N-Able CEO Pagliuca: This Isn’t ‘Your Grandad’s N-able. This Is N-able 2.0’

‘The common thread is a focus on partnership. That’s what we built our reputation on a couple of decades ago. And that’s what we continue to build our reputation on. That’s why we went back to the N-able name,’ says N-able CEO John Pagliuca following the company’s IPO.

An IPO And A Promise To Keep Focus On Security

July 20 turned out to be an interesting day for N-able. The Ottawa, Ontario-based provider of an MSP stack featuring integrated monitoring, management, security and ticketing completed its IPO and closed its eight-year-long chapter as a part of SolarWinds.

For N-able CEO John Pagliuca, the day was memorable not only because of the IPO and not only because he got to ring the NYSE bell after his company’s first trade. No, he actually broke the gavel he used to ring the bell and said it was because of the energy he gets from his employees. “We‘re breaking into a new chapter of our business,” he told CRN.

By spinning out of SolarWinds and going public, Pagliuca said N-able will be better able to serve its MSP base. “By giving a little bit more focus on each of the businesses, the SolarWinds business and the N-able business, we can deliver better results and produce more for our MSP partners,” he said.

However, much of the conversation between Pagliuca and CRN revolved around security, which has become particularly important to the MSP community in the wake of the ransomware attacks via Kaseya and other attacks targeting MSPs. Pagliuca said security is a primary focus for N-able, which is looking make sure its MSPs have a layered security defense.

Here is what Pagliuca had to say about security, the IPO and more.

First of all, what happened to the gavel?
They gave me a challenge. They said only one person before broke the gavel. So I took that as a little bit of a challenge and had a little bit of enthusiasm. We’re breaking into a new chapter of our business. So we’re pretty excited. It was the adrenaline going.

That was the gavel that hits the bell, right?

Yes. So, when a company begins its first trade, right when you hit your first trade, they hand the gavel over to the CEO to ring the bell to mark the first trade. And the trader said, ‘Go at it. This is your time.’ I said, ‘This is all of our time.’ There are 1,300 employees at N-able. So I channeled the energy of all 1,300 people. And I guess we put a dent in that thing.

Why IPO now?
A little bit over a year ago, myself, my executive team, my leadership team, and the leadership team from SolarWinds got together and put forth this plan. This was more of a culmination of that work for this transaction. … What we believed then, what I believe today, is that by giving a little bit more focus on each of the businesses, the SolarWinds business and the N-able business, we can deliver better results and produce more for our MSP partners. We can also provide more of an opportunity of growth for our employees and our team. And if you do that right, if you put more focus on your partners, a little bit more of a focus on your employees, then good things happen for the business. And that results in a better focus for the investor base and the company overall. So I’‘s really all about focusing on the priorities. When you’re part of a bigger company, you need to share the priorities, just like being part of a large family or a larger organization.

N-able was acquired by SolarWinds in 2013. ...

I call that N-able 1.0.

If you look at the N-able of 2013 prior to the acquisition by SolarWinds, and the N-able of 2021, now an independent public company, what are some of the key differences between the two?
The common thread is a focus on partnership. That’s what we built our reputation on a couple of decades ago. And that’s what we continue to build our reputation on. That’s why we went back to the N-able name. ... Along the way, we picked up a tremendous amount of assets and services for MSPs. We bought LogicNow, which is the company that I actually came from where I was CFO. And so we brought in a cloud-based platform. We brought in world-class data protection and backup and disaster recovery offerings. And we added a bunch of security offerings for MSPs.
We introduced the MSP Institute, which is our largest piece of collateral for MSPs, so that they can learn and train their people. And we built a world-class customer success team. We’ve got a huge team that is zero commission. They’re not there to make commission. They‘re there to help the MSPs.

So it’s not your grandad’s N-able. This is N-able 2.0, and it’s at scale, it’s a ‘rule of 50’ company.

What do you mean by ‘rule of 50?’

Typically speaking, a good health indicator for a software company is the ‘rule of 40.’ You take the revenue growth and you add it to the profit. So if you’re a 10 percent revenue grower at 20 percent or 30 percent EBITDA, that’s rule of 40. Typically, the industry says, ‘Hey, that’s a healthy business.’ We think that means you’re not trying hard enough. So we like to be a ‘rule of 50’ company. So we’re about a 15 percent [revenue] grower, and we’re about in the low to mid 30s from an EBITDA point of view. And we believe that’s the right mix.

What kind of investments is N-able making?

Really in three general categories. Number one, international sales and marketing. We’re building our teams and continuing to invest there. Why? Because the world is pretty much woken up to the fact that you need proactive IT help. And it doesn’t matter what size business you are. If you’re a small or medium enterprise, you can’t wait to be reactive. If something happens, you have a hiccup, you have a potential extinction event. ...

Two, we’re investing more in customer success. We’re increasing the number of folks here solely for the purpose of helping these MSPs grow. The MSP challenge is unique. It’s a technology challenge, but it‘s also a business challenge. We have people on our staff, part of our 1,300 people, that are focused on helping these MSPs grow, helping them with their marketing collateral, their pricing and packaging, and their technical support.

