Andrea Danti - Fotolia
Kaseya has elevated the chief information security (CISO) function to the executive level and hired a former FBI agent to head that office, as the MSP software vendor takes steps to improve security following a ransomware attack in July 2021.
"We need to do better," said Kaseya CEO Fred Voccola. He said the company had already invested heavily in security prior to the ransomware incidents, which affected 57 service provider customers. The additional Kaseya security measures, however, aim to deal with a changing cyberthreat environment.
"We are responding to the realities of the world," Voccola said. "The incentives for cybercriminals are off the charts."
Voccola called the July ransomware experience humbling and noted that, although the cyber attack struck a small number of the company's 37,000 customers, "one is too many."
A new CISO
Kaseya's security moves include hiring Jason Manar as CISO. Manar was previously named to be assistant special agent in charge for the FBI, overseeing cyber programs in the San Diego office.
Voccola cited Manar's experience with information security best practices and access to technologies and techniques many professionals have not been exposed to.
Updated security practices
In another move, Kaseya hired security consulting firms to help the company craft governance policies for security and to develop specific KPIs that can be escalated to the board level for discussion, Voccola said. The governance policies will enforce the company's security priorities, he added.
The current security regimen covers the CISO side, which includes security best practices and governance, risk and compliance duties, as well as product security. Kaseya's CTO heads the latter function, working with the company's security architects to build software in a secure way, Voccola said.
"We are making investments in both areas," he said.
MSP M&A activity heats up
Security will be a continuing theme this week at Connect IT Global, with Voccola planning to address the topic in his Oct. 20 keynote and Manar presenting on the evolving threat landscape on Oct. 22. The merger and acquisition trend sweeping the MSP industry was the main focus of the conference's opening day.
"M&A is spiking," Voccola said.
Voccola noted the company has identified some 2,000 deals in recent years. Slightly more than a third of the transactions involved companies acquiring multiple MSPs or planning to do so, he said. Private equity firms are investing in MSP platforms, in hopes of building larger businesses out of smaller ones.
Voccola, speaking at the event's Oct. 19 keynote, said investors find service providers' margins, recurring revenue, low churn and total addressable market attractive. While many deals have been done, more are on the horizon.
"We are at the very beginning of this," Voccola said of the investment trend.