Dave Sobel is the host of the podcast The Business of Tech and co-host of the podcast Killing IT. In addition, he wrote Virtualization: Defined. Sobel is regarded as a leading expert in the delivery of technology services, with broad experience in both technology and business.
In this video, Sobel speaks with Alex Hoff, founder and chief product officer of Auvik Networks, a network management software provider. They discuss key trends in the network management market and where the opportunities for managed service providers are headed.
Transcript follows below.
Dave Sobel: We connected because you guys put out your recent annual report on the state of the network. There's one detail that I had to start with and I wanted to ask you about. The data says 57% of IT pros don't know the configuration of their network. Tell me more and why you think that is.
Alex Hoff: Why do I think that is? I'll give you an opinion in a second. When we do these surveys [with] the broader population, we're trying to understand the state of IT, whether it be in-house IT [or] MSP. Do [they] understand what's going on? Questions like: Do you understand the state of the [network configuration]? The answer should be yes, but it also could be no. There's so much complexity in today's network with the firewall rules, it's very easy to say, 'I don't know everything.' And that is just a reflection of the world we live in today.
I actually believe that over the coming years, whatever your time horizon is, networks will actually decrease in complexity. That's a personal opinion. So, I don't think it's surprising that 50%, 57% of people don't have 100% visibility into it, because they also have a million other things on their plates. You can't be an expert at everything.
Dave, do you know the perfect configuration of your Microsoft 365 license? But I bet you I could go figure it out, though. And that's, I think, one thing that sets apart professionals in our industry, is they might not know the answer right now, but I trust that they will be able to figure it out. They have the capability and skill to dig into it when they need to. So, it's just a prioritization exercise.
Why networks will become simpler
Sobel: So, you said something I've got to ask about, because my gut says that things get more complicated, because they always do. I think [that] with technology, we always say it's simpler, but it never is. But you think networks are going to get simpler. Why is that?
Hoff: [It's a] personal belief. And I'm going to bucketize this into three different types of organizations: You have SMBs, midmarket, enterprise. [For] enterprise, it's probably going to get worse, probably going to get far worse. But in our industry -- or at least where Auvik focuses, on SMB and midmarket -- I believe that what we have with COVID has been an acceleration to the cloud and an acceleration to embrace distributed work.
So, what does that mean? That means that you're going to have less assets on premises. That means that the perimeter firewall [and] the local network security is probably not modus operandi No. 1. You're going to have more assets in the cloud. Cloud security is going to be there, but you can use other techniques like SAML, single sign-on, to refactor that security exercise. Do you need network access control in your network? You're going to hear big enterprise do that because it's a great way to control what assets come onto your network, but you can also do that with VPNs or ... shoot, the name's slipping my mind, but the next generation of VPN that is the client. They're cloud-based.
So, if you think about what's the purpose of the network, the purpose of the network is to facilitate connectivity between me -- the user -- and the application I use to do work. I'm at home right now. I'm using my corporate laptop on my home Wi-Fi, on my home infrastructure, on my home broadband, and I'm connected to Riverside.fm. Still doing work. Don't use any IT infrastructure.
Why IoT hasn't seen broader adoption
Sobel: All right, that's fair. So, that links then to my next [thought], because I've always sort of posited that managing all these devices, from IoT to every basic kind of infrastructure -- all of this plethora of devices -- would be catnip for solution providers, that they'd be embracing it full-on. I first thought that the [remote monitoring and management] RMM-style technologies would expand. I was wrong. They didn't end up doing it. Then companies like Auvik stepped in to fill in that gap. But I still don't feel like that vision of managing all devices has really ever come true. Am I wrong? Did I misread that? Or am I just completely wrong with the way it's going?
Hoff: I would say you're not wrong, you're not right. It's sort of [in the] eye of the beholder, and it depends on the type of organization. So, think of a very simple organization: an accounting firm, a law firm. Actually, law firms are complex. But an accounting firm. If they're using cloud applications, cloud accounting tools, how complex does their network need to be? What complexity do you need with IoT devices? You need a couple of widgets, that and there. But what's the role of the MSP in that place? Making sure they have access to the right tools, making sure their devices are secure, making sure the devices are up, the RMM -- we're going to talk about all of that stuff. But [with] IoT, I don't think you need to manage everything. Sometimes you just buy a thing because you need to solve a problem, and that problem doesn't need a ton of management on it.