The third one is on product. We’re investing more in security and in our own security processes, our own tech stack, to make sure our products are of high quality and secure. But we’re also pushing on the innovation angle so we can bring more good to these MSPs. We have this platform, we add services, and then the MSPs get to consume this platform, the services that are plugged into our platform.

We’re looking to bring additional products to life [such as] a DNS filtering offering to the MSPs. There are a couple of other security offerings. We’re looking at enhancing the ability for MSPs to leverage a little bit more analytics and reporting and dashboarding so that they can get a little bit more responsiveness. Again, it’s all about that efficiency. We’re pushing along automation.

Security has become a huge issue, particularly in the MSP space, most recently with the ransomware attacks through Kaseya. Has N-able specifically identified any vulnerabilities in your RMM products?
The situation with Kaseya is obviously unfortunate, and it really validated a lot of the things I’ve been saying probably since back in 2017. For MSPs, given the nature of the business, what they do, what we do, it’s very much an asymmetrical kind of motion. That means you gain access and control to the MSPs’ passwords for the MSPs’ access. And they have the golden keys for dozens and potentially hundreds of small and medium enterprises and potentially thousands of users and workstations. And so that asymmetry really creates a ripe target for the bad guys. ...
We try to focus on three principles. We spend a good amount of money and resources on our tech stack and making sure that we’re adopting the NIST framework and looking at a layered security approach, and investing in the right resources, software and outside experts to help with that. Number two, we have employees that are focused on security. We preach internally and also to our MSPs the need to invest in the proper layered security approach. You need to have dedicated people focused on security. And the last thing, and the thing that sometimes is overlooked, is to create a culture of security. Everyone here at N-able gets constant training, and security is top of mind. We do MFA [multifactor authentication] internally. We practice and preach MFA for our MSPs.

Does N-able make MFA mandatory for its MSP partners and for its customers, or is that an opt-in?
We’ve been deploying MFA. I have to use either my texts or other means to access data on a pretty regular basis. We’ve got good controls there. We have MFA as a default option for our MSPs. We strongly urge them in our products to use MFA. We do not make it a requirement as of today. It’s something that were in constant conversation [about] with our MSP partners, thinking about the use cases. When you have a business at our scale, it’s important to make sure that you’re having a cooperative kind of conversation with these MSPs, understanding the use case before you go off and make some type of a widespread decision there. But we urge, and we default everyone, to our MFA. I’d say the MSPs are practicing in the right hygiene for the most part. And we continuously educate and advocate for it.

Would you like to see MFA be mandatory?
The Biden administration sent a letter out to companies in June where they basically did two things. They sent a warning and then a recommendation. In that warning basically they said, ‘Hey, look, if you’re not practicing the right level of diligence on security, and you think it’s going to be an inconvenience, you’re wrong. It could be an extinction event.’ Which I’ve been saying for a number of years now. ...

Their second message was we need to begin leveraging a layered security approach and practice the right hygiene. Some of the things they mentioned is having dedicated resources, having a backup and disaster recovery offering, constantly patch, leverage MFA, have better password hygiene practices. And there were a couple of others that are escaping me right now. I subscribe and align to that layered security approach.

What part of your MSP base uses N-able's RMM on-premises versus in the cloud?

We don’t really disclose the split. What I’ll tell you is the majority of MSPs are leveraging the cloud-based platforms, and we have a couple of different flavors for them.

Is there a difference in terms of the level of security between N-able’s cloud-based versus on-premises RMM?
I don‘t think of it that way. I think it’s more of a preference. Some of it has to do with security and data privacy, and some of it has to do with how the tool has been integrated in their business process. The RMM is really the central nervous system for a lot of these MSPs. This is what they live in day in and day out. So this is not a nice-to-have or a tool that they use once in a while. Their technicians are in this thing all day long.

And one of the powers of the RMM, and our RMM in particular, is automation. We provide MSP scripts that they can actually just run out of the gate. But we also give them the power to build their own scripts. And as they’re building more and more of these scripts, it elevates their efficiency. ... Where we can help automate, that elevates the margins of the MSP. It helps them grow. It makes them a healthier MSP. It helps them retain their employees because they’re not stuck doing mundane tasks.

What’s N-able’s acquisition strategy?

M&A has always been a part of our DNA. I‘m a byproduct of that. SolarWinds acquired LogicNow when I was the CFO. We look at this not as an M&A strategy, but more as [corporate development]. We start with the needs of the MSP and the needs of small and medium enterprises. Then we say, is this something we should build, partner on, or acquire. For example, we recently launched an Office 365 backup offering for data protection. That’s something that we built. It’s built into our backup platform, and it’s been a major success for MSPs and small and medium enterprises. We partnered with SentinelOne and their EDR [endpoint detection and response] offering. There, we took that SentinelOne text code stack, plugged it into our platform, put an MSP wrapper around it, and went from there. And acquire, to your point. We’ve acquired Passportal. We will acquire, but it really starts with that need. And then we decide whether or not it’s best suited for M&A.