Cutting through the noise for Canadian VARs and MSPs -- The official podcast of ChannelBuzz.ca, the independent blog covering the Canadian IT solution provider channel.
Cristin Gooderham, area vice president of Canada enterprise sales at ServiceNow This week’s In The Channel episodes have been coming live from ServiceNow’s Knowledge 2026 conference in Las Vegas, where the company made its most aggressive platform repositioning in years – moving from workflow automation into what it’s calling the Agentic Business: autonomous AI agents doing real enterprise work, governed by a platform layer that sits above everything else running in your organization. The big announcements – AI Control Tower, Action Fabric, the Go Live AI guarantee – were covered extensively earlier this week. This conversation is a different question: what does all of that actually mean if your customers are Canadian? Cristin Gooderham is area vice president of Canada enterprise sales at ServiceNow. In this conversation, she makes a case worth sitting with: the traits that have historically made Canadian enterprises slower adopters – governance-first thinking, regulatory sensitivity, preference for proven approaches – are actually an advantage in this specific moment. When the lead pitch for enterprise AI is governance and control, Canada is ahead of the curve, not behind it. She also touches on the partner ecosystem dynamic, describing a market that saw boutique ServiceNow specialists absorbed by larger integrators over the past few years, and is now seeing a new generation of AI-first specialists starting to emerge and fill that gap. For Canadian solution providers trying to figure out where they fit in the ServiceNow ecosystem, that’s an encouraging signal. And on the security side, the completed acquisitions of Armis and Veza aren’t just product additions – they’re an active attempt to bring a new category of security-domain partners into an ecosystem that hasn’t historically included them. This episode is part of our Knowledge 2026 coverage series. Also in the series: our conversation with ServiceNow SVP of global partnerships and channels Michael Park, and on Monday, EY Canada partner and national ServiceNow practice leader Steven Kiss. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. This week I’ve been at ServiceNow’s Knowledge 2026 conference in Las Vegas, where the company spent the week making the case for what it’s calling the Agentic Business – the argument that the AI pilot era is over and autonomous agents doing real enterprise work, governed by a platform layer, is the new reality. Yesterday, you heard from ServiceNow’s global channel chief on what it means for the partner model. This episode is a different question: what does it actually mean if you’re a Canadian enterprise or a Canadian partner? My guest is Cristin Gooderham, area vice president for Canada enterprise sales at ServiceNow. She’s leading the company’s go-to-market motion in Canada at what is genuinely a pivotal moment – a week where the platform her team sells just repositioned itself as the governance layer for all enterprise AI, not just workflow automation. We talked about where Canadian organizations actually are on this journey, what makes this market different from the US, and where she sees the near-term opportunity for Canadian partners. Let’s get right into it – my chat with Cristin Gooderham. Cristin, thanks for taking the time. I appreciate it. Cristin Gooderham: I’m very excited to be here. Thank you so much for taking the time with me. Robert Dutt: Well, and thanks for having me out to Knowledge to get a sense of what’s going on here. When you look at where Canadian enterprises are right now on AI adoption – a big theme obviously this week is moving from proof of concepts to proving actual value – where do you see the Canadian market in that regard? Are we ahead, behind, or is it more complicated than that? Cristin Gooderham: I wouldn’t say we’re behind. I would say we’re right on pace with what I’ve seen from my US counterparts. We have some organizations that are driving full force ahead, and then we do have some that are still stuck in that POC landscape where they’re really still struggling to define what they want AI to be for them – which is probably the biggest thing. Where we’ve seen organizations really do a tremendous job is where they’ve come with a very strong point of view of what their business challenge was and tried to look at it from an AI perspective, versus “I wonder what AI could solve for me.” Robert Dutt: The more concrete the approach, the better it sounds like. Cristin Gooderham: Absolutely. Tying everything to a business outcome that can actually, particularly if it can support revenue, is where we see organizations find not just the energy but the funding to put towards it. Robert Dutt: Bill McDermott’s framing this morning was the AI blind spot – organizations running agents without governance visibility, which has kind of been the state of play up until now. Given what you know about Canadian enterprises – whether it’s regulatory caution, public sector sensitivity, or just Canadian conservatism in terms of not wanting to be first out on that limb – do you think that message lands differently in Canada than it does in the US or other markets? Cristin Gooderham: I think for ServiceNow it lands even stronger in the Canadian market because of that conservatism. The reality is platforms like ServiceNow are really bringing to the market true visibility into your AI asset estate and the ability to actually govern and audit what is going on with your AI agents. No one is going to win the AI race by having all the agents – that’s just not a realistic expectation. But having visibility into what all those agents are doing, particularly once they start talking to each other – I think Canadian organizations are going to be very interested to have a view of that estate before they make massive investments in AI. We’ve already had those discussions with a lot of clients who really want to understand: of course we want to get AI, of course we want to find efficiency gains, but we need to do it in a way that we can govern it. That’s been a very key message, and it’s great to hear Bill reiterating it here because that’s really what ServiceNow can bring to the table. Robert Dutt: How live has that governance discussion been with clients to date? Cristin Gooderham: I would say the discussion has been very live. The implementation and action of it – we are working diligently on that piece. Where we’ve seen success is with clients in particular verticals that are far more mature with ServiceNow than others. Our banks in Canada, for example, have been invested in ServiceNow and really viewing us as a strategic platform since as early as 2010 in some cases. They’ve made investments not just from an IT point of view but have expanded into the security and risk areas of our platform. Those are the ones where we’re having the most productive discussions and are really moving quickly beyond proof of value into true value. Robert Dutt: I’m curious to what degree you see the regulatory environment as backfilling that as well – how often is it being driven by existing or coming regulation, especially in regulated industries? Cristin Gooderham: As always, the laws are typically behind the technology. What I’ve seen is that our own customers are taking a very forward-facing