Remote monitoring and management technology needs reinvention, but its importance to the managed services community means a complete overhaul will be hard to manage. But the growth in software supply chain hacks means any attempt to increase the amount of remote control of customer IT will be met with resistance. This blog looks at the possible future for RMM technology and asks, what are the potential benefits and risks for the MSP community and its customers?

What is RMM 3.0?

The ability to manage technology remotely on behalf of a customer is the basis for all IT managed services. It is the key difference between a reactive break-fix model and a proactive managed service. Depending on an MSP’s value proposition, it may use an RMM tool, such as ConnectWise or Datto, or it may use a network monitoring and management tool, such as Domotz or Auvik, or one that combines both. In some cases, it may use a proprietary tool that allows the management of a specific vendor’s technology.

These capabilities have enabled a generation of companies to offer a much better customer experience. Of course, many other technologies are involved in an MSP’s tech stack, such as backup and disaster recovery, cybersecurity, infrastructure (on-premises or cloud), hardware devices (PCs and smartphones) and lots of other software. But to manage these tools, it all comes back to some form of remote monitoring capability.

We have come to a crossroads. With more infrastructure, workloads and applications sitting in cloud environments, RMM technology needs a reset. The current generation of remote monitoring tools is primarily on-premises and endpoint-focused. This is changing, with more cloud and user-focused RMM tools, but this also presents an opportunity for a more radical shift in the remit of these tools.

The phrase “single pane of glass” will have any MSP rolling their eyes, but putting more capability in the hands of monitoring and management tools is desirable for many reasons. For example, if RMM tools included better management functionality around third-party purchasing, licensing, patching, identity, network, backup and disaster recovery, and cybersecurity detection and response their automation capabilities would certainly improve. Imagine a combination of RMM, PSA, CRM, XDR and marketplace, a place where an MSP could manage every part of their tech stack, be it internal- or external-facing.

In this utopia, a comprehensive portal for all an MSP’s needs would save time and allow it to improve the services it offers, focusing not on administrative tasks but on differentiation. Of course, anyone reading this will hear alarm bells ringing. The risks associated with such advancements are very high. Every improvement in technology comes with an equal and opposite threat, dysfunction or failure.

A new era of risk has put RMM in the crosshairs

Putting all possible management tasks and permissions into one tool would inevitably be disastrous. Single panes of glass are also single points of threat. The MSP model itself has allowed threat actors to consolidate their work to attack one company, with access to a broader range of customers’ IT estates and billing details. Expanding the capabilities of the RMM tools core to that business model would create a risk management nightmare. MSPs are already under scrutiny, with regulations either in place or on the horizon in many countries around the world. Software supply chain hacks, such as those that targeted SolarWinds and Kaseya, have also highlighted other vulnerabilities in the tools we use. In this way, there is always concern about the level of threat posed by Microsoft’s growing influence in our technology landscape, just as there is with any major IT vendor.

So, what can be done? An RMM 3.0 does not need to be all things to all MSPs. Point products and the continued separation between management planes are not the problem. They never have been, no matter what vendors tell us about product consolidation – of course, only around that vendor’s products!

The purpose of any new RMM should be first to do well what others do badly. The endpoint is not dead. PCs, servers, routers, switches and mobile devices (among others) remain important to our ways of working and living. Current RMM providers (and any potential new entrants to the market) should first focus on delivering what MSPs really need. But there is a shift in that focus from managing the endpoint to the user and the infrastructure.

Looking into the future, managed IT will (probably) always be required, and automation cannot fully replace the human element of technology. AI is being increasingly embedded into RMM products to automate certain admin processes, such as policy deployment and scripting tools, but if RMM takes on more MDR capabilities, it will only be able to do so properly with strong AI tools. But what else could AI be used for in RMM? Could it eventually be used to automate all basic tasks across the entire customer lifecycle, from onboarding and integration to patching, license updates, billing, renewals and more? That is perhaps expecting too much, for many reasons beyond the technological but, as ever, AI is only as good as the vision and willingness of software vendors to invest in product development. And given the history of most current RMM vendors when it comes to product development, that is certainly a dream too far.

Of course, any new advance will always bring some new opportunity for exploitation. But the value that can be unlocked by managing that IT may change, and the MSP model itself may need re-thinking. Hybrid models are important today, where resell, managed services and consulting are brought together to create a more robust business for the partner and more choice for the customer. Hybrid partners make up more than 75% of the total managed services revenue delivered by channel partners. This figure is likely to get bigger, not smaller, over the coming years. These companies need the kind of RMM technology that allows them to deliver managed services across hybrid infrastructure environments in a way that focuses on users and their workloads.