber resilience, at least as I define it, basically is a combination of backup and security.
And it’s very easy for folks in our audience here to think this is old hat, this is done. There are bigger, more important things going on. Particularly in [00:03:00] terms of the thing we like to talk about a lot here, Erick, in, in ai. A lot of that is true, but maybe less so than you think.
So first of all, let’s look at cyber resilience specifically. In the context of data protection. And I’ll quote the latest numbers from IDC. They do a a widely cited respected study called the gl global Data Sphere, which measures the total amount of data created, captured, replicated, consumed worldwide.
The latest forecast has the global datasphere growing from 129 zetabytes. In 2023 to 393.9 zetabytes in 2029. So tripling the growth essentially in a five-year time span of the amount of data out there. So there is a lot of data in need of protection. So how are end users in particular protect, protecting that data?
Right now? I’ll give you some statistics from IDC just to give you a taste of the answer to that question. They did some research not too long [00:04:00] ago about how end users are backing up their SaaS. Software as a service. Data 61.7% of the businesses they surveyed are basically just assuming it’s in the cloud, it’s backed up, which of course is not right.
The vendors themselves would tell you, we don’t want you to think about our platform. As a backup tool for the data that you are creating with us. The data retention is very limited. There’s flexibility in terms of what you can do with the data and how quickly you can get to it and so on.
So that is the wrong answer. It’s the answer that 61.7% of businesses out there are relying on. Only 19.2% of the company’s IDC surveyed have some kind of third party backup or BDR solution. 6.6% of the businesses id c surveyed aren’t doing anything. So end users are not taking care of this problem while surely Erick MSPs are taking care of this problem.
Let me quote you some statistics here from Kaseya 2025. [00:05:00] State of MSP report, and I’ll start specifically with BCDR. 53% of MSPs are offering BCDR to their clients. 53%. It’s a little bit over half. I guess it’s better than less than half, 47% of the MSPs out there. Are dealing with this issue and we know the end users aren’t taking care of it as well.
There’s a lot of upside potential in backup for the MSPs in our audience here. And again, cyber resilience is what we’re talking about that combines security with backup. More statistics from the Kaseya study. 26% of MSPs are offering MDR to their customers. 44% are offering identity and access management.
But given that every end user out there is doing something in the cloud, and the most vulnerable way or part of a cloud solution is the identity, the fact that only 44% are doing IAM, that’s a real concern. Only 39% are offering vulnerable vulnerability management. These are [00:06:00] services that are very badly needed that a lot of MSPs are not actually offering their clients right now.
These are revenue and profit opportunities, growth opportunities for the MSPs in our audience. And I just said Erick, that these are badly needed technologies by the end users out there. I’ll just point out part of why. This issue, this whole issue is top of mind for me right now, is that as we are recording this episode of the show the day after Anthropic announced Project Glasswing, and I won’t get into the specifics of that on the show.
We don’t have time for that. Look it up if you haven’t heard about it, but. If you do look it up and you don’t come away from that, a little bit terrified about the security implications of what is coming our way soon thanks to ai, then you’re not reading closely enough. This is gonna be a really interesting year and beyond in security.
It is not okay for your customers not to have IAM or NDR or to be doing vulnerability management or to be [00:07:00] backing up their data. You really need. To be talking with them about backup and that security, that cyber resilience, it’s a growth opportunity for you and it is a necessity for every customer you support
Erick: Rich.
And this is such a, and first of all, let me release the pearls that I was clutching as you were giving me those horrifying statistics about who’s not doing things to protect this data and to protect the security and access to this data. Holy cow. The first thing that I think is, okay, lots of opportunity here, but what, why do we have this gap?
MSPs that we know understand that there is this, huge opportunity. The MSPs understand that at the end of the day, the ability to restore business continuity de can ultimately depend solely on the backup in many cases, and the ability to restore. Access to data platforms and services, whether that’s virtualized to get them running while we do [00:08:00] phased restoration of services over time, like a good disaster recovery process should include.
So is it simply the SMBs that the MSPs are working with that may be just so small and uninformed? That creates a lot of this friction. I know that, in my MSP practice, we had everybody, right? We had, if you think of the pyramid of clients, so think of a pyramid and think of slicing that pyramid into thirds.
The top smallest piece would be your A clients. The middle piece would be the BS and the bottom. It’s probably your C customers. Maybe there’s some clients in there, we worked really diligently to try to make sure that we. Found homes for the CDNF customers that just did not move forward with our recommendations.
You must subscribe to these essential services at a baseline just to be our clients, and then we can work on, moving you up the the value ladder of our services [00:09:00] over time, right? For those strategic clients. I wonder if it’s a scenario where we just haven’t had the ability to convey.
The importance of this to some of these SMBs that are more cost conscious than strategic business owners. And that might be some of the challenge. And if so, what do we do? To enable MSPs to scorecard? These clients have a conversation with each and every one of them. And for the ones that are just not going to move.
Split a plan in place, to exit them as they can replace them with new, more strategic clients, because that is creating a tremendous risk for MSPs along with these SMB customers that just don’t know any better.
Rich: Yeah, I’m absolutely certain most of the MSPs in our audience here right now are thinking that on a certain level.