The one interesting advent with cloud and SaaS control planes for IoT devices is someone could control it. And so, when I think about an IT team, or an MSP, I think about, 'What is their core responsibility?' Their responsibility is to ensure that their users are productive, safe and secure. I would call it the monotonous work. Is the machine patched? Is the interface up? Is the port utilized? Blah, blah, blah. That's boring. You should refactor that problem. You should bring in a tool, or you should bring in a partner, an MSP, to take care of the stuff that is refactorable. Because who knows your accounting firm, or whatever business you're in, better than anyone? You. You are the expert in that business and their IT needs. But you can take a whole chunk of that, and you can partner with somebody so that you can focus on your core competencies and let an MSP focus on what they're really good at. Again, let's just go back to patching, backup -- you don't need to reinvent that. Partner with somebody to solve those problems.
So, I think coming back to the statement: yes and no. I think if there's an industry vertical-specific IoT widget they need to do, probably you need to manage that in-house or you find a partner to help you with that, but they might be a domain-specific MSP. Or for the refactorable -- I love using the word 'refactor' -- [a partner] can take stuff and you can just push it somewhere else. And [a partner is] going to be better than you at that. I talked a moment ago about network configuration. Yeah, someone's going to know network configuration better than you. Great. Hire them. Bring them in to help you make your organization better, safer, faster, securer, whatever.
Auvik's approach to zero-trust security
Sobel: That makes some sense. And then let me ask, how do you think about a zero-trust security in that model? Because I think it plays in, the idea that if you're not managing everything. Maybe you're only focused on certain devices. Do you give a lens of zero trust to thinking about this?
Hoff: Yeah. So, I'm a big believer in zero trust. And that was the word I was looking for before when we were talking about VPNs: the zero-trust connectivity solutions. Again, let's think about an application. Let's pick on QuickBooks. A lot of SMBs use QuickBooks, still on premises. You can still make it zero trust. You can still expose it to your users. What you don't want to do is have distributed authentication through a thousand different applications, right? Again, I'm going to break this word this entire interview: You're going to refactor that. You're going to centralize that so it's easier for you to manage. It lowers your overall risk. Then you could layer in stuff like MFA [multifactor authentication]. You can pick your favorite technology partner to help you with those things. But you want consistency, and you want to lower entropy.
And so when I think of zero trust, you're lowering entropy. You're not trusting devices on the network. You are putting them in sandboxes until you trust them. [Users] can't authenticate to anything unless [they] go through the single point. You're lowering entropy. How many times do we hear about users that are of privileged escalations or legacy users that were forgotten to be offboarded because the process said to remove [access] from these 18 different applications? It's easy to make a mistake. It's better to take that mundane task and automate that with the system. There, I didn't use the word 'refactor.'
The future of network management
Sobel: If I give you the magic wand and we start projecting out [into the future], what's your North Star vision of network management, the problem you're focused on here with what you're doing? What's the final vision kind of look like?
Hoff: That's a great question. It's something I wrestled with today. I actually was just writing up an essay today on this very topic. And the way I look at the world is we've done a really good job here at Auvik, I believe, at giving our partners visibility into the on-premises infrastructure. We help you automate tasks, et cetera, et cetera, et cetera. That problem is different now in the new way of work, where you have more applications in the cloud, more people remote. So, the use case is still the same, that if I'm at my keyboard and I'm working and my application is slow, I'm still going to submit a ticket. I still want help because I'm not the expert. My IT person, my MSP, they're the expert. So I need them to help me.
The problem with that distributed work is there's a visibility gap. I don't know what that home network looks like. I don't know if your kid was streaming. I don't know if they unplugged the access point. So, that's a challenge. That's a problem that vendors like ourselves are [trying] to solve. But the flip side is the cloud side. Slack was down Jan. 4. We talked about, 'Hey, new year, everyone's back at work.' And then the first day we're back at work, Slack's down and the world is on fire right away. And everyone was just like, 'Oh, come on.' What do you do about that? The answer is bupkis. The only thing you can really do about that is communicate to your team and say, 'Hey, Slack's down. They're having an issue. If you have any other work to do, great. Use email, work offline, go get a coffee, go for a walk, because there's some really smart people, presumably, working on trying to resolve the Slack issue.' It took them a little while, and I read the post-mortem on that. It was pretty complex.
So, sometimes, it's just out of your control, like when Comcast has an outage in your neighborhood. Pick your favorite ISP. What do you do about it? Nothing. So I think there's an element of proactivity, that you could communicate with your users to help them calm their nerves. A lot of IT is just, 'Yo, chill. Here's what we know. Here's what we're doing about it. It might not be me. It might be somebody else. But here's what's happening.'
Sobel: You opened the door because you brought up the magic word, which was 'cloud.' And that's a spectrum of stuff. It can [range] from, I'm running infrastructure up in the cloud, all the way to SaaS-based applications. When you define the area of network management and say you're going to extend to this new world, where are you tackling [it in terms of] cloud? How does that factor in?
