“I’m baaack!”
That’s how Arnie Bellini, founder and former CEO of ConnectWise, and now head of venture capital firm Bellini Capital, started his keynote at the Right of Boom cybersecurity conference last Friday in Las Vegas.
If attendees were expecting an announcement (and surely many were) on his next move now that he’s free of his noncompete from selling ConnectWise, that didn’t happen. Bellini did, however, offer his perspective on the still-untapped opportunities MSPs have in cybersecurity and compliance and the challenge of trying to manage the plethora of tools in the market. He also touched on the MSP-focused security, compliance, and AI investments Bellini Capital has made over the last five years.
If you were to read between the lines, you may get a sense of direction for what’s next, but how it plays out only time will tell.
MSPs Are Defenders Of Our Digital Borders
MSPs, Bellin told attendees, have the higher purpose of “defending of the digital borders of your nation. … Every single company in your nation state needs to be protected because what you’re really talking about here is protecting the gross domestic product of a nation state. … If these companies are hacked, the gross product goes down, profitability goes down, the economy goes down, which means society starts to decline. We don’t want that.”
He continued, “It’s more important for us to protect our digital borders than it is for us to protect our physical borders because our digital borders are being overrun by [bad] actors every day. And these are great things to discuss with your clients.”
Robert Cioffi, co-founder and CTO of Progressive Computing, an MSP in Yonkers, New York, and emcee of this year’s Right of Boom, says he totally agrees. “First and foremost, one of our missions here is to make sure that we’re protecting our customer’s profit. … Because that’s what a business is all about.”
The Opportunities
The cyber crime economy continues to grow, Bellini stressed, which “is a compelling reason for all of us to get out there, make sure that our clients are covered. It’s a national imperative.”
It’s also a compelling reason for MSPs to raise their prices, he said. “Make them [clients] realize, by the way, ‘You need to start paying the extra $50 to $150 per seat so that I can make sure that you’re in compliance. If you’re in compliance, the likelihood of you being hacked has gone way down.’”
For Right of Boom attendee Ed Correia, president and CEO of Sagacent Technologies, the message about untapped opportunity resonated: “I really think the vast majority of our industry doesn’t provide all of the security [that’s needed],” he says. “They don’t articulate the dramatic risk that businesses are under. They do not clearly demonstrate to their clients that they’re not able to do everything, and they leave the clients with the impression that they’re in good hands because the MSP is going to be able to do everything. That’s just ridiculous. If we’re going to do everything, it needs to be clearly communicated with the customer and they need to pay an appropriate price. IT managed services is one thing and there’s one price. But as you begin to do more and more in the cyber realm and the compliance realm, if we’re going to do it well and use the products and have the people, darn it, we’re going to have to charge for it.”
Attendee Ann Westerheim, founder and president of Ekaru, an MSP in Westford, Massachusetts, adds, “He was painting a picture of this market’s just about to enter mainstream, when he talked about the total addressable market being so much bigger than what’s currently been addressed.” Rather than just focus on the threats out there, she notes, Bellin pointed out that “there’s also a tremendous opportunity around the corner as well.”
Correia does take some issue with Bellini’s notion that all MSPs are capable of offering advanced cybersecurity and compliance, however. “I think you really have to think about if you’re going to do this, you need to make a big commitment. I know a number of companies that do this and do this very well, but the vast majority of MSPs I see trying to do this, what’s the phrase, lipstick on the pig? They’re not doing it well.”
In addition, Correia says, MSPs should expect to face more lawsuits when a client is breached. “These clients believe that we have them covered, and if we do not make it clear, and in my case, I get signatures that I have informed them of these things, we should expect to be sued. And I keep talking to MSPs who are not carrying cyber liability insurance. You’ve got to have that. This industry is growing up, and we just don’t have a lot of space for cowboys anymore.”
Bellini’s keynote stressed that all companies should have cyber insurance, which means that all businesses will need to comply with cyber insurance requirements, an opportunity for MSPs.
Silos Of Chaos
A problem for MSPs, Bellini noted, is the proliferation of tools MSPs have to manage. “Forty-plus applications, that’s the average of number applications that you are using …. Let’s add security operations. Those of you that are mature … are adding [other applications for cyber] security. So let’s say you’re doing all of this, and you’ve got 40 to 60 applications that you’ve got to somehow, with baling wire, duct tape all these things together. That’s not going to happen. That’s really the ranking version of the silos of the chaos. The data’s in separate places, the information’s in separate places, the applications are separate. This is the challenge that we have.”
“He’s 100% right,” says Cioffi. “There are too many choices out there right now and it’s difficult for MSPs to be able to discern what the right tools are. And I think that’s where the discussion has to go back to frameworks and methodologies and standards like NIST, like CIS controls, to [use] those frameworks to help us design cyber protection plans for our customers. … Unfortunately, the world that we live in typically starts with the shiny objects and the tools.”
The AI Play
According to Bellini, “Artificial intelligence is the answer that’s really going to get us past this problem,” and has a huge role to play in cybersecurity too.
One of Bellini’s investments, Nine Minds, has rolled out an AI tool for improving IT service management. But founder and CEO Robert Isaacs, former chief software architect at ConnectWise, said the company has plans for a wider reach, in a conversation with MSP Success in January.
“We want to be everywhere the MSPs are,” Isaacs said. “So, every major tool that they use. A lot of MSPs don’t use products necessarily from the same family of products from the same vendor. They kind of mix and match and the APIs allow that to happen. We want to do that as well. We want to support all the different products and bring them together in a centralized [intelligent] place where we can ask and answer questions. So, you can imagine that the engineer asked a question and we’re pulling information from all of these disparate data sources.”
Don’t Forget The Basics
Cioffi believes AI will be important, but won’t replace the basics of cybersecurity. “We can’t get away from the basics. And in my mind, any solution involves three major elements. It’s technology, it’s people, and it’s process. AI is not going to replace process and people. … . So while I’m hopeful that AI tools will enhance our ability to serve customers and be more efficient, maybe even reduce risk, drive greater profit, I don’t look at it as a panacea, not by a long shot.”
Westerheim, too, said a focus on the basics is critical, adding that it was her biggest takeaway from the Right of Boom event. “Configurations, patching, good 365 deployment. A lot of the basics are extremely important. Maximize what you’re already doing. … Make sure you have that locked before you keep moving on to new things, new territory.”
Cybersecurity Is a Journey, Not a Destination
MSPs have an important role to play in cybersecurity, as Bellini noted, but MSP customers need to be on board too, Correia says. “We want to save as many businesses as we can. We can’t save everyone. You have to let their own psyche or their concern about these things be the guiding principle, whether you’re going to do everything you possibly can to support them.”
Cioffi adds, “I think a lot of us have been feeling overwhelmed in the last couple of years. But I think we’ve come to a point of acceptance of understanding that cybersecurity is a journey, and it’s OK that we’re not perfect as long as we’re working toward making things better every day.”
And while MSPs are working to make things better, Bellini reminded them at his conclusion: “I know you can double your revenue. You can double your valuation. You can reduce your risk. The numbers are there, the opportunity is there. There’s no reason for you not to.”
