March 29, 2024

Episode 18: AI’s Double-Edge Security Sword

Listen to the Podcast

Read the Transcript

Erick’s out again this week, so Rich is joined by co-host James Kernan, Channel Mastered’s Chief Leadership Strategist, to discuss changing tech talent hiring conditions and what MSPs should do about them. Then James shares a three-part tip of the week on why successful MSPs stay positive, stay connected, and are always, always marketing, and Acronis President Gaidar Magdanurov provides an insider’s take on how AI and other trends are changing the security threat landscape and creating new security revenue opportunities for MSPs. And finally, one last thing: an inspiring tale of two sanitation workers going above and beyond the call of duty to help a New Yorker find her lost wallet in a truck full of garbage.

Discussed in this episode:

Latest data shows little movement in tech industry employment, CompTIA analysis finds

Service Leadership Releases Groundbreaking Results in its 2024 Annual IT Solution Provider Compensation Report

Gartner Survey Finds Just 46% of Employees Are Satisfied with Their Career Development

 

Transcript:

 

3-29-24 MSP Chat Episode 18 Export audio

[00:00:00]

Rich: And 3, 2, 1. Blast off. Ladies and gentlemen. Welcome to another episode of the MSP Chat podcast. Your weekly visit with two talking heads, talking with you about the strategy, services, and success tips you need to make it big and manage services. My name is Rich Freeman. I am Chief Content Officer at Channel Master, the organization responsible for this podcast.

My normal co host, Erick Simpson, our Chief Strategist, is out again this week, but I am thrilled to be joined. By my co host for this episode, James Kernan of Kernan Consulting. James, how you doing? Hey, I’m doing

James: fantastic, Rich. Good to be with you today.

Rich: Yeah thank you for joining us on the show.

For for folks who don’t know you or Kernan Consulting tell them a little bit about who you are, what you do, and also your role at Channel Masters. You bet.

James: I am a industry veteran. I’ve been in the industry for 30 plus years. So clearly I started when I was young. Hint, hint.

First half of my career bought, sold, own, or ran seven different tech companies but had a successful exit in 2006 sold my company Networks Plus and And then really stumbled into coaching and consulting, for the second half of my career. I love my passion. My true passion is to help people find success.

So I’ve been very fortunate first half of my career. So now now I spend my time and energy helping put together strategic business plans for MSP business owners to help take their business up to the next level. That’s really it in a nutshell. A lot of M& A experience. I’m an EOS implementer do a lot of one on one executive coaching with current consulting and also run peer groups.

So I’m very well connected in the industry and I love doing what I do. And then lastly, to finish the question, I am very happy to be part of the dream team at Channel Mastered. I’m the chief leadership officer, and really what that means is I’m focused really on strategic business planning creating strong cultures.

Sales driven environments that can help your organization. The differentiator there with Channel Mastered is there’s so many other resources above and beyond myself that really makes up the rest of the pieces of the puzzle that many organizations need. So I’m part of a big team that helps deliver services inside the channel with Channel Mastered.

Rich: Very valuable member of the team. We’re really excited to have you part of the organization. Quickly, before we move on it occurs to me, James, this is not your first podcast appearance. You actually called us to show of your own. Tell folks a little bit about that. Yeah.

James: So I am the, Primary co host on the SMB community podcast.

So international tech podcast. Similar to this, I invite guests on and really we try to stay current with what’s going on in the industry, what’s going on in our economy, and to keep everybody a step ahead of the competition. AB Babinchak’s involved in that. Carl Palachuk’s involved in that. And then we mix in lots of other industry veterans as well, but love to hear from you guys.

If any questions reach out to us at smbcommunitypodcast. com and would love to get your input on the program. Great show and available anywhere you get your podcast too. So I would definitely advise people to check it out. But let’s plunge into our story of the week here, James at this point and I’m going to recite you a few statistics that have been published just within the last two, three weeks, and then get your impression about what these might mean from a strategic standpoint for the MSPs in our audience.

Rich: Data point number one, this comes to us from CompTIA. They just recently published their most recent tech employment report. This one’s covering the month of February. They say the unemployment rate for tech occupations increased to 3. 5 percent in February. Now it was a very small increase, but they’re at 3.

5 percent now versus a national unemployment rate across industries and occupations. Of 3. 9 percent from, a historic standpoint, 3. 5 percent is not a very big number, but if you go back in time a year, two years that tech unemployment number was like half of that. And there was a much, much bigger right now.

There’s a 0. 4 percent difference between the tech unemployment rate and the national unemployment rate used to be much, much larger than that. So we’re seeing tech unemployment creep up a little bit. Let’s keep that in mind. ConnectWise provides data point number two because they published some research just a couple of weeks ago showing among other things that wage inflation for MSPs peaked in 2022 and has shown significant improvement since.

Roughly one third as many employees are projected to [00:05:00] receive what what ConnectWise is calling that top level salary increase. In 2024 versus 2022. So unemployment among technicians, unemployment in the IT industry creeping up, therefore wage inflation coming down. At the same time just recently Gartner published some research and they they went out and research people in and it’s not just in IT and in all the different verticals.

To get a sense for employee satisfaction in a number of different ways. And one of the things they found is, um, employee expectations of their employer are higher than historically they’ve been in the past. The employees believe they should be growing faster in the job than they are, and they’re more likely to pursue jobs elsewhere when their expectations aren’t met.

