MSP Summit is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Kaseya’s Voccola: MSPs, SMBs Must Take Cybercrime, Compliance Seriously

Kaseya Fred Voccola at Kaseya Connect 2024

With the launch of Kaseya 365 at is Connect event, Kaseya CEO Fred Voccola said “everything we’ve done over the past decade has led us to this moment” and hailed it as a “monumental game-changer.”

Channel Futures sat down with Voccola after his Kaseya Connect keynote address in Las Vegas to discuss Kaseya 365. (It's a busy year for Voccola, who also will be on stage at The MSP Summit, Sept. 17, for a Channel Futures Exclusive Editorial Interview.) We also talked about the dangers he sees lurking for MSPs and SMBs from cybersecurity and coming government regulation. These two issues are important to Voccola — Kaseya was a victim of a 2021 ransomware attack, and he has spent a lot of time with lawmakers discussing regulation.

Channel Futures: What makes Kaseya 365 the biggest thing you’ve done?

Fred Voccola: It changes the unit economics of the MSP industry permanently, in a massive way. If you take the most common assumptions, you'll find a typical or an average MSP is doing about 15% profit margin. The amount of revenue that an MSP gets per endpoint, if you measure it that way, is about $100. So that means they're making about $15 of profit per endpoint. With Kaseya 365, they're making between $22 and $25 in profit per endpoint. MSPs are now among the most profitable companies, the most profitable business service providers in the world, whereas before, they were at the low end.

The second thing is this: Because the unit economics have changed, MSPs no longer have to make the almost impossible choice of providing an incomplete security stack to their customers, who might be too cheap or too shortsighted to pay for it. That’s because MSPs now can provide the security kit required and not charge the customer, and still generate the margins that they need to run their business. It literally changes everything.

CF: What does the price drop do for Kaseya’s profit and economics?

FV: I'll tell you in a couple of months [laughs]. We're very blessed and lucky to have a highly skilled engineering group. For the last 10 years, we've been integrating these technologies together, building the automations for them to work together and working vigorously to make sure that our cost of goods sold (COGS) for our software products are incredibly low. So we can afford to do this and still make the kind of profits that we need to make so that we can continue to invest in building the best kick-ass products in the world. We got our COGS down to a fraction of what our competitors’ COGS are for the same functionality.

CF: You have a wide range of technologies and integrations now. Do you still have an M&A shopping list?

FV: Oh yeah. I’m not necessarily going to tell you what it is, but we've made several [unannounced] acquisitions already. Often, we don't announce an acquisition right when we buy it because we want to make sure that we don't disrupt the business and what makes the business great that we're buying. I think it's a safe bet that Kaseya will do two to three acquisitions a year.

We’ll continue to be very acquisitive in two areas. One is cybersecurity, of course. And there’s a big reason for that. The bad actors have massive financial incentives to innovate like crazy, because they can make a ton of money with it. It's a perfect storm for cyber criminals. Law enforcement has limited resources; it’s not their fault. They do great job. The FBI is awesome. We worked with them when we had our incident. But they have a tough job because they have [fewer] resources than the bad guys.

So what we're seeing is the cyber actors are now moving their focus to small-to-midsize businesses because they perceive them as being less protected. If you get an $80,000 or $120,000 ransom ... law enforcement is going to pursue the $20 million ransom, not the $80,000 ransom. And the cyber criminals know it. They're using AI and other types of force-multiplying technologies to get better at their attacks. So we as the defenders need to get our butts in gear and get super aggressive to make sure that we're staying ahead of that. You'll see us investing substantially in R&D to make sure that the defensive posture that we can give an MSP is super kick-ass.

CF: How can Kaseya help stop the bad guys?

FV: We’ve tried to make it really hard for them with our platform. Cybersecurity defense is very expensive. In Kaseya 365 we're providing everything required to manage a secure backup environment. We include antivirus, patch management, EDR, MDR, managed SOC capabilities, ransomware rollback. And we include free backup on every single end point. We charge $3.99 per endpoint [a limited offer before it increases to $5.25] for all that when the market’s charging $9-$25 for that. So by making it affordable for the masses, everyone can use it.

CF: What’s the second area you’re investing in?

FV: Compliance. The mood in Washington, Brussels, London, Sydney, is a mood for enforcing compliance regulation for small to midsize businesses in terms of cybersecurity. That’s the mood, and it should be. I understand that; it makes sense. So MSPs are going to have to get their customers compliant with the standards, and then demonstrate to the appropriate standards bodies that they are in fact compliant.

That's the fastest growing business we have right now. That's an opportunity for MSPs, but it’s happening now. It’s not happening in five years. I'm concerned that the MSP community as a whole is on their back foot a little bit. We as a community need to start being more aggressive in terms of how we respond to this.

CF: How can Kaseya help with compliance?

FV: In our IT Complete platform, we have a whole suite called our Compliance Suite. We have a module called Compliance Manager, a module called Compliance Manager GRC, and in a couple of months we will be releasing an enhancement to that called Compliance Manager Monitor and Remediate.

CF: So you think the products and technologies are there, but you have to get people to take it seriously enough to adopt it?

FV: It's not that the MSPs don't adopt it. It's when regulation happens, it's going to happen fast. Like, one day it’s not there and the next day it’s there. That means that there are a whole new set of things that must be done to comply. There's normally a lead time that an organization like an MSP requires to build up their ability to do things. We want to make sure that MSPs are thinking about it now. FedRAMP is going to be really interesting. It's going to come as a shock to a lot of our MSPs out there; some businesses will be shut down if they're not FedRAMP compliant.

CF: What is Kaseya’s AI strategy?

FV: AI is a great tool. But what does that tool exist for? To build automation. We have our Cooper intelligence engine, which is our AI engine. That engine ingests data from more than 1 million people using our products every day. And Cooper uses the billions of pieces of information that come from how our individual components and technologies are used; all the metadata that gets spit out. Cooper processes all of this data to identify what to create, and to build the roughly 250 out-of-the-box pre-built work workflow automations that exist in our platform. The Cooper engine is the engine processing everything for IT Glue Copilot.