What’s Bigger Than Kaseya 365?

Devoted readers know that I regularly—and shamelessly—plug the podcast I co-host these days, which has featured long-form interviews with a string of C-something executives from leading vendors. The episode due out next Friday, in fact, features an interview recorded two days ago with Kaseya CEO Fred Voccola, and though you’ll have to wait a week to hear it for yourself, I’m going to share some of what I learned now.

My last conversation with Voccola (pictured) was in April at the Kaseya Connect Global conference, where the big news was the launch of Kaseya 365, which combines RMM, patch management, antivirus, EDR, MDR, backup, and other features in a single SKU priced, for the time being, at $3.99 a month per endpoint or $1.75 a month for a version without MDR.

Needless to say, those are game-changingly low numbers, so low that a former senior employee of a direct Kaseya competitor was left scratching his head during a conversation maybe an hour after the news broke as he tried to figure out how Kaseya could offer them without losing a whole lot of money. As I wrote at the time, Kaseya’s answer is an obsessive focus on cost of goods sold, an explanation Voccola reaffirmed during the podcast interview.

“It’s hard as hell,” he said. “It’s been 10 years in the coming. A lot of really good engineering work to be able to get our costs down.”

In any event, it’s been about two months since Kaseya 365’s debut. What kind of adoption has it had so far?

According to Voccola, better than anticipated. Over 4,000 partners with more than 4 million endpoints under management have subscribed to date. “I’d love to sit here and say, ‘oh yeah, that’s what we expected.’ I’d be totally full of malarkey,” Voccola says, noting that he might have said something other than “malarkey” if he wasn’t on camera.

Kaseya estimates that Kaseya 365 sells for $10 per endpoint less than the average MSP pays for an average bundle of identical services. Multiply that by the four million devices currently under K365 management, and you get $40 million a month of MSP savings. Multiply that by 12, in turn, and you’re looking at an annual run rate of close to half a billion dollars.

That’s “funny math,” Voccola says, because the $10 a seat number it’s based on is just an estimate. “I don’t know if the number’s a $500 million run rate or $300 million, but it’s huge, and that’s impacting a lot of MSPs for the better.”

Voccola’s more or less happy with the feedback he’s gotten from users so far too.

“There’s things that we could do better, a lot of things that we could do better, and we will,” he says, pointing to onboarding in particular. “A lot of these people, they’re going on the platform and now they have a whole bunch of new things they have to learn how to use.” Kaseya wants to make the process simpler.

Thanks for reading Channelholic! Subscribe for free to receive new posts and support my work.

And now for something even, supposedly, bigger than Kaseya 365

K365 was the big reveal at Kaseya’s last conference. There’s apparently another coming at the company’s next major event, DattoCon, in October.

“It’s a monster, monster, monster announcement,” Voccola says, one that’s “as impactful if not more impactful than the Kaseya 365 announcement for our partners.”

And that’s about as much as I got about it from him, except these small hints:

1.It’ll surprise us. Whatever you think is coming, Voccola suggests, is probably wrong. “People will not be expecting it, and it will change the game again.”

2. It’s the second step of a four-step roadmap to raise MSP profits dramatically. According to Voccola, a typical SMB has three critical service providers: a lawyer, an accountant, and an MSP.

“The average law firm has about a 35% profit margin. The average accounting firm about the same, around 35%. Average MSP, average profit margin’s around 10%,” he says. “That’s wrong. That’s not cool. MSPs are doing much more valuable stuff that’s much harder to do, and their profit margins are less than a third of what lawyers and accountants are.”

The four-step roadmap that began with the launch of Kaseya 365 is about fixing that. “We think that we have the right playbook, the right technology, the right platform where we can get the entire industry to have profit margins in the 30 to 35 percent range,” Voccola says. K365 closes that gap by about 10 points of margin, he continues.

“We’ve got 15 more points to go, and we have a couple more things we think that can help facilitate that.”

3. There’s probably an acquisition involved. Regular readers may recall that Voccola teased me about big news to come at Kaseya Connect seven months earlier during last year’s DattoCon show. At the time, he explicitly said the announcement would not be an acquisition. And now?

“This one may be an acquisition,” Voccola says.

And yes, I asked the question that inspired a thousand Reddit rumors before the K365 unveiling, though I was a touch embarrassed to do so, frankly: are you buying ConnectWise?