And more specifically Gartner said. 55 percent of the employees that they surveyed expect to be promoted within two years, but only 40 percent were. So we’re looking at some data here that suggests, obviously we were in a marketplace for a number of years there where tech talent was so hard to get.

That was really a seller’s market. If you’re a technician and MSPs had to be. Accommodating and smart about recruiting technicians and retaining technicians. There’s some data to suggest that playing field is leveling a little bit, but maybe the expectations on the tech side aren’t changing quite as rapidly.

It puts an MSP in an interesting position, James. So I, what kind of advice would you provide to the folks in our audience here? about changes maybe they make to their recruiting strategy, their retention strategy, and their compensation strategy for technicians. Okay.

James: So great. Lots to unpack there.

So let me first say one comment that I used with any scaling or growing business. It’s very hard, like Rich is pointing out, it’s expensive to hire You know, a players is who everybody wants, right? They’re the most expensive. And when you’re in growth mode, you don’t want to put the cart before the horse, meaning hire a bunch of staff before you could afford to pay them.

And it’s very nerve wracking. So, one thing I would recommend just look into outsourcing, look into, part time or 1099 contractors. Each state is different of what they allow or not allow. But number one, that was a secret to the high growth organizations. I was part of is we used a lot of outsourcing paid them by the hour or by the project.

And it helped me scale and the really good ones we hired. So that’s step one, step two, long term plan. You want to build your own culture. And I’ll tell you what the game changer was in here. I think COVID taught us all a lot, obviously it was a horrible thing that happened to the world happened to our industry, but as essential workers, I think the expectations changed on employees as well, where they, Now they like working hybrid.

They like working remote. Hell, we’re technology companies. We should have been doing more of that early on anyway. So the old school brick and mortar, you’ve got to be here eight to five, or I’m not going to pay you, those days are gone. And we want to embrace and create more of that culture where hybrid is okay.

We want to focus on success, focus on results, and you’ve got to make it fun for your employees. There’s got to be upside. And Rich, we’ve talked about this before. I think last show we were on, we talked about EOS. Why I like EOS so much is one of the exercises we do is a tenure plan. Most of you are sitting back laughing going, Oh, my gosh, a 10 year plan.

That’s ridiculous. Who knows if the Internet’s even going to be around in 10 years, right? 10 year plans might not be super important to you, the business owner, but it’s critically important to your entire staff. Everybody wants to know where we’re going. And then also when you’re recruiting, you’re going to tell people about not who your business is today, but you tell them and recruit to where you’re going to be in 10 years from now.

Okay, I think everybody’s capturing my drip. People want to be a part of things growing. They want to be a part of something exciting growing, evolving, adopting new technologies. That’s the culture and that’s the that’s how you attract a players by doing that. So that’s important.

And then back to your comment about employees leaving, it’s statistically, it’s proven, if employees don’t feel respected, they don’t feel like they’re part of the big picture. You need to involve them in the meetings. You need to make them feel like they’re part of that direction where the business is going 10 years from now.

We need to be more, more participative and listen to our employees. If they feel like they’re part of the picture and that we respect them, [00:10:00] then they’re more likely to stay over the long haul. They’ll be much more loyal than if they weren’t a part of those things. Those are some of my quick thoughts on that, Rich.

Rich: And the really key takeaway for me from that is what I’m picking up from what you’re saying, and that’s all great advice, but the maybe big picture story there is it doesn’t matter if the tech unemployment rate is 3. 5 percent or 1. 5%. A smart growth oriented MSP is investing in his or her people.

And culture and growth and all the things that drive recruitment and retention that there that’s perennial. It doesn’t matter if your leverage in the negotiation maybe has changed a little bit, you should still be prioritizing creating an environment that brings in great people and then hanging on to them.

Yes.

James: Yep. Absolutely. That’s so important.

Rich: All right. This is the place in the show where Erick would normally provide his tip of the week. But he again, it’s out this week. James, you are a super talented consultant yourself. So it’s your turn. What is your tip of the week? All right.

James: Tip of the week.

I’m going to say three quick things. All right. So I’m going to do a triple tip of the week. If I could number one in order to be successful, I think in this industry as leaders or business owners, number one, we need to stay positive. So staying positive, pay close attention to what you allow to go into your eyes and your ears, who you hang out with.

That old saying, you become a blend of the three people you spend the most time with. Think about that. And for me, I’d rather hang out with people who, Hey, James, that’s a great idea. Here’s five ways we can do it instead of, Oh, here’s five reasons why we can’t do that. James. Yeah, I think you know what I’m talking about there.

So be careful, stay positive, keep that positive mindset. Number two, stay connected. You guys, this industry is moving like a freight train. And if you’re not staying connected with podcasts and peer groups and communities and your strategic partners and sharing that with your employees and your team, you’re missing out big time.

The days of being connected to one community is old news. You need to be connected to everything. There’s so many data sources that you could stay on top of what’s happening. That’s critical. And lastly. Always be marketing. ABM. Marketing should be the oxygen of your business. You need to do it consistently every single day.

You need to get out there. Deals aren’t just going to fall out of the sky. So be aggressive, market yourself. There’s so many easy free ways to market today. You should be doing it every day. So those are the quick tips I’d share.

Rich: Yeah, great tips. And I’ll just quickly follow up on two of them.