look at it because they know that regulation will be something to consider. We’ve had tremendous discussions on AI processing data, data at rest, Canadian sovereignty of the data. That has been a really hot topic. There’s no strong directive coming from the federal government to say all data must reside in Canada at all times. But the AI component has made it very interesting, and it’s a discussion we’re having constantly with customers. Robert Dutt: A stat that came up yesterday was that ninety percent of ServiceNow implementations globally are partner-involved or partner-delivered. What does that mix look like in Canada? What can you tell me about GSIs versus smaller partners? Are you seeing a new breed of more specialized, AI-focused partners emerging that are punching above their weight? Cristin Gooderham: The partner ecosystem in Canada is absolutely a complete mix – everything from global GSIs down to extremely unique niche partners. Over the last few years, we did see a tremendous amount of our really strong boutique partners actually get acquired by global GSIs. When I got to ServiceNow six years ago, we had a tremendous amount of point partners – ServiceNow-specialized and very focused on a particular part of our platform. That went away for a bit because so many GSIs were excited about the opportunity to expand their ServiceNow practices. Now we’re seeing the resurgence of those smaller point solution partners coming back with a ServiceNow-only, AI-first view, which has been really exciting to see. Robert Dutt: I wonder if this becomes a cycle that repeats itself as those folks grow up and we see another wave of consolidation down the road. Cristin Gooderham: Potentially, absolutely. But the opportunity for partners in Canada to focus on ServiceNow is tremendous. We’re really excited to see some of these up-and-coming partners. We had two recently launched in Western Canada – both Ardent Labs and Skymark – taking a ServiceNow-only focus, which is a very different approach than the GSIs. The GSIs are fantastic, but they look holistically. A ServiceNow-dedicated partner can really make an impact in ways a GSI won’t necessarily prioritize. Robert Dutt: One trend we’re seeing across the channel is multi-partner engagement becoming more common. You’re nodding as I say that. I’m curious what you’re seeing in terms of situations where a big GSI tags in more specialized partners to fill the bench and meet customer needs. Cristin Gooderham: It is absolutely critical and something we at ServiceNow fully support. We do it ourselves – we have our own expert services, and a lot of times we will engage niche partners to fill particular gaps. One of the areas where I see our partner ecosystem doing that a tremendous amount is in the security and risk space, because some partners are phenomenal on the overall platform but security and risk is a different skill set – it’s even a different vocabulary. I love seeing partners collaborate because it’s usually the best option for the customer. It’s the best outcome for everybody: the partners are successful, the customer is successful, and therefore ServiceNow is successful. Robert Dutt: I realize this is not how one builds out a business model, but I’m curious – as you said, there’s a rising generation of ServiceNow-focused partners. If you were to point to the greenfield, the underserviced opportunity in the Canadian market today, what would it be? Cristin Gooderham: So I’ve touched on it already – security and risk. With our acquisitions of both Armis and Veza, that is an area where we’re going to continue to invest. If ServiceNow partners are looking to expand their skill set, that is where we need additional help. When we started having the AI Control Tower discussion late last year, it was at every executive briefing the thing that made every CIO sit up and pay attention. So anything in that space is really where we’re going to need to see continued partner enablement and adoption, and hopefully new partners coming in to pick it up. Beyond that, as we continue to make moves into the CRM space, those are also going to be areas where we need additional partners. We have phenomenal partners from the US that come up and do work here, but as an opportunity for more Canadian jobs, that’s definitely an area I would point Canadian partners toward. Robert Dutt: The AI Factory and NVIDIA partnership that came up – how do you see that through a Canadian lens? Cristin Gooderham: I think the key piece is that NVIDIA and ServiceNow together have a great story. We know most of our customers are investing in NVIDIA – a number of the telcos, we’ve already had discussions with them. So it’s really an opportunity for us to continue to expand our AI footprint and help create really positive three-way relationships. As NVIDIA becomes more and more critical in every market, it’s fantastic to see that they see the value in ServiceNow – and our customers are seeing the same thing. Robert Dutt: Data sovereignty – big issue in the Canadian market. It sounded from your earlier comments like it’s not quite a hard regulatory concern yet, but how do you see it playing out? What are customers asking you about? Cristin Gooderham: Data sovereignty is a hot topic in every customer engagement we have. In the public sector space it has a tremendous amount of weight. We’ve seen a real shift from the federal government in terms of their position on sovereignty – they haven’t come out and defined very strongly what data sovereignty looks like, but it’s absolutely something we’re focused on. We announced earlier last year a large investment in Canada to build out our own isolated full stack to host all of our public sector clients, ensuring Canadians on Canadian soil are managing the data. But it does stop somewhat short of true sovereignty. The benefit of SaaS is the ability to push upgrades to customers at any given time – as soon as you move to true data sovereignty, that piece closes off. It doesn’t make it a negative, it’s just something clients need to make decisions on. Robert Dutt: With AI Control Tower coming online and the way Bill was repositioning the company around that governance layer – as almost the orchestrator of the ecosystem – how does that change the partner role? Cristin Gooderham: I don’t think it changes the partner role tremendously. As you heard in the keynote this morning, we’ve always been the platform of platforms, and we’re still advocating that message. It’s just refined itself to really focus on securing and governing the AI estate, as opposed to a more open approach. Partners are still going to be critical to help us get customers to success. But it does mean that retraining and focus into those areas – understanding the security and governance piece – is going to be critical moving forward. Robert Dutt: The security piece is so big in the channel writ large. Do you see it as another entry point for new partners to come into the ServiceNow ecosystem and add what you’re doing to what they’re doing with other vendors and their own managed services? Cristin Gooderham: Absolutely. Where I think there’s a really interesting opportunity is for more security-focused partners that perhaps haven’t focused on ServiceNow before – they’re focused on multiple different point solutions – to actually start looking at ServiceNow as another tool to put in their bag. We are having expanded security