I know everything you guys just said about the importance of these technologies. I’ve been trying to get my customers to sign up for all this stuff, and they keep, they don’t [00:10:00] understand. They keep resisting. And I guess I, I bring it up in part I, I. I’m aware of that issue. I sympathize with it.
You, Erick, have strategies for dealing with it that we won’t necessarily get into on the show. I’m just maybe underscoring the urgency of moving on this in the way that you were just saying right now because it’s already. Right now a very dangerous world for your clients. And there are high stakes consequences if they get breached.
But we are just really on the verge, on the cusp of a, an even more a terrifyingly more threatening security landscape going forward. And you’ve really just got to set a zero tolerance kind of policy around this stuff. Figure it out. I know it’s harder than than that. You really gotta do that.
Erick: Yeah it reminds me of movies where, oh, you know the, the heroes, on this boat with a survivor, so they’re on this and they don’t see the a hundred, 50 foot waterfall that’s just over, over the horizon as they think, oh, [00:11:00] we’re just gonna paddle as shore and the current is too strong, and oh, here comes this huge drop that’s about to happen.
That’s what’s happening here. Big, yep. Imagine it, right? The risk and the danger and yeah. Glass wing, no joke.
Rich: Alright, you’re talking about getting customers up and running again in the event of disaster within minutes. I know from experience as a journalist, anytime you talk to BDR vendors, they’re gonna talk to you about mean time to resolution because particularly in backup speed matters.
But that is not the only realm in which it matters. Erick, which gets us to tip of the week.
Erick: Thanks for that. Pivot there, rich. Perfect positioning. I’m gonna say something that might sound counterintuitive to our audience, right? Because we always, promote the value of our services and selling consultatively, right?
And differentiating ourselves from our competitors, not because of how quickly we respond to things and how, cheaply we can deliver these things, right? But there are some areas rich, where [00:12:00] speed. Is important, and I’m gonna talk about three things. Three. Three areas where speed is a competitive advantage with MSPs and to think about it a little bit differently.
So our response time and SLA is absolutely something that is expected now, right? This is something that came from the enterprise. Resolution time objectives and resolution times and things like that. When we were restoring continuity of applications and services and things in the enterprise world, when we started delivering services as MSPs to SMBs, we brought that methodology to them.
Through SLAs, but we tweaked it a little bit to say response time, maybe not resolution time, right? So the response time, objective resolution time objective in the enterprise is critical because that costs real, money at that scale. At SMBs, some things aren’t quite as critical to respond to.
Potentially is, they may, might be in the [00:13:00] enterprise, but still our SLA in response time to our clients says, Hey, this is the time that we agree to respond to you based upon the priority the urgency of the issue and the impact to, the organization or your clients and things like that. So there’s formulas, right?
MSPs know what I’m talking about. You know what I’m talking about, rich. The important thing here is not to over promise and under deliver. We want to have a response time that is measured that we can hit and we can report that back to clients. That is table stakes. If it’s a priority one incident.
I know in some SLAs that I’ve worked with partners on over many years, rich, you might have a priority one response time that is 30 minutes. You might have a priority two response time. That is. An hour or two hours, you might have a priority three. That may be four hours. In some cases, you might have a priority one response time.
That’s an hour. You might have a P two at maybe eight hours. You might have a P three at 24 hours. It just depends on what you land on. But [00:14:00] no matter what you promote to your clients, you’re gonna have an internal response time. That has to be better than that because if somebody doesn’t respond, you have to have time to escalate that internally on your service desk to make sure that somebody is on it.
So thinking about that and making sure we hit those numbers and are expressing that in our marketing materials and our sales conversations, in our strategic business meetings with clients to say, we’re meeting those expectations so you don’t have to worry about that. So that’s where speed, according to your SLA, making sure we, we deliver on that is, is key number one.
Here’s one that some MSPs might not think about too often, rich is speed to delivering a proposal, a sales proposal. To a new prospect. When we ran our MSP practice, rich, we had a 72 hour clock. By the time we met with a client and we began, we got gathered all of our in, in intelligence. We tried to get our network assessment done within the same week, but once we had the data [00:15:00] gathered, we let the client know that within 72 hours, no long, no later than that, we would have a proposal turned around to them.
Now, think about this, rich. This is when there was no. There were no tools that could create these proposals for us. This, these were handwritten templates or created templates that we had to adjust. And of course we had templates and all that and we delivered that. But in most cases, we tried to beat that by at least 24 hours.
If it was a small engagement, it could be by, we tried to be by at least 24 hours. In some cases. We did it within 24 hours and tried to schedule the the proposal presentation within 24 hours of that meeting. I didn’t get it done all the time. And of course there’s, other factors like availability of the client.
But that’s one case where you can be different and distinct. Clients that are ready to make a decision, you should not be the bottleneck. Give them everything they need in a proposal format. If you have some templates, great. I don’t recommend just using the the output that just comes out of some PSAs and things like that.
I think when you’re trying to sell a client a an [00:16:00] engagement that may be worth. Hundreds of thousands of dollars over the lifetime of that agreement. You should reflect that in how your proposal looks. Get a professional design done. We, there’s lots of tools out there that you can do. You can hire somebody to create that really nice template for you so you stand out from your competitors.