So I love ABM. I have met a lot of MSPs through the years who, I don’t know a lot of MSPs who enjoy marketing. And for that reason they don’t do it on a consistent basis. It’s I could use a few more customers. I think I’ll go do some marketing now. And the leaders the high growth consistently successful MSPs I know are always.

So I’m totally with you on that. And then I will also underscore the second point you made there about staying connected. And here I am co hosting on podcasts. I’ve got a vested interest in driving people to, podcasts and events and communities and everything else, but I really do believe again, that the high growth, successful MSPs I’ve met through the years.

Are the people who make time, and it’s hard, you’re out there fighting fires all day long, it’s a very time consuming, hectic job that you’ve got. But the people who make time for education, for events, for communities, for podcasts, for reading are the people who grow faster than their peers. They just understand where the market is going and where the opportunity is on a different level.

James: Exactly. Said, Rich. Perfect.

Rich: All right. We are going to take a quick break here, folks. When we come back on the other side, I will be joined by Gaidar Madanarov. He is the president of Acronis. Very exciting to have him on the show. That’ll be a solo interview with me and Gaidar. And then we’ll welcome James back after the interview to wrap things up a little bit later on the show.

But stick around, folks. We’ll be right back

and welcome back to part two of this episode of the MSP chat podcast where we are very excited to be joined by the president of Acronis Gaidar Magdanarov who prefers he told me off the air moments ago To just go by Gaidar so that we don’t have to worry about pronouncing. His wonderful last name properly Gaidar so excited, to have you on the show.

Thanks for joining

Gaidar: us Yeah, I’m excited to join you.

Rich: Thank you, Rich. Now I’m going to guess a huge percentage of the folks in our audience are familiar with Acronis and with you, but maybe just let folks know about your role as [00:15:00] president at at Acronis and give them maybe the. 10, 000 foot overview of what

Gaidar: you do at Acronis.

Okay. I’ll start from Acronis. So Acronis is a cyber protection company. So what we do, we provide a platform for managed service providers to deliver services to the end customers. And the services include backup, disaster recovery, cybersecurity, email security, email backup. And so on and so forth. So that’s in a nutshell what Acronis does.

And my role is I run marketing, education, sales enablement, and I’ve been with a company for over 11 years and I was in different roles in my background was science, software engineering marketing. And at some point back in the day, I was a one man shop, MSP as well. So MSP market is very dear to my heart.

Rich: All right. Fantastic. The Theme of our conversation here is going to be about what’s happening in the security market and on the security landscape for Acronis point of view. Perfect background to have that conversation with. I’m going to start here, Gaidar. In February Acronis published a research report.

There were a number of interesting findings in there, but one in particular. With sort of the headline finding and it really does jump out at you that you folks reported 222 percent surge in email attacks in 2023. Versus the second half of 2022, that is a pretty huge spike. What’s the thinking inside of Cronus for why that’s happening?

Gaidar: It sure is. So the problem is if I were to provide a short answer is the generative AI. So the problem with AI is that it makes everybody significantly more productive. And the thing is, it helps the bad guys the same way it helps the good guys. While we use AI to create marketing materials, to communicate with customers, attackers use it to make more sophisticated attacks.

So days of this terrible phishing emails that every customer would be able to see and clearly understand that there’s a phishing, they’re gone. Like anybody can create a very much relevant. Email and try to phish you, right? So this is what’s happening. And if in the past you would spend a lot of time researching the company researching the person, now you can use tools to parse your LinkedIn, parse your Facebook, X or Twitter, and then generate email that will be in the context of coming from a person that you may know or a partner of yours.

Email attacks became much easier and creating phishing websites became much easier. You don’t even have to be a developer to build something. And related to that, what we see is that number of ransomware variants strains is actually reducing. So people don’t create that many new ransomware options because they just work on the ways to deliver that ransomware to their customers.

And AI helps them a lot.

Rich: So better or more effective phishing attacks, presumably more effective business email compromise attacks. Are there other sort of misuses of AI from a security standpoint that you’re tracking at Acronis?

Gaidar: Yeah, absolutely. So people use AI to discover vulnerabilities.

People use AI to discover ways to exploit vulnerabilities and the attackers, they use AI to create scripts, create code that would be delivering the payloads. So basically all the bad guys became extremely productive. And if in the past, people would think that ransomware attacks are happening only with larger companies, because they can pay millions of dollars and the attacks are complicated.

Now, anybody can use AI to scale an attack and go after small businesses. Instead of hitting one company and extracting 1 million, you can hit a million companies and get 1 for each which may be much easier. So this is what is already happening. And the thing is. The main challenge for MSPs in this situation is that they have very much diverse and distributed environment and the kind of traditional tools, traditional security, like the antivirus that you just deployed, just is not helping that much anymore.

So you have to scale up your security. You have to deploy EDR or XDR, Endpoint Detection Response, because you need to collect different events and understand what’s going on the end point. And this is where AI helps the good guys because most of the XDR, ADR solutions are complicated, require a lot of time.

And if you use something like Acronius, where we use AI to simplify that, to filter the events, to create incident reports, also to allow people to communicate with the XDR solution in an actual language, so the technicians can understand what’s going on, how to remediate that. This is what can help to fight against all

Rich: those attacks.[00:20:00]

Yeah, I was that’s exactly what I was going to go into next, actually. Because, yeah, and you alluded to this earlier on as well, that there’s a give and take with AI. It enables the attackers to be more productive and more effective, but same goes for the defenders. Tell me a little bit more about how you are using AI today, but also maybe where you see some potential for more sophisticated use.