conversations all the time. I think it’s very clear through our acquisitions that this is going to be a continued focus. A security partner like Arctiq, for example – they’re already engaged a lot with us, and I believe they’re already engaged with Armis. This could be a really interesting push for them to take on more of ServiceNow. The good part is that there’s no shortage of security tools out there to take on. The challenge as a partner is the same thing – there’s no shortage of security tools to take on. Robert Dutt: Is that mindshare conversation with security-focused partners already happening, or is there a strategy to identify the right partners and get on their radar? Cristin Gooderham: Those conversations are already happening – not necessarily with the more niche individual security partners yet, but a number of the GSIs have very strong security and risk practices. We’ve had a lot of reach out from Canadian partners at organizations like KPMG, where they run a security and risk practice and are very excited about these acquisitions and wanting to discuss how this folds into their practice. So there’s definitely opportunity at every level of partner. Robert Dutt: We talked a little bit about governance, and I noticed that Bell Canada is presenting tomorrow on the subject of their governance guardrails implementation. What can you tell me about that relationship and what they’ve done? Are we starting to see a cluster of organizations moving toward that space, or is Bell still more of a bellwether? Cristin Gooderham: When we talk about Bell, we have to talk about two different angles. We have Bell as a customer – Bell Business, who are a phenomenal customer we’ve engaged with in a very long-term relationship and who have made a huge investment to innovate on the ServiceNow platform. And then underneath Bell we also have their partner, Acteamo, which is a fully Bell-backed organization that is a services partner in the Canadian ecosystem. So there’s Bell as the customer and Bell as the partner. We have phenomenal relationships with both, and we’re very excited to see what Acteamo is doing in the ecosystem. I know they’re looking to expand not only across Canada but even into the US to bring some of the learnings from working with Bell Canada to other telcos. Robert Dutt: When you’re talking to Canadian solution providers who’ve seen the announcements this week and are trying to figure out where they fit in the whole Agentic Business picture – what’s your advice on where to focus, where to build practice, where the opportunity is richest and most accessible right now in the Canadian market? Cristin Gooderham: I’ll go back to what I said at the very beginning – focus on business outcomes. Nobody is interested in a discussion on agentic AI to modernize your CMDB. It’s truly about finding problems in the organization where AI can lead to either revenue generation or true cost savings. Where partners will be successful is if they can quickly identify – whether it’s verticalized opportunities across oil and gas, telco, or retail – areas where they’ve had success before and can bring that to customers. I don’t know that there’s a single point of entry. The challenge with AI is that it can do so many things. But Canadians like to start small. They like to be able to prove something out quickly, and then they like to move fast. So I would always caution partners: look for opportunities to do just that. Start small, move quickly, and then progress to the next step. Robert Dutt: That’s great advice. I appreciate your time, especially given how busy things are. You really helped put a Canadian lens on a lot of what we’ve heard this week. Cristin Gooderham: Thank you so much. Robert Dutt: There you have it – Cristin Gooderham, area vice president for Canada enterprise sales at ServiceNow, recorded live at Knowledge 2026 in Las Vegas. I’d like to thank Cristin for her time during what was clearly a very busy week for the ServiceNow team. And thank you for listening. A few things worth pulling out of this one. First – the Canadian conservatism point. Cristin made the case that the traits that have historically made Canadian enterprises slower adopters – caution around governance, preference for proven approaches, regulatory sensitivity – are actually an advantage in this specific moment. The agentic AI conversation leads with governance. That’s a message that lands here before it lands anywhere else, and that’s an opening for partners. Second – the partner ecosystem observation. What she described is a market that went through a consolidation phase where boutique ServiceNow specialists got absorbed by larger integrators, and is now seeing a new generation of AI-first specialists starting to emerge and fill that gap again. If you’re a mid-sized Canadian solution provider trying to figure out where you fit, that’s encouraging news. And third – security as the door. The Armis and Veza acquisitions she referenced aren’t just product additions. They’re a signal that ServiceNow is actively trying to pull in a new category of security-domain partners who haven’t historically been in the ServiceNow ecosystem. If your practice is in that space, it’s worth paying attention. More from Knowledge 2026 on Monday, when I’ll have my conversation with Steven Kiss, partner and national ServiceNow practice leader at EY Canada – a conversation about what the boutique-to-big-four journey actually teaches you about where the channel is headed next. If you’re finding In The Channel useful, we’d love for you to follow or subscribe wherever you’re listening. We’re on Apple Podcasts, Spotify, YouTube, and most major directories. Ratings and reviews are always appreciated and always read. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: inforcer launches Copilot Manager: inforcer has released its new Copilot Manager feature, giving MSPs in-depth visibility into Microsoft 365 Copilot adoption and shadow AI usage across customer tenants. According to the company, as many as 80% of SMB employees are using unauthorized AI tools at work, and IBM research cited by inforcer suggests organizations with high shadow AI exposure average $670,000 more in breach costs. The tool builds on the company’s earlier Copilot Readiness Assessment and has already been trialed in beta by more than 200 MSPs globally. SUSE launches Sovereign Partners Specialization: SUSE has announced a new Sovereign Partners Specialization at its SUSECON 2026 conference in Prague, designed for MSPs and channel partners operating in sovereign cloud environments. The specialization is structured as an agile layer on top of SUSE’s existing partner program, targeting partners who already hold sovereign field certifications and know the SUSE technology stack. For Canadian solution providers, the timing aligns with accelerating data sovereignty requirements under OSFI E-21 and Quebec’s Law 25. Cayosoft launches Microsoft Migration Services: Cayosoft has launched a full-cycle Microsoft identity migration service delivered in partnership with XMS Solutions, covering Active Directory, Entra ID, Microsoft 365, Exchange, SharePoint, and Teams. According to the company, the offering addresses the security exposure that persists after migrations that close on schedule but leave behind broken permissions and unmanaged identity drift. The service spans pre-migration assessment through post-migration monitoring and