And the third one, where speed matters Rich, this one is very familiar to MSPs. Onboarding. We can’t have onboarding. That never ends. We can’t. We have to have a minimum set of things that are onboarded and lit up and active in order for us to begin delivering service. But we should have our onboarding process documented.
We should be using tools to help with that, and we want to make sure that client feels like. They’re getting their money’s worth when they say yes, we’re on it. We are executing, we are onboarding, we’re collecting all the data we’re in. We’re including that in our documentation platforms. We’re deploying our agents.
We’re testing things. We’re training the [00:17:00] users on how to open tickets, and it helps us become more profitable, much more quickly. Can you imagine, rich, if we, said, okay, sign the agreement, the client has a problem. And they need help right away are we gonna say, no. You know what, we’re not, you’re not onboarded yet.
We’re not gonna live. You’re not gonna go live until three weeks from today. That’s not a great way to do things. I recommend having a very effective, efficient onboarding process. Deploy it so it is complete so your technicians can actually when you say onboarding is done, that means you have all the data to deliver service against your SLAs in the most efficient way possible.
That doesn’t mean that you shouldn’t deliver service. Until that happens, you should be delivering service on a best effort basis and let the client know this is best effort until we get completely onboarded. But your onboarding should be as quick as possible and set that expectation, and it is a project that needs to be measured, phased, and change managed.
You do [00:18:00] those things rich, you’ll have much happier sales outcomes, much happier client relationships, and much happier technicians. And those are your three tips for this week.
Rich: Apologies to Amus, Jay McBain if I’m getting this wrong, but I’m pretty sure for the last couple years or so, he’s been saying during stage appearances that we are, we’re either already at or very close to the point in time where a majority of the people making it decisions are millennials and you’ve got Gen Z waiting in the wings behind them.
These are people with short attention spans, even old timers like you and me. Have been trained by technology to expect instant gratification. We don’t like to wait. Anymore. MSPs can’t deliver instant gratification to their customers, and to your point, shouldn’t promise that they can. But there is a close connection in this day and age even closer than when you are an m MSP. Between speed and satisfaction, speed and customer [00:19:00] satisfaction. I totally endorse and underscore the point you were making before about not overpromising and un under delivering. You’ve gotta be realistic about what you can do, but to the degree that you can do it faster than other people out there.
Fast period and faster maybe than other people who might be competing for the business. You are going to have an edge because people don’t like to wait and they will reward speed.
Erick: Absolutely rich. And I’ll just add one additional asterisk to it. I’m not saying that you’re gonna deliver the best SLA at the lowest cost.
I’m saying you should be delivering the SLA to hit your margins. But if you give a client a choice between good, better, best. Your best SLA will be your highest priced bundle. It will be included in your highest price bundle of services, right? So just wanted to make sure that I didn’t cause some confusion there.
And I’m not saying, speed is relative to, what you charge clients. If you’re doing stuff faster, you should be paid more for that.
Rich: Okay we [00:20:00] started the show out talking about cyber resilience. Let’s circle back to that topic right now. Erick and I are about to take a quick break here.
When we come back to the other side, we’re gonna be joined by Adam Marette Kaseya to talk about cyber resilience from a Kaseya point of view, what it means, how to get in on it, why you should, why your customers will, thank you if you do, that’s all coming your way. Right after this break,
and welcome back to part two of this episode of the MSP Chat podcast, sponsored by Datto. And we are pleased in fact, to be joined by Adam Marett. He is the senior product marketing manager for backup and disaster recovery at Kaseya which obviously includes the Datto unit there. Adam, welcome to the show.
Adam: Yeah. Rich, thank you very much for having me. It’s a pleasure to be here.
Rich: We and our audience are very interested in backup and in cybersecurity and in the intersection between [00:21:00] those two things at cyber resilience. That’s very much what we wanna get into with you. But before we dive in for folks who are new to you, let them know who you are, what you do at Casa and and the group you’re within.
Adam: Yes, absolutely. It’s a pleasure to be here with everyone. As Rich mentioned, my name is Adam Marette. I’m the lead product marketing manager for our recently rebranded Cyber Resilience Suite, formerly our unified backup suite. So I’ve been a member of the Kaseya team going on just about a decade now.
Originally starting with our Unitrends backup and Disaster recovery Solutions. With the data acquisition in 2022, I started to take on. Ownership of their modules. And I really sit at the intersection of the engineers and the product leaders that are building the technology and the tools that you all consume every day and yourselves, the MSPs and the practitioners that are out in the field telling us what you like about the tools, telling us about what you wanna see next, telling us where we can improve.
So I love hearing the thoughts, the perspectives from both sides of the fence. How we are [00:22:00] designing and the challenges that we’re trying to solve, and making sure that aligns with the challenges and the realities that you all see every day in the field.
Rich: Okay. I have been writing about cyber resilience platforms and suites and strategies in the industry for many years.
I know how I define cyber resilience and why it’s interesting to me, but I wanna make sure just to level set as we go in, the audience understands how you folks de define it. So give me the Kaseya definition of cyber resilience and an overview. Of what it is about cyber resilience that makes it more powerful, more useful for an MSP and their customers than backup alone or security alone.