Thanks. Of it for security purposes going forward.

Gaidar: Yeah, so we started to use AI back in 2014 when we started building security, we established a security team, and we realized that Acronis used to be a backup company, then it transitioned into the platform for MSPs to Provide data protection. And then we realized that security without data protection is not enough anymore, you have to have the integration.

So we built a product that is using backup to enhance security and security to enhance backup. So what we started to do, we started from building an AI that would basically learn from the data you have on your system and the data you have in your backup and from that data, it can learn how to discover attacks.

So it’s basically behavioral. Engine that discovers malicious malicious software and helps us to. Prevent the security threats. So that’s how we began. And then we started to use AI and many other parts of the product. So for example, we do use AI for prediction of hard disk failures. So you can replace the hardware before it fails.

And then when we built our EDR, then XDR solution, we used AI to filter through the events to reduce the number of false positives. And we have the advantage here because our security is integrated with backup. So we can learn from the data we have in the backup, and then we can discover some of the malicious malicious software in that backup that we cannot discover on a real time.

So that’s one thing we can remove malware from the backup. We can learn from the backup on about different patterns on how you use software, how you modify the data. And that way we can reduce number of false positives, basically for MSPs has been fewer tickets that the technicians have to investigate.

So this is where we use AI to make the technician more efficient, more effective. And then we added generative AI so we can create the. Incident write up reports. We can allow people to communicate with that report and help them to investigate investigate the issue if it’s really a security issue.

And the way we see that AI is augmenting. An MSP technician, because, and I’ve been in that industry for quite some time. So I know in some MSPs, we have one technician handling 200, maybe 400 endpoints and the other MSP technician can be handling thousands of endpoints because they use a standard stack.

They use standard solutions everywhere across multiple customers. So they’re not spending too much time switching between different tools. And one way for MSPs to gain productivity used to be to standardize. Now, on top of it, you need to use AI. So you need to use AI to communicate with customers. So you can free up time to do the actual IT work.

Then you need to use AI to enhance your tools. So again, you can handle more workload coming from customers. So you become more productive. You free up time to learn new things. That’s how a lot of MSPs are. able to find time to study, to learn cybersecurity, because that becomes a necessity for everybody.

Rich: So AI is helping technicians and security analysts. It’s also helping the attackers. One of the things I wonder about, and I don’t know how easy or possible it is even to answer this, but who ultimately gains the edge around AI, are Attackers going to benefit more from this technology look from a long term perspective versus defenders, or is this going to help companies like Acronis ultimately gain ground, stay ahead of the attackers?

Gaidar: I’ve been in software for long enough to see that security is never ending. Game like attackers will always try to come up with something new and defenders will have to come up with tools to prevent those attacks. I don’t think there’s a, there’s ultimate winner. One thing that is clear for sure is that to prevent AI based attacks, you have to use AI because people are just unable to respond so quickly or detect all the patterns and there’s an interesting thing, and maybe it will be interesting for the audience is that at some point, cyber insurance companies Started to provide checklists and requirements for what needs to be implemented, different tools.

And I [00:25:00] remember early days when it would be like, you have to have an antivirus, you have to have a backup, you have to have remote management, something like that, it was very basic. Now it’s becoming really sophisticated. They have requirements on what kind of tools you have to have, what kind of training you have to provide to your customers so I can envision, and I’m speculating, but I can really envision that at some point they will require MSPs.

To use AI based security tools, just the same way as airlines require pilots to use autopilots. Because that way there will be fewer mistakes, it will be easier, it will be safer, and so on and so forth. So I think that’s the same thing that’s going to happen in the MSP world.

Rich: So you touched on something a few minutes ago that I wanted to ask you about.

Actually, you were talking about the distributed environments that MSPs are responsible for securing right now. And actually, in, in the latest release of your product you folks made a point of emphasizing That you’ve enhanced the functionality for multi site organizations. Tell me a little bit about what, what has changed in these last two, three, four years?

What, the ways in which SMB environments are more distributed and the security implications of those changes.

Gaidar: Yeah. So that would be long answer. So first of all, I have to make a distinction between the products that we offer. We have a Korean cyber protect cloud. That is the platform for MSPs as a design for multi tenancy.

And we’re very proud that we build the platform from scratch for MSPs. Back in 2014, we started building it. And now we have the platform that Designed for service providers. And then what we released recently was our on prem product that is mostly used by SMBs and enterprise edge scenarios. So everything outside of the corporate data centers, and in most cases, this is the scenario where the customer prefer to have some kind of a.

Air gapped environment where the product works without working through the cloud. It’s private networks, it’s manufacturing or healthcare. Like it’s a completely dedicated network for that. And sometimes MSPs are managing it. Sometimes corporate IT is managing it. That’s one clear distinction.

As for the attacks on distributed enterprises or distributed SMB environment, what happened over the last years with COVID, everybody learned how to work from home. And suddenly. Everybody started to work from home. So what happened in the process is that now you had to protect the corporate network that was in the past.

You had to protect the corporate network. Now you have to protect all of the devices accessing that network. So people using some home devices from home networks and they can be completely unsecured and they accessing the corporate network, they accessing corporate data. The accessing the applications from the corporate network.