governance. Kaseya unveils Agentic IT Management Platform: Kaseya has announced what it is calling the first Agentic IT Management Platform, powered by a proprietary dataset the company calls Kaseya Intelligence, combining real-world IT data with an execution layer designed to act autonomously on behalf of MSPs. GuidePoint Security wins CrowdStrike Americas Partner of the Year: GuidePoint Security has been named CrowdStrike’s 2026 Americas Partner of the Year after the two companies surpassed $1 billion in cumulative joint sales, a milestone the company is positioning as validation of its managed security practice. Dyna Software showcases Platform Copilot at Knowledge 2026: Dyna Software is demonstrating Platform Copilot at ServiceNow Knowledge 2026, positioning the tool as a way to generate ServiceNow environment configurations from natural language inputs and images, reducing prototyping time for implementation partners. Kyndryl pushes AI deeper into IT operations: Kyndryl has announced updates expanding autonomous AI capabilities across its global IT operations practice, extending AI-assisted resolution workflows for its managed services engagements. Upwind adds Windows Server runtime visibility: Upwind has launched runtime visibility support for Windows Server virtual machines running across AWS, Azure, and Google Cloud Platform, closing a cross-platform gap in its cloud-native security coverage. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Friday, May 8, 2026, and here’s what’s happening in the channel today. Managing Microsoft 365 Copilot is becoming a genuine operational challenge for MSPs, and a company called inforcer is positioning itself as the answer with the launch of its new Copilot Manager feature. The company, which makes Microsoft 365 multi-tenant management software for managed service providers, says Copilot Manager gives partners in-depth visibility into Copilot adoption trends across all client tenants, and – critically – the ability to monitor shadow AI usage. According to inforcer, as many as eighty percent of SMB employees are bringing their own AI tools to work, using unauthorized or open-source applications that increase the risk of data leakage. The company cites IBM research suggesting one in five organizations have experienced a breach due to shadow AI, with those carrying high shadow AI exposure averaging six hundred and seventy thousand dollars more in breach costs. The business case here is straightforward for solution providers. Copilot has crossed twenty million paid seats. The licensing is in motion. What most MSPs lack is the infrastructure to make Copilot governance a repeatable, billable service rather than a one-time check-in conversation. Copilot Manager has already been trialed in beta by more than two hundred MSPs globally, and the company says it builds directly on a Copilot Readiness Assessment tool released last year, giving partners a documented progression from pre-sales evaluation through ongoing managed AI services. SUSE has launched a new Sovereign Partners Specialization as part of its channel program, a move that carries meaningful implications for the Canadian market. The announcement came at the company’s annual SUSECON conference in Prague last month, with details emerging publicly this week. SUSE is positioning the specialization as an agile layer on top of its existing partner program, designed specifically for early-mover partners who already hold sovereign field certifications and are invested in the sovereign technology market. According to Hayley Wienszczak, SUSE’s head of global partner programs and success, the initial go-to-market will focus on existing SUSE MSPs who know the technology stack, working jointly to onboard the first reference customers onto a full SUSE sovereign stack. More than ninety-eight percent of SUSE’s business runs through partners, and the company is framing the sovereign play as an opportunity to lock in that partner ecosystem around an emerging but fast-growing requirement. For Canadian MSPs, the timing aligns with accelerating regulatory pressure around data sovereignty – OSFI’s E-21 guideline on technology and third-party risk, Quebec’s Law 25, and federal Protected B requirements are all pushing enterprise buyers toward environments where data residency is a verifiable, contractual commitment rather than a vendor promise. SUSE is also opening co-sell registration to ISVs and system integrators alongside MSPs as part of the same program update. Earlier this week, Cayosoft launched a full-cycle Microsoft identity migration service that it says is designed to address the ongoing risk that sits inside most Active Directory and Entra ID environments. The offering, called Cayosoft Microsoft Migration Services, is being delivered in partnership with XMS Solutions, a long-time provider of migration and cybersecurity services. According to the company, the service covers Active Directory, Entra ID, Microsoft 365, Exchange, SharePoint, Teams, and related identity infrastructure, and spans the complete lifecycle from pre-migration assessment through phased execution, data integrity validation, and post-migration monitoring, governance, and recovery. The launch targets a specific and frequently mismanaged problem: migrations that declare success on go-live day while leaving behind broken permissions, duplicated identities, and poorly governed access that creates security exposure for months afterward. Cayosoft is specifically calling out M&A, divestitures, and consolidation scenarios as high-risk contexts. For Microsoft-focused channel partners, the model Cayosoft is describing – migration as the front door into a longer-term identity management and recovery engagement – represents a services motion that can extend well beyond the initial project. Partners who have historically treated Active Directory migrations as one-time engagements may find this a useful framework for repackaging that work as an ongoing managed practice. In Brief Kaseya has unveiled what it is calling the first Agentic IT Management Platform, powered by a proprietary dataset the company calls Kaseya Intelligence. GuidePoint Security has been named CrowdStrike’s 2026 Americas Partner of the Year after the two companies surpassed one billion dollars in cumulative joint sales. Dyna Software is showcasing its Platform Copilot at ServiceNow Knowledge 2026, positioning the tool as a way to generate ServiceNow configurations from natural language and images. Kyndryl has announced updates pushing AI deeper into its IT operations practice, expanding autonomous resolution capabilities across its global managed services engagements. Upwind has launched new runtime visibility support for Windows Server virtual machines across AWS, Azure, and Google Cloud Platform, addressing a gap in cross-platform endpoint coverage. Full details and links in the show notes or the blog post. Later today on In The Channel, we continue our Knowledge 2026 series with Cristin Gooderham, area vice president of Canada enterprise sales at ServiceNow, on what the shift to agentic business looks like from a Canadian market perspective. And if you haven’t heard it yet, yesterday on In The Channel we published my conversation with Michael Park, ServiceNow’s global channel chief, on why the company put its AI product leader in charge of the channel – and what that means for how partners get built and compensated going forward. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Michael Park, senior vice president of global partnerships and channels at ServiceNow Recorded live at ServiceNow‘s Knowledge 2026 conference in Las Vegas, this episode features Michael Park, ServiceNow’s senior vice president of global partnerships and channels – a channel chief who came not from sales or alliances, but from leading AI go-to-market strategy for ServiceNow itself. Park explains why that appointment was intentional: scaling the partner organization for the agentic era requires the same mindset he applied to bringing AI to market – sitting at the intersection of customer demand, business model, and technology innovation, and being willing to rethink locked-in patterns. The conversation covers the mechanics of ServiceNow’s new Go Live AI guarantee – a 100-day production commitment that Park confirms is a program, not a promotion. In its current form, ServiceNow primes the delivery with partners sub-primed into the model. The stated intent is to eventually syndicate priming capability out to the partner network directly. Park also addresses the compression of traditional services work – implementation, configuration, and upgrades – and the new competencies partners will need to build around AI Control Tower administration, Action Fabric and MCP integration, and outcome-driven services built on platform telemetry. On partner economics, Park makes the case that focused ServiceNow partners will see higher operating margins as the same platform skill set applies across every buying center – IT, HR, CRM, procurement – reducing the per-resource cost of expanding into new practice areas. Also discussed: the opportunity for security-domain partners who haven’t traditionally engaged with ServiceNow to build new practices anchored in the Armis and Veza acquisitions, and the recent change making AI certification native to every ServiceNow product tier rather than a premium add-on. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. I’m recording this from Las Vegas, where I’ve spent the last few days at ServiceNow’s Knowledge 2026 conference. The big theme of the week has been what ServiceNow is calling the Agentic Business – the idea that we’ve moved past the AI pilot era and into a world where autonomous AI agents are doing real work, governed by a platform layer that sits above everything else running in your enterprise. That governance layer – ServiceNow’s AI Control Tower – is central to how the company is repositioning itself. And it raises a real question for the channel. If ServiceNow is now the arbiter of how AI gets governed and orchestrated across the enterprise, what does that mean for partners? Who do they want to work with? How does the delivery model change? And how do you build a services business in a world where the traditional implementation and configuration work is being compressed by AI itself? My guest today is the person who has to answer those questions for a living. Michael Park is the senior vice president of global partnerships and channels at ServiceNow. What makes his appointment interesting is that he didn’t come up through channel sales or alliances. He most recently led AI go-to-market strategy for ServiceNow before being tapped to run the partner organization. It’s a deliberate choice, and it says something about how the company is thinking about what the channel needs to be right now. Let’s get right into it – my chat with Michael Park. Michael, thanks for taking the time. I appreciate it. Michael Park: Great to be here. Robert Dutt: You have an interesting background coming into leading the partner organization, coming from the product strategy side – and particularly given where we sit, with the topic du jour being AI product strategy. Was that an intentional path on ServiceNow’s part? And if it was, what does it say about how the organization at large is thinking about where the partner organization needs to be right now? Michael Park: Yeah, I think it was intentional by Bill and the management team. The AI stuff is relatively new. And having the opportunity to lead AI go-to-market from the beginning, and helping the organization as a whole go from zero to where we are now with it – when you’re first in, you learn a lot. The good and the bad. And I think that first year in the job, I did over 500 actual customer meetings, just explaining what AI is, how to get to value with it, what the platform is. And so I think when we started looking at where the market’s going, we realized that ServiceNow is on a wonderful trajectory for where we’ve come over the last twenty years. But for the next generation, what we need to do is take everything we know and figure out how we build for scale to enable the partners to execute with even greater scale. And so a big part of that was taking what I know, moving it over to the channel, and then driving the channel. And so as you heard yesterday from the mantra of our whole operating strategy – we must be first customer obsessed, and we do it in a way that we’re AI led. But then we deliver it in a way that we’re partner empowered. And so it’s a very simple mantra that keeps the GPC, the Global Partner and Channel organization, grounded in what we’re here to do. Robert Dutt: A lot of channel chiefs tend to come up through sales, maybe through alliances, occasionally through marketing. When you’re coming in from the lens that you have – having led AI product – what do you see that you think a traditional channel chief might not? Where are the blind spots, since that was one of the words of the day on the main stage earlier, in how the industry has been thinking about how partner programs and partner value are structured? Michael Park: Well, if you go back all the way through my resume, I’ve been in and out of product, marketing, and sales jobs. And so my special skill is that I’ve been able to sit at the intersection of customer demand, the business model, and technology innovation – and I can translate between those three. And so really the only difference with AI right now is the pattern for thirty years has really been the same as new technologies come in. It’s just happening a lot faster. The floor of adoption has become easier because of the way you can administer an LLM, which has raised the ceiling on what the art of the possible is. And so I think what I would say is it’s not so much about the skill set of a channel leader or a product leader. It’s the ability to think in an agile way, to really free your mind from a locked-in pattern – to understand the need, the technology, and the business model, and say, hey, is there a better way to create a new outcome here? And that’s where I’m seeing the real great leaders emerge. I also think the other thing about AI is that the change management required to administer value creation at this kind of speed requires real conviction and the ability to really understand change management. Because the tech is the tech – but changing the behavior, the mindset of somebody, while there’s also the looming threat of job insecurity, everything else going on in this world, things changing so fast for a lot of people that aren’t used to changing fast – it’s as much about the leadership mindset of change management as it is the adoption of the new technology. Robert Dutt: With AI Control Tower, it seems like there’s a real effort to position ServiceNow as the