“ConnectWise is a great company,” Voccola says. “Jason [Magee, the CEO] runs a great company. Jason’s a great guy. I think they’ve got good stuff there. If we were to buy them, it would be lucky to buy them. If not, they’re a good competitor. We like competing with them. So that’s the politically correct answer.”

Read that any way you wish, but I didn’t think Kaseya intended to buy ConnectWise before and I don’t think they do now. There are clues during the podcast interview that steer us away from that prospect too, like when Voccola says that releasing K365 was bigger news than Kaseya’s acquisition of Datto in 2022.

“Acquiring Datto was an inwardly-facing big event,” he explains. “If you’re a Kaseya employee or Kaseya shareholder, or Datto employee or Datto shareholder, it’s a big deal.” To the degree it saves them money, by contrast, Kaseya 365 is a big deal for MSPs. Whatever’s coming in October will be too, Voccola suggests.

“The announcement will be impactful in a massively positive way for Kaseya partners,” he says. Hard to see how that’s more true of buying ConnectWise than it was of buying Datto.

But hey, that’s just me. You can listen to Voccola yourself here a week from now and draw your own conclusions. Always interested to read your predictions too, at this address.

Nerdio, Pax8, Microsoft, and the channel

I don’t generally cover vendor awards. Winning one is happy news for the recipient but not terribly important for my readers. This year’s Microsoft Partner of the Year awards are a little different, though.

Inspect the winners list and you’ll see Accenture, PwC, Tata, Rubrik, and other industry big shots, just like you always do. You’ll also, however, see two names more familiar to Channelholic readers. Pax8 was named distributor of the year both worldwide and in the Americas. And Nerdio was named commercial marketplace of the year in the Americas.

Joseph Landes (pictured), Nerdio’s CRO, knows just how meaningful the honor is. “As a 23-year Microsoft veteran, I remember judging the awards,” he says. “There’s tons of submissions and there’s tons of people who want to try to win these awards.” That Nerdio and Pax8, given what they do, beat all those others out is a sign (albeit one many partners would dispute) that Microsoft is very interested in selling through MSPs to SMBs.

“Increasingly, there are more and more people that I talk to at Microsoft who are more focused on MSPs than there were four years ago, three years ago, two years ago,” Landes says. “There’s more people that have sort of woken up to the power of an MSP to really drive Microsoft’s objectives in the SMB channel.”

It doesn’t hurt, either, that Nerdio decided back in 2020 to sell exclusively via the Azure Marketplace. “About a year and a half ago, Microsoft put a lot more emphasis on the marketplace internally,” Landes says. “We were kind of perfectly positioned from a co-sell perspective because we had been in the marketplace for a long time, and as a result, we became sort of one of the worldwide leaders in what they call ‘marketplace build sales.’”

Nerdio’s going even deeper with Microsoft too. As we reported back in February, it’s adding integrated support for the Microsoft Defender security suite to its management platform. Some of that functionality has already arrived, in fact, and more will come with every Nerdio Manager for MSP update.

Nerdio’s reasoning for that move mirrors its decision last year to integrate with Microsoft’s Intune endpoint management offering. Partners, Landes says, kept requesting help with that solution, which they wanted to use but found somewhat daunting. The same thing’s been happening more recently with Defender.

“They’re looking at it and saying, ‘well, how exactly should I use this?’” Landes notes. A lot of them also like the sound of replacing a bunch of point solutions with a multi-function security tool included in Microsoft 365 Business Premium licenses.

“There’s a lot of great security solutions on the market, but I kind of think that the psyche of an MSP wants to use what they’re getting already if at all possible. So if you’re getting all this Defender functionality, but you’re not using it because you just don’t know how or it’s too complicated, you’re eventually going to ask that question.”

Right now, Nerdio’s focused exclusively on Defender for Endpoint. That will eventually change, however.

“We decided to start with Defender for Endpoint because that’s a logical place for us as a company that makes the endpoint management side of things easier,” Landes says. “You can imagine that down the road, we’ll look at other pieces of the Defender suite and look to also abstract the complexity of that as well for MSPs.”

Compliance: Still a big need. Still a low priority for MSPs

I wrote last summer about the yawning gap between the need for compliance services and the number of MSPs providing it. I decided recently to revisit the topic and see if that gap has closed any in the ensuing 10 months.

Not so much, it turns out. If anything, in fact, it may be growing. Global spending on GRC technology (as in “governance, risk, and compliance”) will rise at a 13.64% CAGR through 2028, according to Technavio. For purposes of comparison, spending on cybersecurity will grow 9.9% this year in a best-case scenario, according to Canalys.