Hoff: I think there's probably a roadmap of problems that we need to tackle over time. And I would say the first problem that I hear the most frequently [is] it depends on the type of business. So, SMBs are step functioning. They're going to drop QuickBooks, and they're going to pick Xero or some other payroll-type online solution. They're just going to be like, 'export, import.'
That doesn't work for a more mature organization. They're going to take their legacy application [and] they're going to move it to Azure, GCP, Amazon -- pick your poison. They're going to host it because that solves a number of problems for availability, scalability, pricing, blah, blah, blah. Again, it makes life better. Then they will tackle the big project of migrating to a SaaS platform one day. So I view that as a two-step function.
So, there are two scenarios there: straight-up SaaS applications, and infrastructure as a service and getting visibility there. [If] you're getting visibility into infrastructure as a service, the same problems of network performance management apply. Is it working? Is it up? [Is there] connectivity? Is [there] configuration of the firewall? I would say there's a similar class of problems. They're going to be a little bit different. You're not going to use SNMP [simple network management protocol] probably the same way you used to. You're probably going to use a native REST API. And that's the mechanics, but no one really cares. Ultimately, you want to know: Is that application up? Is it running? Is it performant? So, I think there's something there. And I hear that a lot.
Managing SaaS applications
Sobel: You actually hit on two different things. The infrastructure-as-a-service piece makes perfect sense to me. I actually think that for most SMBs they're focusing on the SaaS world, which you didn't talk about, because that's a different set of problems, be it around not only just basic availability but also configuration management. Have I secured things correctly? Do I not have open accounts? That kind of work. Am I wrong? Am I right? And then prioritize [these] for me. [How] would you tackle the problem?
Hoff: I don't know how to prioritize them just yet. Maybe we'll come back to that in a second. But the problem that I see is there's a bunch of other SaaS companies now that are helping you manage the cost of your licenses. They tend to target enterprise, midmarket, where you have a proliferation of users. Like, 'Why do you even have an account in Office 365? The last time you logged in was two years ago. You're just wasting money.' I would say that's an enterprise problem. It might apply to the midmarket. It might apply to the SMB at the lowest. But it's probably not a big enough problem for us to solve right now. We're still interested in understanding what SaaS applications we have.
And I come back to that earlier statement I made: What's the role and responsibility of IT, MSP? Security, safety, their users and productivity. So let's say we're a Microsoft shop or a Google shop. It doesn't matter. 'Well, why is my team using Dropbox? That's off-brand. Am I sharing data that I'm not supposed to be sharing?' We used to call that data loss prevention, where you look at your computer and if your computer gets stolen, what assets were on there? That industry is evolving very quickly, because I might've shared a file with Dropbox. IT doesn't have control over Dropbox, because I used my personal account. So, that gets really complicated. That presents a question of, 'Well, what applications am I using?'
People know [Auvik today] very well for network discovery because we discover all the thingies, all the IP-addressable thingies and widgets and assets on your network, those printers, those IoT devices, those phones. Great. But then the next question is: 'Well, what SaaS applications are you using?' And that's the same problem. It's still asset management, [but] your asset's now a SaaS application.
It seems like 137 SaaS applications is kind of the norm for a midmarket organization. Okay, great. Well, what are they? Let alone managing costs. That's the horizon beyond. But first, what are [the SaaS applications]? And we've done this today. We have our TrafficInsights. We made an acquisition a couple years ago [of] a company called Talaia. It gives you deep visibility into the network traffic. And so we can see those applications. So, it seems like a logical evolution is to inventory them and present them to the user and understand your risk.
Going back to an example, Auvik uses G Suite. And so, we share all our docs in Google Drive, and we saw one of our users on the content team using Dropbox. And we're like, 'Why? Why were you using that?' And she's like, 'Well, no. I had a legitimate use case. The other vendor that we're working with only uses [Dropbox]. They asked me to share the document.' Peace. No problem. But what you didn't want to hear was, 'I didn't know that. I didn't know I was using Dropbox.' Maybe it was malware.
Probably a really fictitious example -- no one's that simple -- but what you want to understand [is], what's your risk there? What is the inventory of applications? Who's paying for stuff on their personal credit card versus corporate credit card? There's just a whole bunch of inventory that you need to understand.
Sobel: So, this is an area you're thinking about, directionally, for Auvik, in terms of SaaS management, SaaS alerting? That is a direction you guys are thinking about heading?
Hoff: I think I come back to the two things: network performance monitoring in a world that's evolving and IT asset management. Two things we're really good at. [We're] just broadening the definition of what your network is.