governance layer – even more so than before – sitting above everything else running in an enterprise. Does that change what you need from partners, who you partner with, or how you deepen relationships as you build out the orchestration-plus-governance story? Michael Park: I think the channel is always evolving to meet the needs of the market. And what is happening now is you’ve seen this enormous surge of token consumption happen in the last two years. Now, whether you’re getting the return on investment for all those tokens you’re paying for is another question altogether. But the other constant we see in the enterprise is that there’s not one platform. There are multiple platforms people are using, multiple elements, multiple agents being built. And one of the inconsistencies there is – do you have a consistent way of setting thresholds on token consumption across platforms in a unified way? Do you have a way to administer compliance and security or risk management protocols over MCP servers that different groups are building on different platforms? Can you administer a regulatory or company-specific compliance policy across multiple agents on multiple platforms? And today’s answer is no, no, no, no. So we see this incredible opportunity – because, Rob, in many ways we’re already in the game. We have this product called IRM, integrated risk management, where we do cross-company compliance and risk management and security modeling for many industries – banking, healthcare, manufacturing, etc. And so this is just a natural-order expansion of where we’re coming from in the context of integrated risk management, and even IT services management, because at the end of the day that’s a catalog of IT assets being managed, with life cycles being managed in relation to employees. So AI Control Tower is just the next evolution, saying: regardless of what the asset is in the AI world, we will tag it, we will track it, and we will administer policy, compliance, performance, and risk management over it – the same way we’ve done for IT, the same way we do for integrated risk. So those partners that have been with us on that journey, it’s a natural progression for them. But then with the acquisition of Veza and Armis, it takes us into an even deeper realm of security. With Veza, with identity – so that as every agent stands up and more non-human identities are set up, we have secure identity management over every one of those assets, easily administered as part of AI Control Tower. And then with Armis, the OT element – really being able to tag beyond just IT, any asset in the enterprise, and administer the same process with AI Control Tower – makes it very, very powerful in what we can do in a multi-vendor way. Like our game, as you heard from Bill today, is we’re friendly to all, because we can administer a common policy over anybody that wants to play with it. And that’s a slightly different approach right now. Robert Dutt: Security and governance – such a big area, such a hot spot in the channel, and one that a really broad variety of partners play in. Do you see an opportunity to reach out to partners who maybe historically haven’t been in the ServiceNow sphere, as a result of going deeper into the security space? Michael Park: Lots and lots of opportunity. If you look at the history of ServiceNow up until recently, most of our channel was activated as a mechanism to implement software – ServiceNow software that ServiceNow direct sales sold. But now that we’re surpassing the fifteen billion dollar mark and continuing to grow at twenty percent, the opportunity for us to scale has to be more leveraged through different partner ecosystems, many of which we’re not even tapped into yet. So there’s going to be growth for the existing partners who continue to grow with us. And then as we get into new buying centers, there are going to be lots of partners already existing in the security domain who will be able to use Veza and Armis and the new AI Control Tower as a way to extend their security practice and build new practices on ServiceNow that they haven’t had before. And what I like about that is they have domain expertise in security that we don’t – but we have a platform and technology that they don’t. And the two make well together, just as much as one of our more traditional partners who really understands ServiceNow but is entering a new domain. Robert Dutt: One of the big topics here at the event writ large has been getting past proof of concept – past “the board’s excited about AI, so we have to do AI” – to AI that actually proves its value in business outcomes. Can you tell me a little bit about what you’re doing in terms of enablement to help partners realize that opportunity and have the skill sets and tools they need? Michael Park: Yeah, this goes to the operating strategy of what we call AI led. And for us, AI led starts with my own organization, GPC. When I took the job a year ago, one of the operating strategies I laid down is: if we cannot ourselves be AI fluent in the way we operate with our partners, we cannot expect our partners to be AI fluent. So we’ve been using the ServiceNow technology, we’ve been using Claude, we’ve been using Copilot, we’ve been using a couple of other vendors to basically operate the ServiceNow Global Partners and Channels group. The content we create, the policies we administer, the training we do – it’s all been agentified now. In the last year, we’ve been able to identify about thirty-four percent of the redundant work that doesn’t add a lot of value. We’ve administered it away – either automated it or built AI agents to do that work. And we’re reorienting our people toward the more value-added work that is literally facing the partner, to help them drive business. And if you go out and talk to partners, they will tell you – yeah, we’re kind of seeing that from ServiceNow. We expect that over time our partners will also pick that up. So if you think about the opportunity for partners – all that we’ve done is also shaping into the enablement we’re building. For example, we have a hundred billion workflows today that are already operating, most of which are not yet agentified. So we don’t have to go build from scratch. We have to go agentify the workflows that are already running. It’s a huge opportunity for partners that we cannot possibly administer directly on our own without them. One of the unique things about ServiceNow is that ninety percent of the deployments we do are actually done through partners. Only ten percent is direct. So the partner already plays an important role. But we want them to go beyond that – because in this new world of AI, as we talked about in the keynote, the installation, implementation, configuration, and upgrade work will get agentified in the next two years. So the services they’ve been driving for twenty or thirty years are going to get compressed into a smaller order effect. But the new services we need require the skill sets we were just talking about – knowing how to use AI Control Tower, administering data graph connections, learning how to use multiple models of inference to plug in and call the ServiceNow workflow. These are all new value-added services that will help re-engineer a company. And it was also why I was reinforcing the value calculator assessment tool – you can’t just sell AI. You have to be able to articulate what the ROI is, what the benefit