Kaseya Wants it All
And its Microsoft-inspired strategy for getting it has implications in security and beyond. Plus: ScalePad’s platform play and crisis communication management lessons from the CrowdStrike debacle.
It’s not exactly new information that Kaseya is ambitious. You don’t pour $12 billion into the construction of an integrated, increasingly comprehensive platform of solutions for MSPs, as Fred Voccola says the company has since he became CEO nine years ago, unless you’re pretty ambitious.
You’ve got to be even more ambitious to build something like Kaseya 365, the seamless combination of RMM, backup, antivirus, EDR, and other functions Kaseya has been selling since April at prices low enough to leave at least some people scratching their heads.
Yet I don’t think I fully appreciated just how ambitious Kaseya actually is until an interview with Voccola last week at a conference in Dallas, which touched on ConnectWise’s reportedly imminent acquisition of data protection vendor Axcient. The deal, should it happen, will certainly make a lot of sense for Axcient, I said. After all, as I’ve been writing for a while, it’s becoming hard to imagine a long-term future for standalone BDR companies.
“At a minimum, they’ve got to roll together with a security suite,” I suggested, given that their products are ultimately just part of a layered defense strategy. In fact, come to think of it, given that security is ultimately just part of what MSPs do for their clients, maybe it doesn’t make a whole lot more sense for a security suite to be…
“Standalone?” Voccola asked with a wee smile, finishing my thought. “Exactly. Why would a spreadsheet be standalone?”
There’s a reason he asked that particular question. Voccola (pictured) spoke at length in our interview and during a conference appearance earlier in the day about the degree to which Kaseya’s strategy for K365 and beyond is consciously modeled after Microsoft’s one-time strategy for conquering productivity software. He made his admiration for Microsoft more generally even clearer to me, in fact, during an interview earlier in the year.
“As I’ve said many times, there’s one company in the world that I just have idolized my whole life, and it’s Microsoft,” Voccola told me back in April. “We’re following that playbook.”
Critically, he asserted then and last week, that playbook didn’t rely on superior functionality. You could argue, in fact, that Lotus 1-2-3, WordPerfect, and Harvard Graphics each had richer functionality than Excel, Word, and PowerPoint when the first edition of Office shipped in 1990. Microsoft’s products were all made by one company, though, which could integrate the underlying source code to a degree no collection of standalone vendors could match.
“You could right click on PowerPoint, insert a table, and that table is Excel,” Voccola says. For knowledge workers, who by nature are multi-function professionals eager to perform a core set of tasks as efficiently as possible, the productivity gains made possible by features like that were far more valuable than any Lotus or Harvard Graphics feature not available in Excel or PowerPoint as well.
Put differently, as Voccola sees it, what Microsoft taught the world is that integration trumps functionality for knowledge workers every time. Kaseya is now trying to prove the same is true for technicians, and for similar reasons.
“If you look at an RMM or you look at an EDR or you look at an MDR or you look at antivirus, these things are commoditized,” Voccola says, adding that the average tech only uses 5% of the functionality in those products anyway. What sets one system apart from the other isn’t functionality but the degree to which they enable seamlessly connected workflows that in turn enable techs to get more done in less time for the same pay. That’s why Kaseya has been relentlessly rolling out what it calls “workflow integrations” across its growing portfolio ever since it began acquiring companies like Unitrends, IT Glue, ID Agent, and Datto in 2018.
It's also what gives the company a decided advantage over competitors, according to Voccola—and watch the example he cites here very carefully.
“SentinelOne’s a great company,” he says. “I can’t think of anything SentinelOne does that our customers want that our product doesn’t do.” On the other hand, he can think of a few things his customers want that SentinelOne can’t do.
“You can’t receive alerts into a managed SOC from SentinelOne,” Voccola says. “You don’t have integration with RMMs where it’s all done from one place. You don’t have all the documentation of your security inputs and outputs automatically captured in your IT documentation solution.” So why, by implication, would an MSP buy SentinelOne’s software?
A lot of people reading this will have a ready answer to that question, but the question itself reveals the full scale of Kaseya’s ambition. Voccola isn’t gunning merely for the likes of ConnectWise, N-able, and NinjaOne. He’s got SentinelOne, Acronis, and Trend Micro in his sights too.
And even that may just be the beginning. Kaseya, like Microsoft, is coming for all of it.
The ConnectWise connection
At this point, Channelholic readers with an especially good memory may be musing over the fact that late last year I likened Kaseya to Microsoft rival Oracle in a post that likened ConnectWise to Microsoft.
And yes, I’m forced to admit the irony of those analogues but stand by my larger point. ConnectWise’s strategy for winning the hearts and minds of MSPs, like Microsoft’s strategy for winning the data center once upon a time, leans hard on an extended ecosystem of third-party integration partners (latest evidence here). Kaseya’s strategy, like Oracle’s before it, relies principally on selling MSPs most of what they need to run a business all by itself.
