2022 predictions include more cloud offerings, more breaches

Assessing the accuracy of 2021 predictions

Dave Sobel: I made my first round of predictions as an organized series to close out 2020, and then I made predictions for 2021. I'm going to continue those with some 2022 predictions, but unlike many other predictors, I'm also going to annually revisit my predictions to discuss what I got right and what I got wrong. I think the accountability, and the discussion of what actually happened, will be valuable, too.

Let's run through the set.

First, '2021 won't be cheery. Thus, I'm predicting a difficult SMB marketplace for at least the first half of Q1.'

I'm going to declare this a big winner. 2021 was rougher than many thought it would be when measuring around the reopening of the economy and a return to normal. The Delta variant rained on our parades; the chip shortages are dragging on and will continue to do so; and inflation and 'skimpflation' are factors this year. Oh, and Omicron.

Now, that doesn't mean it wasn't a year for providers. In fact, in looking at some of the new figures from Service Leadership on solution provider profitability, I think it's safe to say that providers are managing. The number of businesses struggling remains about where it normally is: 25%. But I'm going to say I was right on this one.

'Criminal negligence charges will begin to be filed against those who fail to effectively handle cybersecurity at the SMB level.'

I believe my prediction is right, just hasn't happened yet. The landscape is really there for this. Insurance isn't covering everything and will be looking for ways to find those responsible when they reenter the market. Coverage is reducing dramatically, and even having coverage can make one more of a target.

So, this is a big 'not yet.' I'm going to roll this one over and keep tracking.

'In 2021, there will be a disruption in the MSP space, particularly around the tools providers, because there's a market gap.'

I'm going to say I was right here but not quite for the reason I thought it would happen. The Kaseya breach sent a ripple through the market and showed the gap is in protection. The tools providers are an attack vector. This is something the market was told, dating back to 2018, and shown clearly in evidence by the attack. Now, it would be simple enough for me to declare victory here. I think that's cheap because the actual disruption happened in smaller ways.

First, Atera launched automated ticketing in their product. Atera Plus uses artificial intelligence and natural language processing to 'read' tickets from end users and technicians, classify them, prioritize them and route them for response, including an option for ticket deflection, which resolves mundane work automatically. The smaller players are more interesting than the big four.

Microsoft added endpoint detection and response, automated investigation, and remediation to Microsoft Defender for Business and integrated into Microsoft 365 Lighthouse. And they added remote control -- that's key.

Finally, Apple came to play with their Apple Business Essentials. With three monthly subscription tiers, custom installation of apps, 24/7 phone support and four-hour response time for on-site repairs, there is a real offering here.

The disruption: Small players are delivering the future, while Microsoft and Apple have offerings in the space. Microsoft's package of Endpoint Manager, Intune and Lighthouse are the future.

'The trade show event circuit is dead as it was.'

I could just declare victory due to the way I made the prediction: 'as it was.' 2021's events were not the ones from 2019. Attendance was down across the board. Some events aren't back, and travel across borders was pretty different. Because I made the prediction for this year, too, it's easy to be right on this one.

Let's be a little more thoughtful. Will it stay that way? New data from Morning Consult says that 39% of business travelers -- those who used to travel for work at least three times a year pre-pandemic -- say they will never do it again. I don't believe there will be a market for it to be as big. And some shows will go away or change next year because of it.

This is an example of a prediction where the thought process is more important than the result. Does it matter if the number is 75% of previous, 50% of previous or 25% of previous? Not specifically. What matters is the change and the redistribution, which is being proven out.

Cloud-first trends in 2022

Let's talk about the cloud for these predictions. It's pretty easy to make handwaving predictions about the cloud because it's the obvious direction of the market. In November, I covered Gartner analysis on the cloud space, where analysts said there will be more than 85% of organizations embracing a cloud-first strategy by 2025 and 95% of new digital workloads being deployed on cloud-native platforms, up from 30% in 2021. That's a mere three years away. It's passing 50% now as we go into 2022.

And thus, to get there, there are a few things required and where my predictions are focused.

I did an entire piece about building that SMB of the future this year. One of my points was the need for ongoing monitoring of the security profile within the cloud. If one considers the stack I proposed -- including SaaS line-of-business app, accounting and work platform -- there's an obvious gap for SMB-focused IT providers to monitor and manage those.

Let's get to the predictions.

In 2022, a vendor will emerge with a clear set of requirements to deliver management of SaaS applications beyond managing a single vendor.