So the surface of attack expanded and now it became even more important to protect all those endpoints. And I can give us some examples from our partners. So in the past, a lot of partners, what they were looking at is protecting the server infrastructure. And then have very basic protection for the end points, because most of the end points were within the corporate network, they had firewalls, they had URL filtering, they had email security.

So they thought it will be good enough. But now with people accessing corporate networks from all over the world, it became significantly more difficult. Complicated to protect those endpoints. And they started to deploy EDR solutions so they can collect all the events. They understand what’s going on that particular device that’s accessing the corporate network from a home network, and they can investigate.

Incidents. If something happens because they have all the events collected. So the MSPs have to become more sophisticated to be able to address this distributed environment. So another thing I would highlight is that the protection. Of the endpoints protection of home networks, it’s became a thing.

And even though MSPs usually don’t, a majority of MSPs that I know are not usually handle residential customers, more and more MSPs have to provide some kind of a guidance recommendation or training for the home network. Employees of companies accessing corporate network and corporate resources from home.

They have to deploy tools to monitor what’s going on the network. They have to deploy tools to monitor what’s going on those devices. So again, it adds more workload on MSPs. And this is where AI automation plays a key role. Given that there’s more workload, There are not so many new or maybe not enough it talent on the market, but you still have to manage your customers and protect your customers.

AI is one way to increase capacity of every technician of MSP.

Rich: So one of the things that, that you folks emphasize regularly, and you’ve [00:30:00] already done it in this conversation too, is it’s not just that Acronis has backup and security it’s tightly integrated backup and security, and, in, in addition to co hosting this podcast and working at Channel Mastered, I have a blog that I write called Channelholic.

I did a post probably two, three months ago about this topic, about how even The BDR vendors and the security vendors are beginning to understand they’ve got it, it’s not enough to offer that functionality standalone that there has to be integration and, Veeam and Sophos announced something along those lines recently.

Help folks in the audience understand from an MSP point of view, the difference between having BDR and having security. And having those two things integrated and coordinating and talking with each other.

Gaidar: Yeah, it’s a very good point. So first of all, we need to differentiate the type of integration.

Now, almost every vendor provides some API that allows you to integrate with other solutions. So you can launch backup or launch recovery from your security solution. This is, I would say a must. Functionality like everybody has to have it because again, automation helps you to prevent those sophisticated attacks that people cannot just catch because they don’t have enough time or reaction time is too long.

What we were doing at Acronis, we were building. And we call it a native integration. It’s the backup and security designed is one solution, meaning that security has complete access to backup. And when we compare it with different security vendors, I don’t want to name the names, but you can look at the limitations that they have.

Some have very basic functionality. They can launch backup or they can launch recovery. Some have limitation on recovery of files. Based on size, some may not even have ability to immediately recover. So you have to do the remediation step. What we can do because we’re natively integrated is we can use the backup data to learn from it.

We can clean the backup data we can recover. And when we recover, we can also patch the system. So patch and recovery. So your system recovers to the state that is not vulnerable to the. The vulnerability that was exploited. So we can do things like that. And we believe at Acronis that is what MSPs need, because if the, they were to have a huge security team that will be managing all the events, managing all the devices understanding what’s going on, doing the security analysis, maybe they wouldn’t need to have the native integration, a quick recovery, because they would There will be people doing that, but even MSP have shortage of talent.

They don’t have enough time. Customers are very diverse and distributed. They have lots of tickets to handle. They just don’t have enough time. They need a solution that will take some of the workload from them. So the solution that will be able to detect an attack, reduce the number of false positive, and.

Immediately automatically remediate, if the remediation is needed, or at least help to initiate remediation. So this is what integration is able to do. And I’m a true believer that in the future and the near future. All tools to some extent will be integrated. Why one way or another? Because integration allows to get this additional efficiency.

And that is why when we were building the platform for MSP, we were also building platform for extensibility. We started from building a platform on which we can ourselves integrate different tools. Cause we were acquiring different companies, refactoring their code, and then. Making part of the product.

So the platform was helping us to build one solution and build it quickly. But at the same time, we made it extensible. So we have SDKs, we have so called cyber app standard that allows MSPs or other vendors to build tools and integrate them with Acronis. So everything is in the same console, in the same platform.

And I think that in the future. More and more MSPs will be integrating tools and making their own technology stack and then forcing customers to use that particular technology stack. So they can standardize across the board and they can increase the efficiency of the technicians.

Rich: It, it raises a related question.

There, there is this age old debate in it about. The relative merits of a unified platform versus a best of breed kind of approach. You guys, it sounds like, are pursuing both paths, or giving MSPs the flexibility to choose either of those paths. Do you have thoughts, though, about which of those approaches is better from an MSP’s point of view?

Should people be looking To get as many of the security capabilities as they need from one supplier. What are the trade offs if they do that? Same question essentially for best of breed. How do you think about. The distinctions between those two [00:35:00] strategies.

Gaidar: Yeah. Great question. I just had a conversation a few hours ago with a partner and I asked them why they chose Acronis and how they use Acronis.

And I think the answer is really applicable here. So the partner told me that first they were looking at the savings. They can get from consolidating multiple vendors. And they were looking not only at the price that they pay for the tools, but they also look at the time that technicians spent on managing all the tools, because there’s most of the MSPs do, they would acquire a customer with whatever customer has.

