SolarWinds MSP Building New IT Systems Prior To N-able Launch

‘As we look to design the new N-able systems, we‘re going to have the benefit of all that [threat actor] knowledge and these world class experts to help us design this,’ says SolarWinds MSP President John Pagliuca.

SolarWinds MSP will need to design, build and stand up its own IT environment before launching this spring as an independent, publicly traded company called N-able.

The Durham, N.C.-based remote monitoring and management (RMM) provider will be rolling out new IT, accounting and email systems from scratch just months after Russian hackers attacked the SolarWinds Orion network monitoring platform. Although no SolarWinds MSP tools were compromised, SolarWinds MSP President John Pagliuca said his team will benefit from the knowledge SolarWinds has amassed in recent weeks.

“We‘re actually fortunate in that Tim [Brown] and the team have intimate knowledge and views as to what these bad guys did, what these threat actors did,” Pagliuca told CRN. “And as we look to design the new N-able systems, we’re going to have the benefit of all that knowledge and these world class experts to help us design this.”

[Related: 10 Bold Statements From SolarWinds MSP After The Orion Hack]

Brown will remain with the SolarWinds IT infrastructure management organization once SolarWinds MSP is spun off. He was originally supposed to move over with SolarWinds MSP following the split, but following the Orion hack, the decision was made to have SolarWinds MSP find a new CISO instead.

Pagliuca said SolarWinds MSP will be able to stand up and future-proof its new systems, environments and controls for the new N-able business with knowledge of the tactics, techniques and procedures used by the SolarWinds hackers. The company always planned to take a fresh view on N-able system design and, knowing what it does today, will take a secure-by-design approach to its infrastructure.

Although SolarWinds MSP shared its IT, accounting and email systems with SolarWinds, Pagliuca said many of the organization’s systems were already separate such as its product billings system, customer support and success system, and other go-to-market facing functions. SolarWinds MSP and SolarWinds are separate operating entities, so Pagliuca said there’s always been some separation between the two.

SolarWinds got into the solution provider business in May 2013 through its purchase of N-able to better service MSPs who support SMB clients. Then, in June 2016, SolarWinds bought N-able competitor LogicNow and brought the two remote monitoring and management (RMM) rivals together under the SolarWinds MSP banner.

The company first said in August that it was exploring a spin off of its MSP practice, and Pagliuca revealed in late December the business would revert back to the N-able name once the split is complete. Having SolarWinds in the company name following the Orion hack has been a source of confusion, he said, with MSPs having to field questions from customers worried about compromised software in their systems.

“For them [MSPs] to be able to say, ‘Hey, look, there’s this N-able brand, this N-able company,’ I do think it will take some of the pressure off of our MSPs having to answer that clarifying question,” Pagliuca said. “So, in that lens, I do think it [the name change] is beneficial.”

Aside from a security advisory on its website, SolarWinds MSP hasn’t spoken publicly about the colossal attack on its parent organization until this week. Prioritizing customer safety and communicating with investigators, coupled with making sure that everything said is verified and validated, has slowed down SolarWinds MSP’s communication, but Pagliuca felt it was absolutely the right thing to do.

Going forward, Pagliuca expects SolarWinds MSP will be able to release information at a much more steady clip since the business can more easily validate information and avoid conjecture or speculation. As more facts become known to SolarWinds MSP, Pagliuca said the company will push them out.

“For us, the goal was to make sure that we‘re cooperating with those folks [authorities], and not necessarily worrying about getting our message out there or spinning this or having some type of propaganda,” Pagliuca said. “We have to make sure that we’re focused on the investigation and doing what’s right. And validating before we would speak.”

Rich Delaney, president of Mahwah, N.J.-based Delaney Computer Services, said SolarWinds MSP has done a better job at communicating with partners recently, but not early on. “I don‘t have a lot of respect for the company because of the way they acted,” Delaney said. ”The changing the name. I think they should have taken it on the chin. It looks fishy.”

Delaney said the MSP vendor space is filled with bad companies, so he is going to hang on to what he knows.

“I think the overall industry lacks ethics and is essentially driven by protecting shareholders,” Delaney said. “Still, at this point, I don‘t want to jump out of the frying pan, into the fire. I’m sticking with them for the time being.”

With contributions from CRN Senior Editor O’Ryan Johnson