Adam: Yeah. Rich I think you hit it right on the head where you talk about a platform or an ecosystem, but I think that you can. Address cyber resilience really in two ways. It’s a mindset and an outcome. As a mindset, a cyber resilient organization assumes that incidents are going to [00:23:00] happen. It’s a matter of when, not if we have to face some sort of disruption to our day-to-day operations.
But the, we’re focused on keeping the business running. Containing or isolating that incident. Performing the necessary analysis and resuming operations as quickly as is safely possible as an outcome. It’s exactly that. The ability of an organization to withstand, respond to and recover from a cyber incident without losing that business and momentum, and it really, I think, is the intersection of security and business continuity and disaster recovery.
Security is all about. Prevention. We wanna stop people from getting in. We wanna stop our downstream end users from clicking on bad links. We wanna isolate something once it’s within the network, but if something goes wrong, somebody accidentally deletes something, we are penetrated and infected with something like ransomware.
That’s where we turn to the BCDR side of the equation in that right of boom, to get back to restoration. How can we resume operations with that [00:24:00] minimal disruption? So I think that the organizations and the MSPs that really embrace cyber resilience as an outcome, as a mindset are bringing together those two pillars of security, business continuity, disaster recovery, into a more complete operating model.
And so that it is something that is increasingly standardized, it is scalable, it’s repeatable, and. Ultimately those outcomes are predictable.
Erick: So Adam in the early days of managed services, speaking from experience here, we co hobbled, cobbled together different solutions for the needs of our clients.
But, for the last, few years now, there’s been more of a trend among MSPs to. To rely on platforms rather than point solutions, especially in data protection. So can you share your thoughts on how these integrated cyber resilience platforms benefit MSPs better than [00:25:00] the alternatives and their clients?
Adam: Absolutely Erick, and I think you, you hit it right on the nose where as our environments changed, we would layer on tools and we would add tools to address a specific need. But when you’re relying on those individual point solutions, ultimately MSPs and their teams, they’re spending a lot of time stitching together and correlating alerts, different policies across areas of the environment, dashboards all the workflows across the various vendors.
That they have in their stack and all of that context, switching the limited automation between the tools, it creates inefficiencies. It adds to the training and the operational overhead, and ultimately it creates blind spots. So I think the real advantage in a platform is not just the convenience of being able to.
Manage and take action through a single pane of glass or one user interface. But it’s that consistency. It’s easier for an MSP to standardize service delivery across their base, and that’s where profitability and trust both really [00:26:00] improve. I’ll use ransomware and go back to that as an example. Left of boom, we need to be able to correlate information from our security tools to understand where are our IOCs or those indicators of compromise.
When did they get into the environment? From what point? In in my retention, are my backups clean? How do we start to identify a clean backup and how can we narrow down that scope by taking intelligence or taking signals from the security tooling and correlating that with our backup catalog, we need to know that we’re not going to rehydrate the threat and a cyber resilience platform and think enables MSPs to more readily and more rapidly correlate those signals.
We had a partner of ours that. Has a hospitality client here in the northeast, a boutique hotel, rather large, and they got hit with ransomware the Friday before, the early Saturday morning, right before their Memorial Day weekend. So it’s a huge holiday weekend. They’re open for the season. They are.
Booked up on reservations and all of a sudden Saturday morning they’re calling our [00:27:00] MSP, we’re in huge trouble. But the MSP was able to spring into action, correlate those signals from their different tooling, identify that, hey, our clean conf, our clean backup that we have confidence in was about 4:00 AM from Friday.
So we’re going to revert back to Friday morning about 24 hours of the threat getting into the environment so that they could begin that rebuild and ultimately had them operational for that long holiday weekend.
Rich: Cybersecurity, d data protection, one of the hottest markets in managed services, and it more generally right now, obviously the other one is ai.
There are implications, AI related implications for cyber resilience. AI is very powerful as a defensive tool in the security context. Attackers are using it as well. We were talking off the air actually a little bit about the use of DeepFakes in attacks and so on to what extent do AI based threats make cyber resilience and having a cyber resilience strategy that much more [00:28:00] important, both for an MSP and for their clients.
Adam: I think they, they make it, absolutely. The imperative today the threat landscape is one that has changed rapidly. Sofos revealed in their state of ransomware report that 94% of all ransomware attacks target backups, about 57% are successful. So these threat actors are crafty. They’re attempting to eliminate our ability to recover or to bounce back.
So ultimately, they are successful. In their extortion or in their ransom attempt. I think that on the ability to get in or get network access so that they can establish persistence and ultimately deploy their threat is aided by ai. If you take phishing for an example, a lot of the common tells the bad grammar, the spelling mistakes, that’s all cleaned up now.
The attacker in the middle where they’re attempting to steal MFA tokens by simulating something like a Microsoft login page so that they can get your password and ultimately steal your token. Those look incredibly authentic. Now like you mentioned on DeepFakes, a recent study by [00:29:00] Cornell revealed that 66% or two out of every three participants in the study failed to gener to identify AI generated audio DeepFakes.
So they are. Incredibly accurate, incredibly convincing, and they’re able to produce things at scale. Phishing campaigns that might have taken weeks to build can now be orchestrated in hours, if not minutes. So the bombardment of attacks of misinformation, I think, really has escalated over the last couple of years, and we absolutely need a recovery ready or a cyber resilient posture to ensure that we’re ready to face those threats.
