The study, the fifth annual one Kaseya has done, indicates no improvement in IT levels because the expansion of technology in SMB that has helped their businesses has kept their IT from getting more control over processes.

Kaseya has released the results of their fifth annual global IT operations benchmark survey, the “2019 State of IT Operations for Small and Midsize Businesses.” It shows how IT is coping with new threats on the security front, and increasing demands on their time, as SMBs introduce new technologies into their business that IT has to manage.

The survey covers companies from the midpoint of the SMB space into the midmarket – basically from 100 employees to 2500 or 3000. Most are in the 100 to 1000 range. Overwhelmingly, 90 plus per cent of the 400 organizations who took part globally are internal IT organizations, not MSPs. There was a strong lean towards North America, with 83 per cent of respondents coming from there.

Most of the survey’s results could best be interpreted as negative, although there are reasons for that. 35 per cent of respondents are at the lowest level of IT operational maturity (Reactive). Another 21 per cent are at the second level of maturity (Efficient). Only 11 percent of respondents said they have a strategic role in driving business innovation (Strategic).

“I would describe the results as mixed,” said Mike Puglia, Kaseya’s chief strategy officer. “When I talk to a lot of people in internal IT, the type of people I deal with in companies of this size are multi-function IT persons, where they wear multiple hats, from doing security deployments in the morning to help desk support in the afternoon. Because they do it all, they never get a chance to raise their heads up to do some process control work. They are constantly fighting fires.”

While the IT industry has introduced many tools to save techs time by automating processes, the problem is that the amount of work has expanded at a faster rate than the time that has been saved by automation.

“IT has been given more automated tools, but at the same time, the amount of work they deal with has increased at a faster rate than the efficiency provided by the automation that they have,” Puglia said. “In these types of businesses, technology has come downstream to provide the companies with new benefits, like the reminders you now get in emails from your dentist, to make sure they don’t have vacant slots during the day. But this means more things IT is responsible for. It’s not just the ability to print and have an internet connection.”

In terms of specific tasks, only 29 per cent of respondents to the survey back up their SaaS application data like Office 365 and G Suite, which is the same as last year. Only 42 per cent automate or plan to automate patch management. The same number, 42 per cent monitor third party software and apply critical patches within 30 days. Over the past three years, the percentage of respondents without formal SLAs in place has increased, from 35 per cent in 2017 to 43 per cent in 2019.

Some of this is simply ignored because its seen as a low priority given the time constraints.

“It reflects a basic lack of time,” Puglia said. “Some people say, well, Windows automatically patches itself now, so we don’t have to do that. Yes, it automatically updates – unless a user tells it don’t restart, which they often do. Many applications that have a client on it don’t update, so they are vulnerable. Most breaches are also from things that patches have been available for for four years or more, but it just hasn’t been done.”

While nearly 90 per cent of respondents back up their servers (begging the question of what the other 10 per cent think is a more important use of their time) Puglia said the lack of SaaS application data backup is just asking for trouble.

“Many think that the cloud provider is responsible, and are not aware that SaaS data backup for more than 30 days is the customer’s responsibility,” he said. “Most companies today have G Suite or Office 365, and a lot have Salesforce and nobody thinks they will go away, but when accounts get deleted, they think these companies will take care of it. But if the user lets the problem in, or deletes it, or has a malicious user – it’s gone.”

Improving security was identified as the top priority of most  respondents at 57 per cent, up from 54 percent in 2018 and 40 percent in 2017.Cybersecurity and data protection were cited as major challenges by 62 per cent.

“I’m surprised the security numbers aren’t even higher,” Puglia said.

So what are the core takeaways here for IT management?

“If you are in IT, whether internal IT or an MSP, it’s the same basic issue,” Puglia said. “You need to make sure things are patched, that backups are there and that you audit your processes. And you need to stop spending all your time fighting fires.”

There’s also a broader opportunity here for the MSP audience.

“This acceleration of technology moving downstream to small and midsize companies presents an incredible opportunity for MSPs,” Puglia stressed. “In particular, we are seeing a lot of MSPs moving upstream with co-management in certain things like patching. We are seeing a ton of that. It’s a great opportunity to cut through the noise. We have the basic building blocks. We just need to make them consistent.”