Decisions about features, products
Sobel: Okay. I will buy that definition. So then, we were talking about this a little bit before we engaged, so I'm going to [ask] here, how are you making decisions on features and products? How do you philosophically think about prioritization and making those decisions?
Hoff: I'll talk about a little bit how we manage our business. It's kind of interesting. So as a business, we try and manage [using] this concept called the Rule of 40, where growth minus EBITDA, profit margin, and it's got to add up to 40. So [with] 100% percent growth, you could lose 60%. [With] 40% growth, you should be making $0. Something like that. So that's not my job. That's our CEO, CFO. My job is, 'Hey, given the allocation that we give to product engineering, what's the pie chart? How much do we want to invest in current products to keep the lights on?' So if, like, we had to shut down the business, how much investment do we need to do just to keep it moving and keep the bugs at bay? Then there are features that we can invest in to look at ways to improve our conversion rates on our existing products. Improve our conversion rates, improve our retention rates to keep our customers happy that they continually see improvement and value in our product. Great.
Then there's the growth pie. And the growth pie is really about, 'What's something new that we can do to add value to our customers in an area that we don't today?' That might be a feature. That might be a SKU down the road. So when we think about expanding into other areas, it's like, well, there's a series of stepping stones you need to make in order to be able to maybe plug into infrastructure as a service or GCP. You don't just plug into it one day. You probably need to think about what the building blocks are that you need that are common across all of these elements.
And I would say that a big area of focus for Auvik over 2020 and 2021 is making sure we have those right building blocks for this kind of broader vision of what a network is and what it's going to be. We'll need better visibility into an end point. We'll need better visibility into the cloud. [It's] not to say that we're going to go tackle patching tomorrow. Oh, my gosh. There are decades of industry knowledge out there that I don't want to learn. But we do know one thing. We know networks really well. So how do we extend that visibility? That's kind of the way I think about it. And so we have to be disciplined in the way we spend our dollars, where we allocate people. And then given that pie chart, what is the right sequence of events? Sometimes it's a bet. So that's the way I think about it.
Auvik's end game
Sobel: That's great insight, because that's a great rule of thumb to apply to a business. It's one. Obviously, there's multiple, different ways. So, is that the economics that allows you guys to make those decisions? By fitting to that, you can then allocate within that? And I'll then open the door a little bit. How are you driven towards an end game? Is it to be as big as possible? Is it to sell the business? Where are you guys headed in terms of a business end game?
Hoff: We'll back up just a tiny bit. We'll talk about the pie chart. I've asked to increase the pie, make my pie bigger, so I can allocate more. And that's just a function of, 'Hey, if we see an opportunity that we believe in and we've done the right homework, due diligence, [then] we can absolutely invest more.' But more of our philosophy is, given a pie, how you slice the pie. If I want a bigger pie, I put my case together, I work with my team, I go to my peers and I say, 'Hey, this is the bet we want to make.' And I've got to sell that idea, just like everything else. So when we made an acquisition, we didn't just wake up one day and said, 'Oh, we're going to go out and do something.' No, we had to make a case. And I'm very proud to say that it's very successful for us. So I think that's one comment. I would just clarify that, hey, we're not constrained. If we need more, we can go raise money.
And so that kind of leads you to your next question. I've been at this business eight, almost nine years now. And I say, 'Why am I still here? Why am I still doing this? Why are we still functioning, growing?' I'm having fun. Yeah, this year has been a little bit tough with COVID, being at home and not being able to be out on the road to learn from my peers and talk to the partners. But I would say we're really interested about the opportunity to broaden the vision for network management. Some people call it 'IT operations management.' I think that's a broad term. There's something in between there.
But that growth of the product excites me. I think that's what gets me out of bed. And to the extent that our team has rallied behind this vision to broaden, we use this phrase: from the [glass of your] device to the SaaS endpoint in the cloud, we want to give you that visibility to make sure your team's productive. And so that's what gets me out of bed. And we're going to continue on this journey.
About the author
Dave Sobel is host of the podcast The Business of Tech, co-host of the podcast Killing IT and authored the book Virtualization: Defined. Sobel is regarded as a leading expert in the delivery of technology services, with broad experience in both technology and business. He owned and operated an IT solution provider and MSP for more than a decade, and has worked for vendors such as Level Platforms, GFI, LOGICnow and SolarWinds, leading community, event, marketing and product strategies, as well as M&A activities. Sobel has received multiple industry recognitions, including CRN Channel Chief, CRN UK A-List, Channel Futures Circle of Excellence winner, Channel Pro's 20/20 Visionaries and MSPmentor 250.