Erick: Hey Adam. We’re talking a lot on the show about, it’s a continuing theme is elevating the value of the MSP from just sitting on a stool in the server room to having conversations in the boardroom. And my question revolves around.
The strategic necessity for [00:30:00] MSPs to evaluate their current business continuity data protection solutions in today’s day and age of data everywhere. And, as a recovering MSP, I know how difficult it is for MSPs that are firefighting constantly to sit down and reevaluate their strategy.
Or maintaining the most valuable asset that they’re defending and protecting for their clients. So can you walk us through a journey of an MSP to say, Hey, how do I evaluate the capability of my current solution against what is required from what my customers are involved in now, where data is just everywhere?
Can you give us some thoughts?
Adam: And I think there, there are a couple of ways to look at this, and you are right Erick, to suggest that it becomes more of a board level discussion and really positioning yourself as more of that strategic partner and avoiding being seen as that cost center.
One step that we always recommend is something like a business [00:31:00] impact analysis or a BIA, understanding the critical systems tiering out all of the different applications of the users, but understanding the dependencies between them as well. As a lot of organizations shift into the cloud, Azure Active Directory or formerly Azure Active Directory, now Entra ID has become that identity and that control plane.
But when you look at what Microsoft provides natively with the recycle bin and some of their capabilities to, to recover or rebuild that identity data, it’s pretty limited. So we need to ensure that. We have mapped the dependencies across the environment, we’ve tiered them, and then the protection is in place so that we can restore those, Chris, those systems.
When you’re thinking about evaluating against maybe the current stack, I think there are three questions that you need to, or your solution providers need to be able to readily answer when it comes to facing an incident. The first is, do I have good backups? If an incident has struck a cybersecurity incident, do I have immutability on my backups?
Is the [00:32:00] backup environment free from compromise? Have I isolated those credentials? Have I tested and verified those backups so that I know that. Okay, here’s a clean, valid backup that we know is going to work. We don’t wanna discover that the backup was completed. We saw that little green checkbox in our ui, but we can’t actually restore the system with it.
So we’ve gotta be testing in advance after we think about, do I have a good backup and from what point can I recover? We’re thinking about where can I recover to, depending on the incident, that primary environment, that primary infrastructure may not be available. But do I have a secondary environment?
In the cloud, do I have the ability to cross restore into a new tenant if I’m in if I’m in a SaaS or an identity environment? The third question is what steps can I automate and what steps can my tooling help me to automate? When MSPs and when we’re dealing with an incident, we are under incredible pressure.
We’re under a lot of strain. We are racing against the clock in a lot of times, downtime. I’ve seen estimates for SMBs. That downtime [00:33:00] ranges from about $8,000 a an hour to $25,000. So it can be absolutely detrimental. When we are rebuilding under pressure, there are a lot of steps that we need to complete.
So what can those automate say? We’re spinning up our virtual machines for cloud recovery. What is the resource allocation for each of those VMs? What is the boot order that I need to bring those systems up in so that the services and the applications are all talking correctly to one another? What sort of cloud networking do I need to configure?
And then ultimately, how do I connect my downstream users back into that cloud? Am I configuring and distributing out VPN files? For example, do I have a secure access service edge? People can click in and single sign on, connect in and access those cloud resources. So when you’re thinking about your capabilities, I would ask, again, and see what the vendors or the tooling, how can they answer those questions?
Do I have good backups and can I prove it with confidence? Where can I recover to, depending on the scenario and what steps, what parts of that [00:34:00] process ultimately can I automate?
Rich: There, there’s obviously a ton of business benefit to the MSPs in our audience, just in keeping their clients safe, safeguarding their clients left of boom, as well as right of boom.
But let’s talk a little bit about the dollars and cents business benefit of embracing a cyber resilience strategy as well. MSPs are always focused on margins. How can embracing a cyber resilience strategy of the kind that you’re talking about here, help them with margins?
Adam: I think there are a couple of areas that you can look at when it comes to that tooling.
Cyber resilience can help MSPs start to improve margins because as we talked about a little bit, it’s more of that higher service or higher value service model. It’s not a checkbox item. They’re not Erick, as you mentioned, sitting in the server room on a stool waiting for something to go wrong.
And if you’re focused on selling backup. It’s [00:35:00] often viewed as a checkbox item. If you’re only selling security, you might start getting price compared or price shopped against other MSPs with similar tools. Is antivirus a really worth an extra 30 cents a seat more than antivirus B? But when you’ve embraced cyber resilience, you’ve got a broader story to tell in a broader service package.
You’re not selling into a single. Product category, but ultimately you are that positioned as that higher value consultant where what you’re selling is the outcome. The outcome of business continuity, the outcome of risk reduction, the outcome of recovery, readiness, compliance support and operational readiness.
All put it together. All put together. I had a partner put it to me once we were at we were at a conference. We met and he said, Adam the tooling that I rely on, I wanted, I wanna be able to help to save people. And in this case, they were based in the mid north mid northwest United States.
They deal with a ton of heavy snowfall. He was telling me about a customer, they’re roof caved in and they were able to virtualize in the cloud. They were able to spin it [00:36:00] up and keep them running. They were able to help save their client’s business in the event that the worst happens. But the opportunity to create value internally and externally.