Investors have taken notice too. According to analyst Richard Stiennon, in fact, they poured more money into GRC any other security tech category last year. Apptega, a compliance vendor we’ve written about here, raised $15 million in April, and Norm Ai (a company conveniently situated at the intersection of compliance and AI) raised $27 million last week. There will be more such transactions, too, for as long as governments care about data privacy and cyberinsurers impose coverage requirements, which is to say forever.

“It’s the blue ocean’s blue ocean that has no end in sight,” says Tim Golden, CEO of GRC vendor Compliance Scorecard.

And yet MSPs still aren’t swimming in it for the most part. “They’re afraid of it,” Golden says. “They’re afraid of what they don’t know.”

They’re not wrong to be fearful, either, because there’s a lot to know. Regulations like CMMC and HIPAA are hugely complex, as are the best practices for complying with them. “Compliance is more than just technology,” notes Maria Scarmardo (pictured), founder and CEO of GRC service provider Praxis Data Security. “There are also the administrative controls, policies, procedures, and processes.”

Get any of that wrong and you’re likely to be sued. Get all of that right and you could end up in court anyway if even one policy-violating end user with PII on their laptop (something 80% of organizations have) loses that device somewhere.

“I can’t make anybody compliant,” says Dave Alton, CTO of Strategic Information Resources Inc., an MSP with offices in Los Angeles and Houston that studiously refuses to provide compliance services. “I can merely facilitate that and make sure they have all the right pieces in place.”

Which is the thing about compliance, Scarmardo observes. “You can’t set it and go.” You have to watch for violations continually and address them promptly. That’s the “G” in GRC, and it’s extremely difficult.

“Governance is huge,” Scarmardo says.

And potentially six-digit expensive to do when you factor in the cost of tools, training, and bringing your own business into compliance with the regulatory mandates you’ll be helping clients adhere to. “It’s a lot more overhead,” Alton notes.

Many MSPs say their customers won’t pay the kind of fees required to cover those costs and make a profit, according to Golden, who suspects the real issue is poor sales technique.

“A vast majority of them don’t know how to have a risk conversation,” he says.


How MSPs interested in offering compliance services can get started

Precisely because compliance is hard, however, it can also be a goldmine.

“In our view, there’s a huge market opportunity that’s going untapped here,” says Robert Hilson, Apptega’s vice president of marketing. “It’s really a way to go to market with a differentiated offering.”

There’s no easy-button answer for seizing that opportunity, but a few basic steps will help:

1. Start small. Regulations are complicated, so rather than cover a bunch of them right away, try mastering one initially instead. “I think that’s a smart idea for GRC,” Scarmardo says. “Get one down and be strong in it first.”

2. Pick a framework, not a law. PCI, GDPR, and regulations like them are complicated and sometimes less than crystal clear. The CIS framework, by contrast? “That’s prescriptive,” Alton says. Do what the guidelines tell you to, and you’re most of the way there. That makes framework implementation and compliance an easier GRC service for many MSPs to deliver.

3. Get a governance tool. “To the extent that these providers are offering compliance, it typically is as an advisory service, and the majority of that work is typically just around the assessment,” Hilson says. You can make money on that service, make more closing any gaps you uncover, and make more still through ongoing governance with help from a solution like Apptega’s, or comparable products from Ascent Portal, Compliance Scorecard, Kamanja, Ostendio, and others. Just make sure not to rely exclusively on those systems, Scarmardo warns.

“Tools facilitate. Tools make things easier. Tools make things even more secure,” she says. They’re no substitute for having at least some in-house expertise though.

4. Get that in-house expertise. You can hire someone with GRC skills, of course, but training an existing employee for the role, though slower, is usually cheaper. “Give them a couple of hours a week to do this work and be the champion and bring everybody else along,” Scarmardo says.

5. Be your own guinea pig. Getting into GRC usually entails bringing your own operation into compliance with relevant laws. That’s a great opportunity to put your newfound skills to the test before trying them out on clients.

“Do the work on yourself,” Golden counsels.

Also worth noting

Holiday weeks tend to be light on news, so I’ve got just two items for you this time:

Pia has a new VP of marketing.

LogRhythm has a new quarterly release with new SIEM functionality and “Machine Data Intelligence” features designed to “drive analyst efficiency and augment the capabilities of security teams.”