And then over time, they’ll try to standardize, but they still have to manage different tools from different vendors and technicians are making mistakes, technicians, spending time on updating agents, resolving conflicts, testing. So it was taking a lot of time. Okay. So the number one thing from the integrated solution perspective is that everything is one agent.

One console, one policy. So it’s relatively easy to train an onboarded technician, how to do, how to use the solution. And also it’s easier to avoid mistakes. It’s easier to avoid some conflicts between different agents. So the savings, that was one thing that partner highlighted. The second thing they highlighted is reliability, because what they’re afraid of, they’re afraid of customer churn.

They afraid of some dramatic event that may happen and customer get very upset. And leave. So they are afraid because they thought that they have so many different solutions. They don’t even No, if they’re working or not. And then now they have one centralized console. They see their backups. They see their security status.

They have some of their tools integrated in there. They also see them in one place and that allows them to at least understand what is going on and also. Again, fewer human errors, fewer mistakes with updates and upgrades, and that leads to higher reliability. And then the third thing they highlighted is the ability to upsell services to the customer.

They already have the agent deployed. They provide backup. Then they reach out to the same customer and offering them higher SLAs in case they Upgrade to the next package. And that next package comes with disaster recovery and much faster SLA and recovery, or that package comes with XDR instead of just an antivirus.

And what is good for the partner and on the integrate platform, they already have the agent deployed. They just need to enable. The policy and that starts working and they don’t have to do anything else. They don’t have to sign another agreement. They don’t have to bring another vendor. They just start paying for the functionality that they use and they start charging customer for the functionality they delivered.

So those are the benefits of integrated solutions from the MSP perspective, not even talking about the technology, but it’s basically savings, high reliability, and. Chance to upsell customers easier.

Rich: Um,

We’ve talked about AI a little bit. Obviously another huge trend in the industry for a bunch of years now already is cloud computing more and more. A huge portion of the computing that SMBs do is software as a service infrastructure as a service. From your perspective, from Acronis perspective, how are the challenges of securing those workloads different from securing endpoints, servers and desktops and laptops, et cetera?

And what kind of capabilities, what kind of technologies are should MSPs be looking for to make sure that they’re doing the best possible job of securing all that stuff happening in the cloud?

Gaidar: Yeah, it’s a interesting question. Yes, one thing that we see is that more and more of on prem infrastructure moves to the cloud.

Majority of our partners, and we have over 20, 000 partners worldwide. They’re reporting the same thing. File servers move to OneDrive and SharePoint and the cloud. Email moves to cloud. So M365, Google Workspace. So basically on premises infrastructure, some network devices, printers, and endpoints. And they have to protect that infrastructure because from the end points, they have access to all the corporate data in the cloud.

So moving to the cloud doesn’t change anything from the perspective of protecting endpoints. You still have to protect endpoints because eventually somebody will either. Exfiltrate data hacking the endpoint, or they will just access the data or damage the data in the cloud from the endpoint, so they still have to protect that, but then when it comes to cloud the MSPs have to protect what’s critical.

So they need to have backup for SharePoint, backup for OneDrive. So they will have a copy of that data, even though the cloud vendors, they offer some retention policies. There are multiple challenges with that. So one challenge would be that retention will be limited. 30 days or something. So let’s say if your data is corrupt and modified in some malicious way, but you did not just start and [00:40:00] 30 days or 60 days, 90 days, whatever it is, you’ll try to access your data and the data is compromised or it’s modified.

So one thing is backup, backup for email backup for collaboration applications. Then the second thing is of course the security services. And one of the things that we see. Most of our partners deploy is email security, and that’s probably the best investment that people can do. Most of our partners that see customers moving to M365, the first thing they do, they implement backup for M365 and then security, email security, because email is the number one security.

Vector of attack. So they implement email security to prevent customers from getting all those phishing emails to make sure that they’re not receiving malware and so on and so forth. And that kind of becomes a requirement. If you don’t provide backup and security for the cloud service, the chances are that you may be losing customers just because they will have incidents, they will have issues.

And There’s an interesting thing, and not so many people think about it right now, but if you think about application of AI, what basically AI does, it learns from your data. So the output of AI is as good as the data that you use it, use for training it. And the thing is, there are attacks where attackers can modify the data.

So the AI that consumes that data will be making decisions that are favorable for the attackers. And this is, we see. It is happening already, and there’ll be more and more of it in the future. And you can come up with multiple examples, but basically if your security solution. Learned on a compromised data set, the chances are it will miss some of the malicious malware just because the attackers already replaced the data set that was used to train that security AI.

So protection of data becomes even more important. And then the other thing that people don’t really think much right now is When you have your data somewhere in the cloud, and then you do something with that data locally using AI, again, use something, some compiler that pulls data from different data sources and does something with your data.

It means that your data is taken from the cloud, brought to this endpoint. And if endpoint is not fully protected, the data can be stolen or can be modified, and it can be modified on behalf of a user that is accessing the data. And given that AI allows to. It allows people to be very productive. It also allows the bad guys to be very productive and modifying your data and in the wrong way.

That’s why endpoint protection becomes a must. You have to have endpoint protection. You have to have the history of all the events that were happening there. Because the last thing I just want to mention is that it’s not even. It’s not only important to protect the endpoint, it’s not only important to be able to recover, but it’s important to analyze what actually happened.