There are a couple of ways I think to do the first, the integrated platform or leveraging that integrated platform approach can reduce the internal tool cost for an MSP. By lowering that overlap and simplifying management, we wanna reduce as much as possible, those non-billable hours, that kind of low value.
Troubleshooting time so that we can reallocate or reclaim that capacity and redeploy our resources. They are easier I think when you’re looking at cyber resilience rather than positioning. Okay, we’re gonna back up your VMware server. We’re gonna back up your Microsoft 365. When we’re looking at as a business, we’re protecting all of your digital assets, all of your users.
You can bundle that more easily into a recurring offering with more clear business value. I think a lot of MSPs still struggle to justify that cost [00:37:00] of something like a SaaS backup end users. There’s this misconception that, oh, it’s in the cloud. It is it’s gonna be protected. Doesn’t Microsoft have a copy up there?
I think lastly, just bringing it home. It’s able to support that more strategic conversation. It brings you more into the boardroom. We’re talking about business outcomes and business resilience, not comparing line by line the different tools that are in the stack so you can improve your margins, not just by reducing some of that operational drag and operational complexity, but by elevating the value and the perception of the value of the services that you’re delivering themselves.
Erick: Yeah, it’s a very strategic required service that MSPs provide. Somewhat argue it’s the most important service that MSPs provide for their clients and their users. Can you share, Adam, how in working with your partners, you’re seeing MSPs price these services, is there a commonality around a must have?
Base level of [00:38:00] resilience and then do they price it in a good, better, best methodology? How do folks grow that revenue over time and convince their clients to move up the stack, if you will? What are you seeing?
Adam: I think that, you hit it on the nose, Erick, when you talk about a good, better, best, and not all workloads are created equal, which means that the modules behind the scenes that we’re using to protect those workloads may not be, may not be equal as well. For those most mission critical systems, I may need that cloud disaster recovery with a very fast RTO for something less critical like A worker’s laptop, maybe I’m using a direct to cloud solution where I’ll have a little bit more of an RTO, but I’ve still got a way to make sure that I can recover that data.
I’ve got it safe and I’ve got it offsite. One of the things that we’ve seen that’s been very popular among our partners when really trying to justify the solution is we have a waiver and [00:39:00] it effectively the MSP, we’ve got templates that our MSPs can leverage where we put it in and say, you’re denying protection.
You’re going to that if something happens, you’re not backing up your Microsoft 365. We’re gonna ask you to sign a waiver because we know that you should be doing this. And I think by putting that piece of paper in front of them, gets them to see the value of the package. But a good, better, best, depending on the system or depending potentially on on the user are ways that you can tier out and build that into your service packaging.
Erick: I remember using that waiver as an influence back when I was running my MSP. It is definitely, it does definitely get the client to go, wait a minute. What does this mean? What are you saying here? And then you can have that conversation to really deliver that the reality of what they’re saying no to.
Rich: So I wove AI into the conversation earlier on. I’m gonna, I’m gonna weave something else that is adjacent to cyber resilience here and get your take on this as well. And that’s [00:40:00] compliance. Because compliance is obviously a very important issue for the vast majority of vast mbs out there.
How should compliance considerations factor into a cyber resilience strategy?
Adam: Rich. It’s a good question and one where we’re seeing a lot of activity and a lot of conversation in the space, whether it be NIST two in the European Union taking effect the mandates to move from Phipps one 40 dash two later this year in the United States and Canada to phis one 40 dash three validation.
I think that. Compliance really should be looked at as a, it’s a, it’s an important input into your cyber resilience strategy, but it’s not the end goal. I think a lot of organizations treat compliance like a checklist exercise, and they’re focused on passing an audit rather than building that real.
Operational readiness, but a lot of the controls, whether you or your clients are subject to CMMC or NIST, or the Essential eight down in Australia or NIST two, a lot of the controls overlap. They might [00:41:00] be called something different in the context of each standard, but if you need MFA, you’re going to have to implement MFA.
If you need to have principle of least privilege, you’re going to implement principle of least privilege. If you have to prove that backups are validated or there’s a certain RPO or backup frequency, you’re going to align your strategy to that. So I think a strong cyber resilience strategy uses those compliance requirements to help shape the policy, to shape the controls, the documentation.
The data retention, the testing and the reporting, but we wanna go a step further and say, not just did we check all those boxes. Yes, okay, we’re doing what this or others say that we need to do, but we need to ask that question and bring it back to that operational outcome if we were impacted by an incident tomorrow.
Could we abs? Could we actually recover? I think that’s the mindset that MSPs should be in. Compliance will help us define what needs to be re protected, how long data needs to be retained, how quickly we need to report [00:42:00] incidents to what relevant authorities or bodies do we need to report that instant?
What evidence do we need to provide? The resilience is how we translate those requirements into real world capabilities. I think for MSPs, it’s a major opportunity we can help our customers to align backup, security, recovery, the auditing and reporting pieces, map them to those compliance operations, while also strengthening our ability to improve or to action on these in practice.
That posture is a lot more valuable than simply helping a customer say, yep, you’ve checked all the boxes. You can pass your audit now.
