Datto’s Rob Rae: There Are No Dumb Questions About Cyber Resilience

BUILD IT LIVE ’22 — Position your cybersecurity offering “at a grade five level.” That’s advice from Rob Rae, senior vice president of business development at Datto, a Kaseya company, on stage at IT By Design’s Build IT LIVE conference this week.

“The MSP industry is a $185 billion market right now. We are in the golden age of managed services,” said Rae (pictured above). “We are experiencing it and thriving. And we will continue to do that, if we do it right.”

So what does “doing it right” entail? Having the right conversations, and not being afraid to ask dumb questions. 

“We [in the managed services industry] can be very technical in nature,” said Rae. “When you try to talk to an end user about those technical things, meaning tends to get lost. And I think we take that for granted. I’m the guy who asks the stupid questions over and over again, and I’m not afraid to do it. I’ve actually learned throughout my career that the more dumb questions you ask them, the more you will learn.“

As time goes on, similar to the cloud conversations and SaaS conversations, the messaging is getting more and more clear. The end-user market is starting to understand those things a little bit better. So, when you sit down in front of a prospect to talk about cybersecurity, Rae says, there is power in your messaging, and your positioning. The key is to position your security offering at a grade five reading level.

The MSP Opportunity

“Now more than ever before, this is a massive opportunity for all of us,” said Rae. “You talk about the possible impending recession … we’re all still making money. The pandemic, same thing. A lot of us thrived despite that, and we’re still thriving. There is an insane amount of money flowing through this industry, again, despite all the changes.”

Essentially, the pandemic was good for business. The Y2K scare was good for business. The cloud emerging was good for business. According to Rae, this is another moment that will be good for business, which MSPs need to take advantage of. 

What do SMBs think about? Remote work, digital transformation, shifts to the cloud, and more. The whole industry is dealing with talent shortages, consolidation, and of course, cyberattacks. 

Determining Value

In terms of cyber resilience strategy, what is the value of what you do? What is it that you deliver to your end users that they need the most? Rae pondered.

“When you ask yourself that question, a lot of you might say, “breaking down technology, helping [the end user] understand technology, something like that,” said Rae. “But in essence, it all comes down to education. It is the knowledge and information that you have in your head. That is the most valuable asset that you have for your ultimate end users. If you can get that out of your head and translate it into “end user speed,” you’re going to win. That is where the value of what you’re doing, what they’re paying you for, comes in. And you need to constantly reinforce and be that expert in your area. Be that expert in your town; be that expert amongst your client base.”

There are three massive cybersecurity opportunities in the channel, according to Rae. We will cover the top two here. 

Cyber Resilience

Not cybersecurity — which is an important distinction. Cyber resilience is different because of the way it’s positioned.

“Everybody is going to get attacked at some point,” said Rae. “Is there anybody out there telling their clients they are 100% safe, 100% of the time? Anyone who does is lying; it would be a massive mistake to say that. So instead, cyber resilience is more of a score. We’re essentially saying, ‘If you follow my instructions, I’m going to make you as safe as possible. If you don’t follow my instructions, you’re probably not going to be as safe.’ And you deal with this all day with your clients. And they balance how much they want to pay versus how secure they want to be that cyber resilience.

The Work-from-Anywhere Model

The pandemic obviously threw things into chaos, and few expected such a huge shift in where employees work.

“Some people are going back to the office; some people are not,” said Rae. “Some people want to continue to work from the beach, from the cabin, from the lake house, from the boat, whatever the case may be. And what you need to do is continue to take a look at the technologies you’re investing in to make sure they are thinking along those lines. Part of the problem in the past was we were all protecting the castle, which is where all of your people were. You did everything you could to protect people by building the best castle you possibly could. And then, everybody had to leave the castle, and ran to their grass huts. And all the bad guys know the little piggies are in the grass huts and are not in the castle. We need to make sure that we’re securing those grass huts just as well as we did that castle, whether they stay in their house, or whether they go back to the castle.”

3 Elements

Cyber resilience involves three key elements — identify, protect, detect, respond and recover. There are still gaps, whether it’s on the provider side or the end-user side. But it’s time to get serious about these things. The stakes are too high, emphasized Rae. MSPs need to get comfortable saying, “If you’re not serious about this, I can’t be serious about this.”

MSPs must shift to the right path of adaptability and maturity, and cyber resilience. Revenue should double because the value of what they’re giving customers should also double. There is more diligence and work that needs to be done, because forecasts show the growth opportunity is massive.