Because if you had an attack, you want to know how did they get in and what did they do. So backup becomes important piece of security puzzle from the forensic perspective, you want to be able to do forensic because at some point, if somebody is breached, something happens, there’ll be a lawsuit, you want to be protected, or you want to be able to investigate, understand who’s at fault, what actually happened.

Rich: Something you said there struck me as so interesting because I’ve been reading about so called data poisoning as a phenomenon. And, but the context I’ve Come across it in mostly is just companies may be trying to protect copyrights or something like that. And they’ll try to fool a training model or something like that by manipulating data.

I haven’t really read much about it as a security threat, but yeah, as you were talking about, I was thinking, oh yeah, that, that could be a huge huge problem. Very interesting.

Gaidar: Think about it this way, more and more decisions we will be outsourcing to AI. So hiring decisions, who are we inviting to the interview or lenders already using lots of models to make a decision if the, Person is eligible.

A business is eligible to get a loan or not. And imagine, so instead of hacking in and trying to compromise the system, you can actually modify the data in a way that you know how to trick the system when you submit your application. So your fake business will be getting money to some account somewhere in the country where you cannot trace that.

And that is already happening. Now, the scale is relatively small. Because attacks are still sophisticated, but as AI develops, as the attackers develop, they develop the tools that will help them to attack more people, more businesses. So there’s data poisoning. And I don’t particularly like this term data poisoning because it’s it have the connotation that you make something to kill somebody or something, but it’s rather, it’s the modification in the way that you will be getting favorable decisions when you need it.

So that’s a. [00:45:00] It’s a big potential vector of attack, and I would expect that it will be exploding in the future.

Rich: Maybe maybe it’s not data poisoning, it’s data engineering, and there’s malicious data engineering, and yeah, very interesting. That, that’s a great lead in to the last question I wanted to ask about, because I always have such interesting conversations with leaders at Acronis.

About the sort of longer term security issues and threats last time I had a chance to interview Sergei Belousov formerly your CEO. I believe still the chief research officer. We got into like quantum computing and I. O. T. And all these issues. I remember. Talking with him about 5G. Where are you guys at now?

As you look beyond the AI related threats we’ve been talking about more distant threats that could be a big deal two, three years from now. What’s on the radar?

Gaidar: Oh yeah, we do a lot of research thinking about what the future brings to us. So IOT, one good example. It may not be necessary to protect the data on some IOT devices, but you want to protect the endpoints from the access.

Through those IoT devices, and this is where solutions like XDR again, play the role. So if somebody is on the network doing something nasty and you have those events, you understand what’s going on. You can block off that device. You can block the traffic from that device going to the internet and so on and so forth.

So yeah, IoT is a big thing, of course. And then everything related to AI, because We are looking into how can we help our partners and our customers eventually to protect their privacy. So it’s not only about protecting data, but from a modification, but it’s going to protect the data from disclosing the data and with AI, now everybody can copy whatever they have to some window, the chat GPT, and maybe disclose.

Some confidential information and people do. So there, there’s another vector of protection, something like DLP, right? So data loss prevention. So in the past, we were just preventing people from copying files, but now we’re preventing people from disclosing private information. So the privacy is a big thing and application security, of course.

So thinking ahead, we will be expanding. The security offering where it is needed and where it’s important. And for us, we focus on protecting MSPs. We focus on the scenarios for MSPs. We’re not trying to be everything for everybody. We are the cybersecurity or cyber protection that is built for MSPs.

Our key customer, key partner is the MSP. So we want to be the best in the scenarios that are relevant for MSPs.

Rich: All right. And I could do this all day. Honestly, it’s so much fun talking about this stuff with you, Gaidar. I really appreciate you making time for us and sharing your thoughts before we move on.

Where can folks in our audience get in touch with you, learn more about you, learn more about Acronis.

Gaidar: So Acronis is easy. Just Google Acronis. And if you want to reach out, my email is very simple. GM at Acronis. com. And I’m. Open for any feedback comments. And I especially just sit in the stories.

I love hearing stories of MSPs on how they started the business, how they built their business, because recently we started to invest more in what we call MSP Academy education for MSPs on how to do business, how to be more efficient, because that’s what our partners were asking us to help them with.

Because most of the MSPs are technical people. And they don’t know how to do sales and marketing, or they just don’t know much about business. So they asking us to help them and that’s what we’re doing. So if you have any questions, feedback or stories to share, please do.

Rich: All right. Fantastic. Gaidar Magdanarov, president of Acronis.

Thank you once again for joining us. Great conversation. Folks, we’re gonna take a little break here. When we come back on the other side, I will be rejoined by James Kernan. We’ll talk a little bit about this interview and maybe have a little fun, wrap up the show. So stick around, we are gonna be right back.

All

right, and welcome back to part three of the MSP chat podcast. I got you at a disadvantage here, James. I heard that interview, you did not. But I’m just going to call out two things that, that Gaidar from Acronis talked about that I thought were really interesting and see if any any of it sparks a thought with you as well.

And one is I the way he put this, because we’re all familiar with the power of artificial intelligence to improve Our personal productivity or a technician’s productivity. But he said it also, it’s just as good at improving the productivity of an attacker. And so there are a number of different interesting ways in which AI poses a security threat.

But one of them is just that we’re, in the same way we’re getting more done, thanks to AI, so are [00:50:00] they and so that is going to magnify the the threat landscape and threat volumes out there. The other thing he talked about that I just thought was really interesting is he was talking about the ability of AI and attackers who are good with AI to manipulate data.