It's a significant contrast, yet what strikes me more at the moment is just how similar the two vendors are despite that difference. Both, for starters, believe fervently that the future belongs to platforms versus point solutions.
“Historically,” Voccola said last week, “the market has always shown the platform wins because the platform solves the biggest problem.” ConnectWise CMO Angus Robertson, I’m sure, would concur.
Both vendors also believe that MSP platforms must be integrated, in no small measure because hyperautomation technologies like AI and RPA can fulfill their labor-saving potential only in an integrated environment.
“Integration is the name of the game,” Voccola says. “It’s an essential component for an automation to even be possible.”
Where they differ (and where N-able sides squarely with ConnectWise) is on whether the kind of integration MSPs need is possible when the platform provider has only partial control of the stack. ConnectWise believes going to market successfully with “best of breed” vendors is not only possible but necessary. Kaseya doesn’t believe best of breed exists.
“It’s a self-promoting term in mature spaces used by single product vendors to try to differentiate themselves and justify their inflated costs,” Voccola says.
We’ll get our next look at how that thinking plays out in action (the second in an eventual series of four that began with the Kaseya 365 launch) just a few weeks from now at Kaseya’s DattoCon conference.
ScalePad is running a platform play of its own
Kaseya isn’t the only company with interesting parallels to ConnectWise these days. ScalePad fits the bill too.
You may have seen that former IT Glue CEO Chris Day (pictured) has replaced Dan Wensley as ScalePad’s CEO, about 15 months after becoming the vendor’s chief product officer. Wensley, a channel veteran with roots in the managed services world extending back to senior roles at early RMM vendor Level Platforms, will serve as an advisor going forward at Top Down Ventures, a VC firm focused on SaaS startups for MSPs that Day founded in 2013, and that helped kickstart ScalePad’s somewhat remarkable transformation.
Wensley oversaw that process. The company was called Warranty Master and did one thing—hardware asset management—when he arrived in 2019. It rebranded the next year before making a series of acquisitions (with financial support from private equity firm Integrity Growth Partners) that included BDR automation vendor Backup Radar, GRC vendor ControlMap, and most recently “quote-to-cash” vendor Quoter.
“When he joined us, we were a pretty small company,” Day says. Today, ScalePad has over 200 employees and 12,000 partners. It’s also ready, Day continues, to begin a new chapter with a fresh, more technical leader and a vision to consolidate the data ScalePad’s various holdings collect in a central database called ScalePad OS.
“Backup Radar has data that’s very useful if you’re doing vCIO activities,” he says. “ControlMap has compliance status information that’s also very useful if you’re looking at backups.” Pooling their data in a single place will free ScalePad from the “spider web of integrations” it would otherwise have to create, and position its partners to build AI and other apps of their own.
“A big part of our vision moving forward is ScalePad the platform, not ScalePad the product,” Day says.
If you’ve made it this far in the post, that concept will have a familiar ring to it. And if you’re a Channelholic regular, you’ll also appreciate how similar it is to what ConnectWise is doing with its Asio platform, which features a centralized data layer and rich library of platform-as-a-service APIs for other software makers to leverage.
In fact, platforms with pooled data are starting to feel like a trend, for reasons that align neatly with two others we’ve been covering here lately:
MSPs want fewer vendor relationships, which makes accessing lots of data from one source more appealing.
Databases are a core element of the infrastructure required to make AI tick.
Both of which suggest that while MSP platform providers will be well situated in coming years, MSP platform providers with federated data will be really well situated. ScalePad is quietly making its way into that club.
“We’re going to make heavy investments all over the place to do that,” Day promises.
Learning from CrowdStrike
Evan Nierman can speak with authority about the recent CrowdStrike update debacle for two reasons. The first is that it left him stranded in Salt Lake City overnight after his flight home was canceled.
“I ended up sleeping on the floor of the airport,” he says.
Nierman is one of millions affected by what has been called the “largest IT outage in history.” Except that it’s far from history for CrowdStrike itself, which faces Congressional hearings and massive lawsuits in the months ahead.
“It’s a great case study in terms of how not to roll out an update,” observes Nierman.
It’s also an object lesson in something many vendors and channel partners will eventually confront: handling a massive security-related PR calamity with expensive, potentially existential implications.
Which gets us to the second reason Nierman (pictured) is an authoritative source of insights on the incident. He’s founder and CEO of Red Banyan, a strategic communications consultancy with a specialty in crisis response, as well as author of two communications books. He and others I spoke with have eight useful tips to heed when—not if—it’s your turn in the hot seat.