Erick: Yeah. That’s a really effective strategy in getting clients to understand when the MSP needs them to up their cyber resilience game. Their cybersecurity profile is to say, let’s take a look at your.
Your cyber liability insurance policy and show them how they’re not meeting any of these requirements. So I like that [00:43:00] approach. Adam for MSPs that are out there looking to become that next generation strategic partner for their clients, what attributes should they be looking for when evaluating cyber resilience products and vendors?
Adam: I would say, Erick, that it goes back to. Some of those questions that we had talked about earlier, and how do we answer those? Do I have good backups? But even going beyond that and look beyond the feature lists and understand whether the tooling together or the platform really supports those business recovery outcomes.
What are the integrations across security, backup recovery, automation, and reporting? If you’re finding that there’s a lot of work that you have to do to stitch things together, if those capabilities are fragmented, you’re going to end up doing a lot of that integration work yourself as it really is cosmetic on the surface I would evaluate recoverability and not just backup. How do we [00:44:00] verify integrity? How do we support a fast, reliable restore? And how do we do so at scale? Is it a repeatable process? Are there elements of it that we can templatize? And what’s the operational efficiency?
The platform, is it easy for technicians to deploy? When we talk about automation and orchestration, going back to our example of disaster recovery in the cloud, I think that the ability to orchestrate is really an unsung hero or an unsung capability of a lot of the platforms that are out there.
Being able to define things like that boot order, like the VM configurations, the VLANs, and all of that cloud networking to have that templated. Test it. And then when the time comes that we need to fire it up and actually run it in a live disaster recovery scenario, we can replay that template. We’ve maybe updated the backups that we’re drawing from, we’ll go from a more recent point in time from our test, but all of those configurations are already available to us, so we’re not having to rebuild and figure that all out punching [00:45:00] in IP addresses under tremendous stress.
When we think about that. Deployment. In that orchestration, it makes it easier to standardize and scale across clients. For a lot of the environments, there may be similarities in their systems or in their workloads or in that criticality. So can we take those templates and apply them across our base so that it’s very scalable a products that’s powerful but has a lot of.
Operational lift to it is going to hurt margins. Your technicians will be consumed with that low value troubleshooting or that non-billable troubleshooting when they could be out there or you could redeploy those hours. I think the last piece really looking at certainly, multi-tenant management, policy enforcement and consistency is important, but automation and intelligence, and not just as kinda buzz words, but what are the practical capabilities and how do this, how does this tooling or how does the automation or the intelligence.
Help reduce some of that manual work or get that non-billable labor off of our technician’s plate. How can we improve our response [00:46:00] speed? How can we identify issues earlier, correlate those signals like we were talking about earlier, left of boom, identifying those IOCs, correlating those scenarios so that we understand, okay, this is where the good backups exist, and now we can begin recovery.
Bringing all of that tooling together, I think is essential for MSPs to be able to deliver it at scale and prove and deliver that value to their customers.
Rich: Okay. Really interesting conversation, Adam. Just a really interesting look at reframing and upleveling the backup and security conversation for MSPs.
Lots of stuff to, to ponder and chew on for folks there and for Erick and myself as well. For people in the audience here who wanna get in touch with you, who wanna learn more about the cyber resilience story at Kase and Data, where should they go?
Adam: Yeah. Rich it’s been a pleasure being on with you and Erick today.
I would say for folks that want to learn more you can find me on LinkedIn. I’m the only Adam Marette up there that I’m aware of [00:47:00] or that I’ve seen so far. But Adam Marette Kase will find me. You can also always visit us. At www.kaseya.comorwww.datto.com, datto really the home for our business continuity and disaster recovery products, our networking.
But Kaseya has really a great entry point to the whole ecosystem that we have here in tooling that goes beyond backup and recovery. Things like documentation, remote monitoring and management. And it’s very easy to navigate. We’ve done a lot of work too. Hopefully improve the navigation there so folks can find what they’re looking for and drill down into the different areas of service delivery, business continuity, et cetera that they’re interested in learning more about for their organization.
Rich: Fantastic. Adam Marette from Kaseya. Thank you very much for joining us here on the show. Folks, Erick and I are gonna take a quick break. Right now when we come back from the other side, we’re gonna share some final thoughts about this very interesting conversation with Adam. We’re gonna have a little fun.
We’re gonna [00:48:00] wrap up the show. Stick around. We’re gonna be right back
and welcome back to our three of this episode of the MSP Chat podcast, sponsored by Datto. One last thank you to Adam Marette from K for taking us through his perspective on the cyber resilience. Use case and opportunity for MSPs lots. Like I said Erick, to chew on in there. Two quick things I’ll call attention to.
First of all, early on in the conversation as he was talking, I was thinking to myself because you and I were both at the RSA conference, big security conference in San Francisco recently. My writeup about that conference afterwards focused in on how often in the conversations I was having with vendors there.
They were talking about this shift in the direction of prevention left of boom, where for years and years it’s really all been about detection and response. And for AI related [00:49:00] reasons in particular there’s this kind of gravity shift in the direction. Left of boom to prevention as well.
And I, I think that makes a ton of sense for those AI related reasons, but it was good to be reminded by Adam here that it is not just enough to be thinking about left of boom. That the ideal strategy, particularly now with AI threats is one that’s focused both on left of boom and right of boom.
