Ransomware attacks have grown dramatically in the past couple of years. The global attack volume has increased by 151% in 2021 and 37% of organizations have been targeted by ransomware attacks. The potency of ransomware attacks has evolved too. Insidious supply chain attacks with far-reaching data exfiltration for extortion purposes are the new normal. Managed Service Providers (MSP) are the vulnerable and lucrative entry points for cybercriminals as the SolarWinds and Kaseya’s REvil attacks have shown us that quick detection and seamless recovery are central to mitigating the risk of a ransomware attack. In this video, we talk to Robert Vance, a Solutions Specialist at DMSiTech one of Canada’s fastest-growing IT companies and one of its 50 Best Managed IT companies. Robert has over 15 years of experience in IT having worked for large multi-national engineering and telecom companies. He talks about MSP differentiation and cybersecurity challenges that MSPs and their customers face. Robert also discusses SharePoint Online ransomware recovery for MSPs and why backup and recovery is a must-have to secure SaaS data.
Book a Demo with an MSP Specialist
Ransomware Recovery for MSPs
How Can an MSP Differentiate Itself?
Teresa: Welcome, Rob, lovely to have you on board. Let’s start by talking about DMSiTech. In the crowded MSP market, how does DMSiTech differentiate itself and what value core values do you bring to your clients?
Robert: Absolutely. Thank you very much, Teresa. That is a great question. The IT market is definitely very large with a lot of different players in the space. We basically found three key pillars that we use to try to differentiate ourselves.
#1 The first is we recognize that because the world is so complex, no one partner can understand all of the products that are available. Instead, we focus on a handful of best-of-breed products, and we make sure that our staff is educated and at an expert level about those products. If a customer approaches us about a product that we know nothing about, we don’t try to pretend to know just to try to get that sale or that customer. We’re very comfortable with what we know and also comfortable and what we don’t know.
#2 The second thing we invest very heavily into is our employees. Whether that be a personal training or certification, basically anything that we can do to make sure that they have the skill sets, knowledge, and comfort to provide the best value for our customers.
#3 And lastly, we just try to have a very open and honest relationship with our customers. We always strive to be considered as the trusted advisor. We don’t want to be the external party that is considered to be adversarial, which we know some MSPs have a reputation for. Instead, the way we want to work with the customer is as an extension of their I.T. department.
What are the Key Challenges for an MSP?
Teresa: As an MSP, what are the key challenges that you face?
Robert: I think the biggest challenge that we have is just trying to keep up with the constantly changing scope and scale. Every day is an adventure. Every day brings new challenges that can make things very difficult to keep track of and we also have many large-scale changes that happen. For example, just in the last month, there was a Log4j vulnerability that was announced in the media that we had to work a lot of late nights to address for our customers. We also have to deal with the issue of vendors who will just make large-scale changes to their infrastructure. For example, Microsoft is recently upending their entire cloud service provider program, introducing something called the New Commerce Experience (NCE) that’s requiring us to revisit core foundations of how we operate our business. Those kinds of things just kind of happen in perpetuity in this space, so we have to constantly be ready to adapt.
Teresa: How do you stay a step ahead of these challenges? Dealing with a market in flux, constant flux?
Robert: I don’t think there’s a particular technique that we do other than just making sure that we’re definitely staying abreast of the news. Certainly, with the Apache Log4j vulnerability, it helped being involved in various MSP newsgroups and forums and just mainstream media involved in newsletters and webinars. Basically, anything to stay abreast of what’s happening within the industry so that we can be as receptive and responsive to it as possible.
MSP Cybersecurity Concerns
Teresa: And talking about cybersecurity, it has moved from the shadows to become a key business priority. The World Economic Forum listed it as one of the two key challenges that we’ll be facing this year. What are some of the common cybersecurity concerns or challenges that your customers face?
Robert: Absolutely. So I think that the cyber concerns that our customers have are going to be pretty universal for all customers, regardless of size or vertical. It’s basically how do we protect our data and how do we ensure the security and long-term availability of that data? What has changed, though, in, say, the last 20 or 30 years, is the internet and just how pervasive it has become within our business. What this means is that the bad guys no longer need physical access to try to attack your facilities. They now have 24x7x365 access to basically all of your tools and services, and we promise they are attacking you every minute of every day. What this means effectively, then, is that we, as administrators, have to get every single security setting, every single permission right, every single time in perpetuity, whereas the bad guys, they only have to be ready once. That’s why it’s really important that we ensure we have a robust set of tools and processes in place to mitigate these risks as much as we possibly can.
Teresa: And especially with the remote workforce, that must have added to the risk
Robert: Yes, that was certainly, definitely a big shift for a lot of people. But the good news is that at least for a lot of our customers, the work from home thing has actually been something we’ve been pushing. That is kind of an advantage for years, even prior to COVID happening. So, we were able to weather that storm, I think better than some of our competitors may have.
Why Do MSPs Need Microsoft (Office) 365 Backup and Recovery?
Teresa: That’s a smart move. I’m guessing cybersecurity solutions are an essential part of your MSP suite. Talking specifically about backup and recovery – what’s the necessity for including backup and recovery as a service for your customers?
