Datto CTO has seen MSP security awareness rise

Even before the Kaseya ransomware attack highlighted the risks that managed service providers (MSPs) face, the question of security was at the forefront of many minds across the industry.

Speaking to MicroScope before the Kaseya attack, Bob Petrocelli, chief technology officer (CTO) at Datto, said security was front of mind for the customers and firms that managed service providers rely on.

“The risk climate has changed fairly dramatically since 2016/2017 for MSPs. Data suggests MSPs are now viewed by bad actors as potential entry points into a lot of businesses, and therefore are being targeted,” he said.

He pointed to a dramatic rise in ransomware attacks, along with an increase in the average size of ransomware being paid, but added that this had been accompanied by increased awareness.

“[MSPs] are reaching out in increasing numbers for help with security frameworks and understanding their risk, and they’re investing more in data protection,” he said.

Petrocelli said Datto had been advising MSPs to invest in people, rather than simply reselling products. “They have to invest in a process. They have to understand what ‘good’ looks like in terms of their own processes,” he added.

“The good news is that there are ways to reduce your risk surface, to make yourself a much smaller target, and there are certain practices that allow you to protect your clients. But they do require investment, and sometimes they require investment in areas where MSPs have not traditionally invested or had conversations with their clients about it, and there’s some reluctance to have security and risk conversations with clients,” he said.

“We are on a multi-year journey with our MSPs to help them understand their security posture and provide them with better tools and better knowledge about what good practices look like,” said Petrocelli.

The focus on security comes at a time when customers are putting more data in the cloud, and Petrocelli said MSPs were also trying to help customers reduce risk on that front and were recognising that automation could help drive cloud migrations, with more tools emerging that would make life easier for the channel.

“The same security issues apply whether you’re on-prem or in the public cloud. Public cloud does not magically make that go away, it just allows you to be very consistent if you solve it,” he said.

Meanwhile, Kaseya restored its services over the weekend and is now looking to get things back to normal. In its latest update, the firm stated: “We released the patch to VSA on-premises customers and began deploying to our VSA SaaS infrastructure prior to the 4.00pm target [on Sunday]. The restoration of services is now complete, with 100% of our SaaS customers live.”