And that assumes eventually you’re gonna need help on the right of boom side of things. So that was something that kind of struck me. And then I was also struck and you were as well, it was clear during the interview. I really appreciated Adam’s take on how a cyber resilience platform and message can uplevel that conversation with the customer.
You’re not talking about products, you’re not talking about something kind of commoditized. You’re having. A more strategic kind of conversation with the customer about what you and your company do for them. And that’s [00:50:00] part of what opens the door to it. It lowers objections to doing the things that we know clients need to do so that a waiver form, isn’t necessary there.
And it also opens the door to more margin.
Erick: I really enjoyed his take on understanding what the cost of downtime is per hour. I remember in my MSP, we were trying to calculate that just as a value add of, having us as someone’s MSP is like reducing the cost of downtime.
But that was from a, from business continuity perspective, the way that Adam positioned it, which I thought was right on the nose, was. To figure out what does, like the impact of the speed to business recoverability or continuity mean, and to structure your good, better, best strategy around how quickly do you restore criticality?
I’m always thinking Rich, you know about, good, better, best, and having a minimum standard that everyone has to subscribe to, which is more of the criticality. And to [00:51:00] prove the value to your client to say, oh, yes, this is what we do. Left a boom side, prevention and things like that.
But the real story is what happens when an incident occurs and how quickly we can restore your operational capabilities to continue doing business and looking at those numbers, if you’ve got a hundred users. Are down because of an incident and you can calculate what that downtime costs on both sides of the sword.
It’s the cost of paying someone to not do anything, but then the cost of missed opportunity and product productivity on the other end. It’s a compelling argument and I think that does allow you to have more strategic conversations in terms of here’s how we are going to restore continuity in, in, in this order, and it makes it more strategic and more valuable.
For your client relationships.
Rich: All right. I like it. And it leaves us with time for just one last thing, folks. And this comes to us from Green County, New [00:52:00] York not too long ago. An antique store in east Durham, green County, specifically where somebody was shopping on a recent weekend came across an a knickknack on the shelf of the antiques door, shaped like a, an owl and marveled.
And how lifelike this owl Knickknack was. And it was a actually a chicken shaped cookie jar, excuse me, not owl, a chicken shaped cookie jar, which looked lifelike because it was in fact alive. It, there was an animal on the shelf. I’m not really clear from the writeup here how this happened.
But right there on the shelf with a bunch of other stuff, this person was browsing out. Boy, that thing, that cookie jar really looks like a chicken by golly. It was a chicken. Now this is a crazy thing Erick, how often does it happen? Somebody is shopping in a store somewhere.
They see something on a shelf, they think it’s lifelike. Turns out to actually be a alive just nine days after. That incident in the [00:53:00] Green County, New York, I take you now to a a Tasmanian at an airport in in Australia where a very similar kind of thing happened at an airport gift shop where somebody was poking around and discovered that the the possum plushie on the shelf was not in fact alessy so much.
A possum and when something like this happens twice on opposite sides of the globe within a 10 day span, it does make me wonder, Erick, how often does this happen in general? But folks in the audience, if you have ever encountered a live animal on the shelf of a store anywhere, or if you know someone who has.
Give a, drop us a line please. ’cause something tells me this is not the only two times this has ever happened.
Erick: Yeah. I hope we link to these articles, rich, because you have to see the photos of this and it, it was a chicken shaped cookie jar, but next to it was a like a baby owl, an a live baby owl. That’s what it is.
And I tell you you know what, I’m okay with seeing a live [00:54:00] little baby owl or a live little baby possum in, in the store. What I don’t like seeing is rodents in stores, right? So at least, it was a pleasant, oh, look how cute this is. And not the oh, I’ll never heat in this restaurant again, a thing, right?
Rich: Yeah, exactly. Yeah. It happens in a gift shop or an antique store. You’re good. Yeah. Hap happens in a restaurant and it might be a totally different story. Folks, that is all the time we’ve got for you on this episode of MSP Chat, sponsored by data. We thank you very much for joining us here.
Erick and I are gonna be back in just a few days time with a regular episode of the show. Until then. I’ll remind you that this is both a video and an audio podcast, which means that if you’re listening to us right now, but you’d like to check us out on video, you can go to YouTube, look up MSP chat.
You’re gonna find us there. If you are watching us on YouTube, but you’re into audio podcasts, go to Google, apple, Spotify, wherever you get your audio podcast. You’re gonna find us there too, and wherever you find us, please subscribe. Rate review. It’s gonna help other people find and enjoy the [00:55:00] show just like you do.
This show is produced by the great Riley Simpson, part of the team with us here at Channel Mastered, where we help vendors build optimize Perfect refine MSP channel programs. You can learn more about the many ways we do that. www.channel Mastered.com. Channel Mastered has a sister organization called MSP Mastered, that’s Erick working with MSPs to help them grow and optimize their business.
You can learn more about that at www.mspMastered.com. So once again, we thank you for joining us on this special episode of Show sponsored by Datto. And as we say goodbye. Until next time, I will simply remind you as we always do on the show, you can’t spell channel. Without [00:56:00] MSP.
Check out more episodes