is, quantified from the telemetry of what you’re getting out of the platform. We’ve delivered that baseline telemetry and asked partners to take it, learn it, and make it theirs. It’s not a completed product – we expect them to put their special sauce on it and then bring it to the customer. And then on top of that, we announced outcome-driven services, which is using that analytics baseline to drive into defining the business outcome and quantifying it – rather than just billing time and materials the old school way. Robert Dutt: As that shift happens – as workflows become more autonomous, more agentic, and per-seat starts to feel like a legacy metric – how does that change how you think about partner incentives and compensation? Does the model shift toward outcome-based, consumption-based, something else? And how do you make sure partners can actually build a business around that transition? Michael Park: The way we measure partner value contribution today is what we call sourced. The partner is sourcing value to ServiceNow – they’re bringing us a customer. Whether that’s licenses or consumption of AI, it’s still sourced. So the metrics we hold partners accountable to – sourced and adoption – don’t change. What changes is the speed. What we expect now is that partners won’t source something that takes three years to deliver. We expect partners to source in a hundred days, deliver the first point of value in a hundred days, then do the next one in a hundred days, and then the next one and the next one. So in five hundred days you’ve had five points of sourced value creation and adoption – versus the old way, where you do one source point and three years later you come out with some kind of value. And so that I think is the new model. And this is where ServiceNow’s platform is uniquely suited. If you go learn the ServiceNow platform, you can start in IT, move to HR, move to CRM, move to procurement. But the tools to build the agents, the tools to do the data connectors, the querying and reporting, the declarative modeling, the tools to call MCP – it’s the exact same across every different buying center. So the business model leverage for the partner is: once they’re trained up on the ServiceNow platform, they can administer and monetize any kind of workflow above it using the same skill set. The economics will be a higher operating cash flow margin per dollar of resource invested in the ServiceNow practice versus any other technology out there. Robert Dutt: You opened the door with the words “hundred days” there. One of the big things you teed up on Monday, and then Bill talked about this morning, was the Go Live AI guarantee – the idea of a hundred days to real, active, measurable ROI on AI, as a guarantee. How does that work with partners? What’s the mechanic? Is there a co-delivery model, a financial backstop? And what does a partner need to do to carry that guarantee to a customer? Michael Park: We had a number of partners step into the offer. We shared it with our most accredited partners first and asked them if they’d be interested. And we had quite a few step in. We will prime. So the first way out, ServiceNow will prime that particular service. It’s a paid service the customer pays for. Upon delivery of the hundred days of service is when the last leg of that service bill comes. The way the model will work with a partner is the partner will be sub-primed into the prime model for some period of time, until we can get the operating model strong. Then as we do that – as we get the tooling and the procedures right – we’ll syndicate that out to the partner network so they can do it on their own and actually prime on their own. But the first way, we need to prime just to get it right. The key is making sure we’re taking that learning and thinking about scaling and syndicating the model so that it’s not taking services from the partner – it’s actually replacing the proof of concept. Because typically a proof of concept takes about a hundred days. But if the platform’s already in, on ServiceNow, and the workflow’s already running, and all we have to do is activate the AI agent – which as you saw on stage is already built – then the risk is just turning it on out of the box. So the precondition of this service is that you have to deploy the out-of-the-box stuff we built, because we’re confident and we’ve seen enough that we know we can get the partner and the customer to value under a hundred days. And then the beauty is: once you’ve got that point of value in the hundred days and you’ve proven it, the next projects come online very quickly. What we believe will happen is the hundred days leads to an expansion of book of business for the partners, because once that’s in, the customer will want to start more projects. Robert Dutt: By nature, you’re saying that over time this is going to trickle down to situations where partners are prime. I’m assuming this is an ongoing thing – more program than promo, it sounds like. Michael Park: Yeah – it’s a program, it’s not a promo. The promo was the Control Tower offer. That was the promo, direct to customer. But the prime offer is going to be there for a while. The last meeting I was just in, a partner said, “we’re all in because we’re already doing it – we’re going to run this in parallel to you guys. But what we like about it is if you’re going to run a program around it and create that brand and your sellers are going to activate it, we will come in behind you.” So I think the smarter partners are already on board starting to do it that way. Because the key is we can easily get this into a customer who is already up and running with ServiceNow on the core workflows – all we’re doing is activating the agentic workflow on top of it. Robert Dutt: Action Fabric was another one of the big announcements – opening the platform to external AI models via MCP. It’s interesting – you’ve got that opening motion going one way with Action Fabric, and then the opening going the other way with AI Control Tower keeping an eye on things from above. Michael Park: Correct. Robert Dutt: Specifically around the MCP side – are you seeing partners start to build proprietary agent skills or vertical IP on top of ServiceNow that they’re bringing to market as their own? And is that something you’re actively encouraging as a route to market? Michael Park: It’s actually called Action Fabric – I think Bill described it as Agent Fabric, but regardless of what you call it, it is basically calling the full power of the automation runtime of ServiceNow. What I think will happen is lots of different kinds of partners will be able to use their domain expertise in a particular industry, geography, or segment, identify a problem to be solved, use an LLM to gain inference off the data sets that feed it, and then very easily call the ServiceNow runtime to deliver the workflow. And hopefully AI Control Tower will sit on top of that and administer all the other AI components that might be feeding other workflows around it. The key is to set up for flexibility in different patterns. Some people will come in through an MCP server because they’re building something on the outside. Others will choose to use ServiceNow’s build-agent capability and build inside the ServiceNow platform. Others will basically say, I’m already building on five other agent platforms and I’m just going to put AI Control Tower on top to administer common