There are several players I'm watching here. I always name Nuvolex, SaaS Alerts and Augmentt as companies in this space, although I could include SkyKick or Datto's SaaS Protection. I'll also include what CyberDrain is doing in this space with the open source CyberDrain Improved Partner Portal (CIPP) project. None individually is complete to my vision. I'm looking for multiple-platform support. Most of these are just Microsoft 365 and would include multiple functions beyond just backup, most similar to Nuvolex.

There's a big difference between managing one and managing two because two leads to 'N' number. Once a vendor does more than one, they have abstracted core functions to allow that to be replicated multiple times. They'll do it with a standard method, likely an API. I'm looking for that.

Someone will break out more than one platform support, a defined list of requirements that providers nod to and multi-tenant support.

In 2022, I also believe a savvy MSP is going to spend some money and invest engineering dollars in an open source project, like CIPP or Tactical RMM, to further address this need.

Tactical is a traditional remote monitoring and management (RMM) versus CIPP's cloud focus, but either could benefit from an investment like this. If the rise of these open source projects say anything, there's certainly some desire to build the tool by those who need it. For a product space that should have been solved years ago, this could jump-start what providers are waiting for.

In 2022, a cloud-first MSP sales approach will move into the mainstream.

I fundamentally believe in the idea of an ongoing, proactive relationship with an IT service provider to help small businesses with their IT needs. That said, the vast majority of MSPs start by selling endpoint management, rather than leading with the cloud.

Thus, this will play out with a provider who is selling a package of services entirely around cloud and SaaS and leading with that. This isn't a rebranding of an existing package. Instead, this will be a management package of the cloud assets and likely to the exclusion of endpoints. Rather than a strategy of 'protect everything,' this offering will protect the crown jewels, an offering focused on the cloud systems. We'll cover your core assets and data to ensure no unprotected access, including from a customer's own employees.

That's three projections for next year as we move closer to that cloud-first world. A vendor will emerge with the clear vision to convince providers, an MSP will step up to invest in their own solution and a cloud-only offering will emerge that sells just the cloud.

2022 IT services market outlook

Doing a series of predictions on business is a super vague area to cover. Putting some boundaries, I'm thinking about the landscape for those delivering IT services and, generally speaking, the broad small and midsize company space. That's the lens.

It's too easy to do one of two things. First, I could declare the big opportunity the year will present. Things will be better, there's tons of opportunity, all that. I could also observe the big uncertainty out there and make a solid prediction for turbulent times. Omicron won't be the last variant of the coronavirus, we won't be in a stable place for a bit, and another set of challenges.

Both can be true at the same time.

I do genuinely think there is enough stability now to execute on plans and find opportunities, and I also believe there will be more turbulence than most of us have been used to as it comes to new uncertainties in the economy. 2020 will stand out as a banner year for difficulties, and as the world moved into 2021, there was a lot we didn't know.

But, for 2022, there is a lot we do know. We have vaccines for COVID-19; we have tests that are reliable; we have continued understanding of how to measure and handle the virus; and as is proving out with each new announcement, markets are learning to respond.

Thus, while both are true -- there are both opportunities and there is continued turbulence to come -- let's not focus our attention there, and instead assume that as the baseline.

In 2022, the gap will get worse between the haves and have-nots.

Ingram Micro's researchers, in their '2021 State of the Channel Report,' stated that the top 20% of MSPs will command 80% of the market revenue gains during and after the pandemic. Why? Basic IT management isn't enough anymore. That skill set is both assumed and barely the entry point to technology in 2021.

Particularly based on my thinking around cloud -- as covered in my cloud predictions -- cloud-first requires business skills and not technical ones. The bulk of the high-value revenue is over in business consulting services, not technical ones. Most small providers won't be able to capture much of this revenue because of skills mismatch. How many business consultants does a typical provider have? Not enough and maybe none.

So, the gap will get worse. We'll see this in a slow increase in the number of break-even or money-losing providers, although you can only lose money for so long.

In 2022, we'll see the fruits of the labor of those investing in real work-from-anywhere initiatives for a select group.

According to internal Lenovo research, 83% of IT leaders expect up to 50% of future work to happen outside of the office. But, more interestingly, a Gartner researcher has predicted that 30% of corporate teams will be without a boss due to the self-directed and hybrid nature of work. This is a decoupling of management from the manager role. I'm looking for breakout performances due to the reorganization of the way a business conducts its operations beyond just having no offices.

There isn't a single answer here. In fact, that's what's so exciting. The open greenfield nature of understanding what works and what doesn't in a new landscape is rife with opportunity and uncertainty. Those who say they know exactly what they are doing and where this is going are wrong.