Robert: Well, I think that it’s just the recognition that something bad is going to happen. It’s kind of just an inevitable reality of the world, right? Whether it be a malicious attack or even just someone accidentally deleting data and not realizing it until it’s too late. We need to make sure that we have some solution to be able to recover that data. When we look at CloudAlly, specifically why we decided to kind of go that way, we’ve actually been the CloudAlly customer now since I believe 2016. It’s been a number of years now, and back then when I was actually the one that spearheaded that project, the landscape was very different. Back then there were not a lot of cloud-first backups, primarily for Microsoft 365, which is where we specialize.
So, when we looked at CloudAlly, what was really impressive about it was that they had an easy-to-use interface and competitive pricing, which is certainly obviously a big deal when trying to sell this to our customers. And what really got me actually was when I did reach out during the trial there, the support was incredibly responsive. So we decided to give them a try with, you know, a 90 day trial at the beginning, and six years later, we’re still here.
I think it’s important to remember that backups are an absolutely essential part of any MSPs tool suite that they’re offering to their customers. As I mentioned before, bad things will happen. It’s not a matter of “if”, it’s a matter of “when”. Ransomware, a flood, hardware failure, a malicious employee or even just an honest-to-goodness mistake and a wrong click and something bad will happen. And if you just really have to, think of backups as insurance – you hope you never use it, but you have to have it in place before you need it because you can’t do it after the fact. I recommend all MSPs ensure that they have both the backup and, as was mentioned, a recovery plan of any part that they’re supporting.
CloudAlly ROI for MSPs
Teresa: Yes, we’re so happy to have you as our customer. So, you know, not too many people know that CloudAlly was one of the first that pioneered cloud backup. And now that you have used CloudAlly for so many years, what would you say are the top three CloudAlly features that give you the most ROI?
Robert: By far, the easiest one is the fact that it’s all cloud-based, and setting it up is incredibly trivial. When we bring a new customer on board, we can have CloudAlly set up in literally minutes, and there’s no on-premises infrastructure to try to convince the customer to purchase. That’s been a huge selling feature for us, for a lot of our customers.
Beyond that, what’s been a benefit for us is the partner API and partner portal as a whole. Getting a holistic view of all of our customers on one page and being able to extract all that data into our custom platforms – that has been a huge improvement.
And I think finally, just the fact that it works! The thing about backup products is, certainly the ones we’ve worked within the past, they’ve added so many features and so many buttons and widgets that the product basically falls under the collapse of its own weight. I really appreciate CloudAlly because it’s purpose-built to basically solve one problem. When you log in, you have a backup button and the restore button because, at the end of the day, that’s all I care about. And the fact that that works as effectively as it does is something that I very much appreciate.
Teresa: It is true a backup solution is only as good as its recovery capabilities. Minus all the bells and whistles.
SharePoint Online Ransomware Recovery for MSPs
Teresa: Can you relate an incident when you or any of your customers used CloudAlly in particular for ransomware recovery?
Robert: Absolutely. Actually, in fact, that’s part of what prompted this call. During Christmas this year, we had one of our customers hit by ransomware and a particularly virulent strain of it. And not only did it wipe out all of the on-premises infrastructure, but also got all of their SharePoint document libraries. We were able to restore all of the on-premises backups relatively easily, but the SharePoint Online backups were not something that we otherwise would have had an infrastructure to set up. Three years ago, we convinced the customer to purchase CloudAlly, and for the last three years, it’s just been sitting there doing nothing. In fact, I think even a year ago, we had a conversation with the customer if they asked if they still needed it. Is this something we could cut when they were doing cost savings? We convinced them not to. And thank God we did, because this went from being an absolute potential catastrophic disaster to click restore 200,000 files over between Thursday and Friday. By end of day Friday, they were back up and running again. So I don’t know what we would have done if it wasn’t for CloudAlly, for that customer.
Teresa: Wow, that is that is an impressive story.
What is the Value of CloudAlly Backup for Customers?
One is it is incredibly easy to set up so that there is no friction in trying to have those discussions. We know customers are always very cost-conscious, looking forever where they can cut. And backups because they feel like insurance. Like when you get car insurance, you get collision, you want collision. No, I think I’m going to try to save that until all of a sudden you need it, right? Because it’s so easy to set up and inexpensive, relatively speaking, it’s a very easy sell. You don’t have to do a lot of nudging in that direction.
And the second thing is that it just works. There isn’t a lot of when I deal with a lot of on-premises backup products, there tends to be failures every couple of days. Something will go wrong somewhere in the process. But because of how all these cloud products work, they tend to run a lot more reliably, which saves a lot of effort for that and both the administrator and concerns from the customer that the data is available.
And finally, from a marketing perspective, the unlimited retention that CloudAIly offers is still mind-boggling! I can restore my data since 2006, it is a great feature that I recommend it. I hope it encourages people watching to definitely add backup and recovery as must-have insurance.
Teresa: Especially given that attacks are rising by the day and there’s nothing better than one-click recovery when you’re faced with the stress of an attack.
Robert: Yes, absolutely. And of course, it’s also important to note that it is immutable relative to whatever the primary data sources are. So even if the Microsoft 365 backups, in this case, are compromised by an intentional attacker that’s actively trying to delete the backups unless they have access to the CloudAIly portal, those are not touchable by the attacker. So that is again another huge benefit for ransomware recovery
CloudAlly’s pioneering and top-rated comprehensive Microsoft 365 Backup and 1-click recovery secures all your Microsoft 365 data from loss – Mail, Calendar, Contacts, Tasks, Groups/ Teams, OneDrive, SharePoint, and Public Folders. Recover an accurate copy of your data from ransomware ASAP with ransomware recovery tailored for MSPs.