So if you’re using AI based security software to protect the customer then that AI is drawing in a large language model. It’s trained on the end users data, and if an attacker can manipulate that data, they can actually create a kind of back door essentially for themselves to get in.

By redefining normal and so on. And I, during the interview, referred to this as data poisoning. Gaidar isn’t particularly fond of that term. That’s a whole new threat. I really, AI related security threat. I’d never really thought about before, but it’s one to be mindful of. Yeah. Yeah.

James: A. I. Is very powerful. It’s not just the latest buzzword in our industry. It’s real technology. And just like you guys talked about the good guys use it. And so do the bad guys. And again, back to my initial point of staying connected. In one of the tips of the week. We need to continue to be a champion of being a student in our industry.

We constantly need to be learning right to stay one step ahead of what the bad guys are doing. And our strategic partners are. That’s why vendor selection is so critically important, especially in your security stack. You need to be diligent at vetting out those strategic partners and making sure.

They’re using A. I. aggressively and so those are just some quick thoughts that, that really come to mind, what a fascinating topic. Can’t wait to listen to more of that.

Rich: Yeah. Yeah. No it really is great stuff. And that leaves us, James, with time for just one last thing and it comes to us from New York City.

Talk about going above and beyond, being a sanitation worker in a city like New York. Yeah. Not an easy job not something that people dream about growing up to. It turns out just a few weeks ago, a a woman accidentally lost her wallet. She’s pretty sure it, she inadvertently dropped it in the garbage.

Called up the Department of Sanitation in New York City. They were able to track down the truck that picked up her trash, and the drivers of that truck joined her in plowing through all this garbage in the back of the truck to look for her missing wallet, and by golly, the three of them found it. But kudos, kudos to those sanitation workers.

That’s not part of the standard job description, but they helped out a a citizen in need and I applaud them for it. Yeah. Yeah. I love

James: hearing stories like that, Rich, that people go above and beyond. And I would encourage the listeners today to look for opportunities today, tomorrow, and share those stories with your team.

Read the newspaper watching the news on TV seems like what gets the headlines and sells newspapers of all the negative stuff. There’s horrible things going on in the world, and that’s constantly, it feels like to me, most of the time, that’s what the news is telling us, but these heartwarming stories about doing something good, that just, that warms my heart, and again, motivates me to challenge you guys to go above and beyond, instead of just following your job description to a T, Look for opportunities to make that extra effort.

And I know Rich, you’ll agree with me on this. It goes so much farther. That’s how you create lifelong customers is when you do something like that, that they’re not expecting. And it may be tip of the week. Number two would be get some air tags in that purse. Or your wallet. So that would have helped too.

Yes.

Rich: Yes. Yeah. Good piece of advice there. And you know what you just said before that, James, it circles right back to your first tip of the week. Stay positive, Find those positive news stories, be a positive force for your employees and your customers and so on. I really agree that is for very human reasons and business reasons as well.

That’s just great advice. Folks, that is all the time we have for you this week on the MSP chat podcast. James, for folks who want to learn more about and maybe get in touch with you, where would you direct folks?

James: You can just go to the website at kerninconsulting. com. That’s probably the easiest way to track me down.

Or just look up James Kernan, K E R N A N on social media, all over social media. And like I’ve shared with Rich, I have a heart to help people. So it’s not about the money for me. It’s more about helping people find success. There was a trade show that I was at not long ago.

And someone I’ve never met before, but bought one of my programs. I heard, I heard my name, right? Okay. And Rich, you can relate to this, crowded hallway, a thousand people here, somebody hollering your name, sprinting [00:55:00] towards you, someone you’ve never seen before. It’s Oh my gosh, they’re going to stab me, shank me.

What did I do? And she came up and gave me a hug. And said, Hey, my gosh, I bought one of your programs. I, my husband just divorced me. I was left me this tech business. I didn’t know what I was doing. I was ready to give up and pull the plug in your program, help motivate me not to do that. And I’m so grateful.

Thank you. That’s why I do what I do. Cause it just take that extra step and help people that looking at it that way, to me, that keeps me motivated. So that’s what I want to share.

Rich: What a great moment, you’ve done well for yourself from a business standpoint. But I think everybody, regardless of whatever it is that they do, everybody wants to feel like they’re making a difference in the world.

And when somebody tells you to your face, with that kind of enthusiasm that you made a big difference in their life that’s just great stuff. Yeah, thank

James: you. Yeah, absolutely couldn’t agree with you more.

Rich: Folks, if you are Listening to the audio version of this podcast, but you’re curious to check out the video version We do have a video version.

It’s on youtube. Look us up at msp chat there It’s a part of all the channel master content. We’ve got for you on youtube if you’re watching the youtube version But you’re also into audio podcasts just go to wherever it is. You get your audio podcast spotify. Google apple. You name it You’re going to find us there, wherever it is that you find us.

Please subscribe, rate, review. It’ll help other folks like you find and enjoy the show just as you do. This show is produced by the great Russ Johns. He would be happy to produce the show for you as well. He’s part of the channel master team, and you can learn more about him at RussJohns. com. Speaking of channel mastered, if you want to know more about what we do with the many clients we work with, your destination should be www.

channelmastered. com. So once again, folks, we very much for joining us on the show this week. We’ll be back with another episode for you next week. Until then, please remember, you can’t spell channel without M S P.