Kaseya, CEO Voccola Guiding Congress on MSP Regulation

Kaseya is trying influence lawmakers on the cybersecurity protocols required to fight off digital attackers, according to its CEO.

The cybersecurity and IT management software provider has been putting more time into ensuring that its products and employees are federally certified and able to provide for the needs of federal agencies and small businesses through its products.

The company unveiled a new version of its Kaseya 365 subscription service, Kaseya 365 User, at this week's DattoCon in Miami Beach, Florida. It offers new tools for users to track their endpoints and protect their data. It's also part of Kaseya's efforts to try to protect the personal data of its customers and work with the federal government on compliance and lobbying efforts regarding cybersecurity.

Channel Futures sat down with Kaseya CEO Fred Voccola at DattoCon to discuss Kaseya 365, the company's compliance standard efforts, and its conversations with lawmakers.

Channel Futures: What has been the channel response to Kaseya 365 User so far?

Fred Voccola: We think that Kaseya 365 User will have more of an impact on partners and the MSP community than Kaseya 365 Endpoint. When we launched Kaseya 365 Endpoint in Las Vegas five months ago, the demand was five times more than we thought it would be now. And with the User version, we're seeing the same results here at DattoCon.

Related:DattoCon: SaaS Alerts, Kaseya a 'Great Combo'

MSPs and what they do for their customers is super important. But the challenge is that they run at an average 10% profit margin. There’s a lot of risk attached to that margin. If you lose one customer, you might have to lay people off. What we're trying to do with Kaseya 365 is two things: Charge a lot less, and have so much automation in the platform that will let engineers do so much more in the same amount of time. That will hopefully help engineers not to work 17-hour days. So the business is healthier.

If you talk to 50 MSPs here, 49 of them will tell you one of the hardest problems they have is attracting and retaining their talent and avoiding a technical talent shortage. If you're an MSP and ask your engineers to work all day Saturday, you might keep that engineer for six months. They're gonna say, “Forget this. I'm going somewhere else where I can make a little bit more money and have a regular life.” With the automation we provide, they don't have to do as much. 

This is part of a 10-year discussion and plan that we've had, among other things that we intend to launch to help.

CF: What so Kaseya’s efforts around compliance with federal guidelines look like?

Related:DattoCon: Kaseya Debuts 365 User Version, Buys SaaS Alerts

FV: Getting FedRAMP-approved is a long and expensive process. It won’t happen overnight and it will cost millions of dollars. So why is it important? When you think about the cyber threat landscape and the actors behind it, you realize how politically motivated a lot of it is. A lot of cybercriminal activity was done for political or espionage purposes. For example, the SolarWinds hack wasn’t done for commercial reasons. I call it an espionage-related attack. We've also seen a big pivot in the last eight to nine years to ransomware attacks, where you can make a ton of money with very low risk of getting caught. For a while, it was really easy. ... I think we as a society have smartened up a bit, and we put a lot more layers and a lot more defenses in front of the criminals, and the criminals are incentivized to keep peeling those defenses back and find new ways of getting into it. 

CF:What role did the Solarwinds attack play in sparking congressional regulation?

FV: The SolarWinds hack was a wake-up call for many people on the Hill about the importance of cyberattacks. The realization of the commercial impact that cybercriminals have in our economy is huge. I see as analogous to what some called the “mafia tax” in the U.S., where the inefficiencies and corruptions of organized criminal organizations in the mid-20th century took away 1%, 2% or even 3% of GDP.

Just think about how everyone has to have a cyber insurance policy. Every company spends a lot of money on that policy. They shouldn't need to do that, but they do so. That's like a tax, if you will, all the money people spend on software from Kaseya and MSPs to protect themselves. That's a tax. I think governments in Europe and North America are realizing that small-to-midsize businesses are becoming the No. 1 target. They are the target for it. The reason is that malicious actors think they’re easier. I think it's easier to go after an architecture firm of 50 people as opposed to, [say], Citibank or other large organizations.

You'll hear about the hacks of large companies in the news. You won't hear about the tens of thousands of Americans every day that get ransomed and are small companies. So law enforcement doesn't have the resources to pursue and run down every ransomer.

I think lawmakers in North America and Europe will say, "We're gonna put some standards in place that must be complied with." That won't solve the problem, but it'll manage it. It'll make it much harder for a cybercriminal. And I think those standards will be derivative of a FedRAMP or CMMC protocol.

I don't know if the regulation is going to be “hard regulation,” requiring some sort of protection in the ways that accountants and lawyers are regulated, but it's definitely coming, and I think that's going to be great for MSPs. If you're a 50-person architecture firm, then you don't have an IT department. An MSP can step up and offer those tools without them having to start their department to handle those technological needs.

CF: What role has Kaseya played in lobbying and advocating for these cybersecurity regulations?

FV: We want to be a part of the conversation, because we have a lot to offer. Our MSPs manage upward of 50 million businesses around the world. We see that we have a tremendous amount of data. We also have a vested interest in making sure that those conversations are actually productive. 

CF: How responsive have lawmakers been on both sides of the aisle?

FV: It's actually cool to see. We’re [a few days] from the 2024 presidential election and everyone is really polarized. But this is a topic where you will have the most left-leaning person and the most right-leaning person listening because it affects everyone equally. It doesn't care about your race, your gender or your socioeconomic status. It's bad if people are stealing things, businesses are being massively taxed, jobs are getting lost and people's lives get hurt. I think everyone cares about it.

CF: What role has AI played in your conversations regarding its use in cybersecurity software?

FV: AI is a very overused catchphrase. It's like “cloud” was 10 or 15 years ago. AI is a tool, albeit a pretty powerful tool. But if our technology is going to enable our customers to do 70% more stuff, then bad actors can do 70% more stuff with it as well. 

I do think that we have to be a little bit careful with AI, simply because AI is dependent upon data. If AI is going to be relied upon to automate and replace manual tasks, it's a great tool. But we have to be aware that it is based on inputs and data. So when we think about cyber and AI, we as a society have to be careful, because human beings have a tendency of wanting to take control. Those are two tools that give a very small number of people the ability to influence and control a lot. But that’s what I hope people will start to look at and think about as they look at how AI can affect society.