A subprediction: Those hybrid formulas are a fad. Three days in, two days in, these arbitrary numbers are a fad and won't last.

In 2022, the rise of the consultant will be notable.

Those that have taken the religion of monthly recurring revenue (MRR) too far will lose out to those who actually take less risk by only providing the insights without the accountability.

Last I checked, doctors, lawyers and accountants all make a lot of money in very scalable businesses with hourly rates and so do consultants. Don't get me wrong, I love a monthly recurring contract. I just don't necessarily believe that, if it's not MRR, that it's bad. Far too many in this space have lost the script on the value of being a consultant. Trading advice and expertise for money is a very good business.

The core tenet of the monthly recurring revenue concept is the idea of not having to chase the customer every month, not that you must sell them just your IT endpoint management services. Next year, those that push back against that will make notable inroads.

Security predictions for 2022

It feels required to make some predictions about security for 2022.

I'm a reluctant commentator on the security space. I avoid discussing security as an opportunity because I think the crimes of others are a tax on small business, not an opportunity to sell more locks. Cybercriminals are terrorists, and precautions are necessary for sure and an unwanted drag on the economy. If given a choice, I'd prefer businesses spend money on growing their offerings, not protecting their flank. Pure acceptance of the current state of affairs and blaming victims is wrong when the conditions are open warfare. Thus, security is a necessary investment, despite being unwanted. I put a risk management lens on my analysis. Where are choices that minimize risk effectively?

So, some predictions.

In 2022, the stats on breaches will get worse, not better.

I want to be positive and simply cannot be here. Gartner has predicted that, by 2024, a cyber attack will so damage critical infrastructure that a member of the G-20 will reciprocate with a declared physical attack. In order to get to that outcome, a physical attack, the landscape won't improve. This implies governments and law enforcement have not created an environment where cyber attacks are viewed as too costly.

That direction points to the landscape getting worse, not better. This is a seemingly obvious prediction, although rarely brutally delivered. Society is not winning the cyber war.

In 2022, the idea of financial incentives as part of the offering will be adopted by more vendors or new vendors entering the space.

I've covered both SentinelOne's warranty offering and Resilience's coverage plus software approach to offering cyber insurance. This will become a competitive offering. We'll see a vendor take a channel-focused approach to this offering, bringing the combination to a reseller model. They'll have skin in the game, and they'll be rewarded for their efforts.

In 2022, several vendors will be rejected by providers for being unable to address supply chain concerns.

Kaseya's breach was a long-overdue wakeup call for the provider community, and to be fair, their name could have been replaced by any vendor. And Kaseya's response was well orchestrated and executed. The aftermath is that providers have a concrete example of how a supply chain attack can impact them.

Thus, next year, providers will openly reject vendors for not having answers to supply chain management concerns. They may be forced to, particularly by insurance companies when they prioritize having coverage, and require choices to get to standards their insurer is comfortable with.

It's almost the inverse of my previous prediction. The key is that the action will be initiated from the provider side, not from the vendor one.

In 2022, a significant enough law will pass in the U.S. requiring breach disclosures to include a broad range of SMB businesses.

The pieces are all there. Forty-five states and Puerto Rico are reviewing more than 250 pieces of legislation around cybersecurity. Something is going to pass. Protecting businesses is a winning issue on either side of the aisle and an obvious effort for lawmakers to take.

Making notification mandatory also removes the stigma because now it's easy to blame the government for the disclosure. As common as these incidents are, everyone will be reporting. No shame.

In 2022, those ransom payments won't go unnoticed by governments.

I'll predict an outright ban -- maybe not across all industries, but there will be some that will be taken off the table. This is a category where I wish my predictions were cheery. That's not to say I don't see opportunities and significant lines of businesses in handling this need in the market. The trick is that I'm not enthusiastic about it at all. Winners will be the ones who thread that needle of positioning as smart risk management, and losers in the space will be viewed as predatory arms dealers.

About the author
Dave Sobel is host of the podcast The Business of Tech, co-host of the podcast Killing IT and authored the book Virtualization: Defined. Sobel is regarded as a leading expert in the delivery of technology services, with broad experience in both technology and business. He owned and operated an IT solution provider and MSP for more than a decade and has worked for vendors such as Level Platforms, GFI, LOGICnow and SolarWinds, leading community, event, marketing and product strategies, as well as M&A activities. Sobel has received multiple industry recognitions, including CRN Channel Chief, CRN UK A-List, Channel Futures Circle of Excellence winner, Channel Pro's 20/20 Visionaries and MSPmentor 250.