1. Be prepared. Coping with a security incident is unavoidably painful, but a little advanced planning can make it a touch easier, according to Karen Tran, a principal analyst and B2B communications expert at Forrester who recommends having a detailed crisis management plan—or better yet several of them—ready to go when needed. “You’ve got all these potential crises that could happen, and you need to think through all of those scenarios,” she says.
Each plan should specify who your spokesperson will be and include customizable communication templates. “That’s key,” Tran says. “You want to have content available already written to address potential scenarios.”
Practice your plans via tabletop exercises too, Nierman advises, and make sure anyone who will be speaking with the media is thoroughly trained ahead of time. “You’re going to want to rehearse high-pressure interviews,” he says.
2. Communicate quickly. Contrary to cautious, widely held instincts, it’s nearly impossible to speak up too early about a breach or other incident. “A mistake that a lot of people make is they feel like they need to know everything before they say something, and that’s not really the case,” Nierman says. “There’s nothing wrong with saying we don’t have all the answers, but we’re going to get them for you and we’re going to come back to you.”
Indeed, not doing so could make a bad situation worse, according to Tran. “If you don’t say something, if you don’t do the communication, others will be communicating about the situation and about your brand and about your organization,” she says. “That’s where misinformation or disinformation often happens.”
3. Tell the whole truth and nothing but the truth. Tran praises CrowdStrike for being clear and candid during the outage. “They shared honestly and transparently what they knew and what was most important,” she says. They were also careful to confirm what they said before saying it.
“Speed is important, but you also want to make sure that the information that you’re sharing is accurate,” says Tran, who notes that sharing inaccurate information can do unnecessary harm to an already battered reputation.
4. Be consistent. Current or potential victims of a security incident are going to have more or less nonstop questions about where things stand until the situation is resolved, so providing updates not just quickly but repeatedly is critical. That’s the biggest regret Brian Weiss, CEO of ITECH Solutions, a San Luis Obispo, Calif.-based solution provider and MSP, has about an ordeal he endured in 2018 when 35 of his customers were driven offline for as much as two weeks by a breach of his RMM solution.
“We weren’t being proactive enough with communication because we were overwhelmed,” he recalls. “When our clients were back up and running, the biggest feedback we got from everyone was we wish you would have given us more regular updates.”
5. Take responsibility. Don’t let fear of lawsuits keep you from taking accountability for what went wrong, Tran warns. “This is what happened. We are responsible for it. We’re going to address it,” she says. “That’s the first step to rebuilding trust.” CrowdStrike CEO George Kurtz’s blog post, published hours after disaster struck, sets a pretty good example.
6. Express empathy. Nierman spent a night at the airport, but it could have been worse. Others affected by the CrowdStrike shutdown, he points out, missed weddings and funerals. Sympathizing with them in your communication is a simple act of decency that can reduce long-term harm to your brand.
“These are people on the other side receiving that information,” Nierman observes. “It’s really important to humanize your communication.”
7. Take care of yourself. Recovering from security crises typically takes a while. Making time along the way for food, rest, and exercise will keep you mentally sharp and healthy. That’s a lesson Weiss, who relied on alcohol to relieve stress during his crisis instead, learned the hard way afterward. “I spent a month in rehab,” he says.
8. Follow through. Don’t let up when the worst is behind you. Winning back respect from customers, partners, and the public after an incident will take time and effort.
“Rebuilding can and must begin right away,” says Nierman. “If you go quiet and don’t consistently engage publicly, and you don’t try to shape how people see you, then you’ll end up being defined by your worst day.”
Unless, of course, you don’t survive long enough to have better ones.
Also worth noting
The guard-changing at TD SYNNEX continues. In addition to a new CEO, the distributor has a new president of North America, Reyna Thompson.
Prasad Gune is the new chief product officer at Egnyte.
Kara Sprague is the new CEO at partner-hungry HackerOne.
The new CEO at High Wire Networks is Edward Vasko, while Mark Dallmeier is the new CRO of the company’s Overwatch division.
Auvik has added a new troubleshooting tool based on network path visualization, a new monitoring agent for ARM64-based hardware, and an updated alerting engine to its network management solution.
Veeam has added zero-trust, multi-layered immutability options to Veeam Backup for Microsoft 365.
Speaking of Microsoft, it’s selling Copilot through members of its cloud solution provider program at a promotional 15% discount.
Proofpoint has a new information protection framework for DLP deployments and Digital Communications Governance solution.
Bitdefender has a new security solution specifically for YouTube creators and influencers.
I missed this last week: CISA has a new voluntary incident reporting site.
Check Point has a new portal for its MSSP partners.
Hewlett Packard Enterprise partners can now deploy applications in its Private Cloud AI offering with a single click.