ARN

MSPs seek efficiency as compliance and security concerns rise

Challenges and opportunities abound.
  • Leon Spencer (New Zealand Reseller News)
  • 04 March, 2022 10:35
Mike Puglia (Kaseya)

Mike Puglia (Kaseya)

Compliance and security are two of the most prominent issues among managed service providers (MSPs) and their customers, according to new findings by Kaseya.

The unified IT management and security software vendor’s latest MSP research report, the 2022 MSP Benchmark Survey, also suggests that MSPs are on the hunt for greater efficiency through integrated solutions.

Indeed, 64 per cent of MSPs surveyed by Kaseya in its global study said that integration among core applications, including remote monitoring and management (RMM), professional services automation (PSA) and IT documentation software, is either critical or very important to them, with 78 per cent stating that this integration helps drive bottom-line profits.

Meanwhile, regulatory compliance is becoming a bigger pain point for MSPs’ customers, the research found, with the ever-evolving compliance landscape being a significant challenge for small- to medium-sized businesses (SMBs).  

Roughly 74 per cent of MSPs surveyed by Kaseya stated that their customers struggle to meet regulatory compliance requirements.  

As such, MSPs have been stepping up to help their customers navigate the increasingly complex compliance landscape, with 75 per cent of respondents either offering, or interested in offering, compliance services.  

To quantify the prominence of compliance challenges around the world, 41 per cent of MSPs said they had clients that were required to comply with the Payment Card Industry Data Security Standard (PCI DSS), while 27 per cent had to comply with Europe’s General Data Protection Regulation (GDPR).

While vendor-driven industry research should often be taken with a grain of salt, given the intrinsically self-serving nature of many such reports, Kaseya’s findings appear to cut to the core of the MSP experience in the wake of the global pandemic.

For example, cyber security concerns, already an area of rampant growth, have risen exponentially since the onset of COVID-19. Kaseya‘s research confirms this, with MSPs indicating they are feeling increasingly concerned about the cyber security landscape, especially in the past 12 months.  

Kaseya’s findings suggest that 50 per cent of surveyed MSPs claim their business is more at risk to cyber crime compared to one year ago, which is an 11 per cent increase from 2021’s data.  

And for good reason: almost half of MSPs reported that a significant portion of their clients fell victim to a cyber attack within the past 12 months.  

On the upside, although cyber security is a significant concern for MSPs, it’s also been a revenue driver, with Kaseya’s research finding that 50 per cent of MSPs evaluate the threat landscape quarterly to add new service offerings for their organisations.

Moreover, the rush to remote work has provided a wealth of opportunities for MSPs and this looks likely to last. The pandemic appears to have permanently reshaped the work environment, with 22 per cent of respondents stating that remote workforce setup was the top service requested by their clients.  

Remote work is also seen as a significant pain point for MSPs’ customers, with 36 per cent of respondents selecting it as one of the top three IT problems for clients in 2022.

In terms of demand, remote work was followed by cloud migration, another area of rapid growth with 21 per cent of respondents noting this was the top service requested, and business continuity, claiming 13 per cent.  

“There’s an increased need for the security, business continuity and disaster recovery (BCDR) and remote work support services that are driving revenue growth for MSPs and we expect the demand for these services to continue in 2022 and beyond,” said Mike Puglia, chief strategy officer at Kaseya.  

“Efficiency continues to be a top priority for MSPs, with more than half saying integration among core applications is either critical or very important to them,” he added.

But even if opportunities abound, it hasn’t all been smooth sailing for MSPs.  

“With COVID-19 continuing to affect everything from global logistics to the work environment, it’s no surprise that 76 per cent of MSPs said the pandemic affected their ability to expand services within their customer base,” Puglia said.  

Other challenges have surfaced in line with the pandemic, with supply chain issues and hiring two major challenges MSPs expect to face in 2022.  

Around 92 per cent of MSPs surveyed have had supply chain issues impact their ability to sell solutions while 19 per cent said hiring would be their primary challenge in 2022— a 15 per cent jump from 2021’s data, Kaseya claimed.

However there remains plenty of untapped potential for MSPs to focus on, according to the vendor. For instance, active incident response plans are still a major need for MSPs’ clients. Though the threat of cyber attacks continues to grow, only 4 per cent of respondents said that 100 per cent of their client base has an active incident response plan.  

About half of the respondents reported that only 25 per cent of their clients had an active incident response plan, with 8 per cent of MSPs stating that none of their clients had an incident response plan in place.

At the same time, most MSPs are testing their disaster recovery capabilities, but frequency varies. Kaseya’s 2022 survey found 30 per cent of MSPs simulate disaster recovery capabilities quarterly, 25 per cent test annually and 9 per cent test monthly — with 15 per cent admitting that they never test, a somewhat ominous finding.  

In an era of accelerated merger and acquisition (M&A) activity among the channel landscape, it should come as little surprise that plenty of MSPs are thinking of buying or selling.  

Kaseya’s research found that, in addition to the focus on key services for their SMB clients, many MSPs are actively surveying the landscape and assessing their readiness to buy or sell, with nearly 36 per cent of respondents planning to sell or acquire within the next 24 to 36 months.

Kaseya's latest report comes less than a year after Kaseya was attacked by notorious Russia-linked ransomware group REvil in July 2021, the incident estimated to have affected up to 2000 global organisations, including MSPs around the globe.

REvil targeted a vulnerability (CVE-2021-30116) in a Kaseya remote computer management tool to launch the attack, with the fallout lasting for weeks as more and more information on the incident came to light.

The event served as a reminder of the threats posed by software supply chains and sophisticated ransomware groups. Following is a timeline of the attack and the ramifications for the affected parties based on Kaseya’s incident update page and other sources.