control. The design point is to create flexibility for the customer – to give them the options they need without slowing them down or forcing them into a particular angle. The flip side is: if we just say “here’s ServiceNow, build whatever MCP server you want” without Action Fabric, that’s going to create all kinds of problems. Everyone will create MCP servers against ServiceNow that aren’t properly administered, there’ll be performance issues, and then the question becomes, “that ServiceNow stuff’s not working” – and we’ll be saying, yeah, because you built an MCP server the wrong way. So part of this is about setting patterns that can be replicated with high security, high scale, and high repeatability, by either the customer or the partner, in safe, secure, high-performance ways. Robert Dutt: Last one for me – a partner comes to you and says, I want to be one of your top AI delivery partners in the next couple of years. What do you need them to build, to be, to do, to have, that maybe they don’t today? Michael Park: We have a certification path to all of the different kinds of skills a partner may choose to be in. And we just introduced our new SKU structure for ServiceNow products. In the past, you actually had to buy the highest tier SKU to get AI. What changed just a few weeks ago is that even in the base tier product, AI is naturally embedded. So AI – and certification – becomes a consequence of every single product we sell now. What we’ve done in getting partners ready for that is: the AI certification used to stand separately. You had to go get it. Now it’s natively built into every product they’re getting activated on. And the beauty is that our products are all built from the same platform – so once you learn the AI capability natively in IT, it’s the same capability in HR, in procurement, in ERP. That makes getting the partner ecosystem up to speed technically much, much easier. Robert Dutt: Michael, I’m sure it’s a busy week and a half for you, but I appreciate your taking the time. Michael Park: Happy to. Thanks for the time. Robert Dutt: There you have it – Michael Park, senior vice president of global partnerships and channels from ServiceNow, live at Knowledge 2026 in Las Vegas. I’d like to thank Michael for his time, especially in the middle of what is clearly a very full week for the ServiceNow team. And thank you for listening. A few things I’d pull out of this conversation as worth sitting with. First, on the Go Live AI guarantee – Michael was pretty explicit that this is a program, not a promotion. The current model has ServiceNow as prime, with partners sub-primed into the delivery. But the stated intent is to syndicate that model out so partners can eventually carry it themselves. If you’re a ServiceNow partner and you’re not already thinking about how your practice gets certified to prime a hundred-day engagement, that’s a conversation worth starting now rather than later. Second, the services compression point is real and worth taking seriously. Michael said it plainly – implementation, configuration, and upgrade work is going to get compressed in the next two years. The partners who come out ahead are going to be the ones who’ve already built the new competencies: AI Control Tower administration, Action Fabric and MCP integration, outcome-driven services built on telemetry. Those are the new billable skills. And third, I found the economics argument compelling. The platform leverage point – that the same skill set applies across IT, HR, CRM, procurement, and every other buying center on the ServiceNow platform – is a real differentiator for partners who go deep on ServiceNow versus spreading across multiple vendors. Five sourced value points in five hundred days versus one in three years is a different kind of business. More from Knowledge 2026 coming later this week, including the Canadian and GSI perspective on what all these announcements actually mean for the local market back home. If you’re finding In The Channel useful, we’d love for you to follow or subscribe wherever you’re listening. We’re on Apple Podcasts, Spotify, YouTube, and most major directories. Ratings and reviews are always appreciated and always read. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: WatchGuard acquires Perimeters.io: WatchGuard Technologies announced Wednesday it has acquired identity threat management startup Perimeters.io. According to the company, the deal introduces WatchGuard Cloud Detection and Response (CloudDR), an AI-first solution built for MSPs to handle identity threats and shadow AI across more than 40 enterprise applications, including Microsoft 365, OpenAI, and Salesforce. The move allows Canadian partners to protect customer identities and govern AI adoption without adding significant overhead to their managed security stacks. Meter launches $100M partner fund: Networking startup Meter launched a one hundred million dollar partner fund Wednesday, positioning it as a financial mechanism to accelerate channel growth and challenge established networking vendors. Solution providers can leverage the fund to offer customers a pure Networking-as-a-Service model, where Meter owns and manages the hardware, software, and upgrades. The move gives partners a concrete commercial argument to shift mid-market client conversations from capital expenditures to predictable operating expenses. ServiceNow and Tanium announce Autonomous IT solution: At ServiceNow Knowledge 2026 in Las Vegas, ServiceNow and Tanium announced a joint offering called ITOM AI Prime powered by Tanium, integrating Tanium’s Autonomous IT Platform with ServiceNow’s IT Operations Management workflows and AI agents. According to the companies, the integration creates a closed loop between real-time endpoint intelligence and workflow orchestration, allowing issues to be detected, resolved, and verified without manual intervention. The announcement came alongside Day 2 keynote remarks from ServiceNow president Amit Zavery, who confirmed full MCP client connectivity support as part of the company’s Workflow Data Fabric. GTIA board updates: The Global Technology Industry Association has appointed Andrew Allen, Jennifer Baier Anaya, and Jennifer Roy to its board of directors. The newly elected voting members join Chair Scott Barlow and Vice Chair Rob Rae to advance the strategic direction of the IT channel. NVIDIA and Corning partnership: NVIDIA and Corning have announced a long-term partnership aimed at strengthening U.S. manufacturing for artificial intelligence infrastructure. The collaboration is expected to address ongoing supply chain constraints for essential AI hardware components. SAP acquires Dremio and Prior Labs: Enterprise software giant SAP has acquired data management company Dremio and AI startup Prior Labs to build out infrastructure capabilities for enterprise AI initiatives. According to SAP, the technology will be integrated to create a more unified data layer for its ERP customers, enabling generative AI applications without requiring complex data movement. Millennium Micro at ITSec: Millennium Micro‘s Philippe Fortier, director of Quebec and Maritimes, outlined the operational impact of Quebec’s new baseline cybersecurity regulations on MSPs during a keynote at ITSec 2026. The session focused on helping regional partners navigate the compliance burden for their SMB clients. Apple processor exploration: Apple is reportedly exploring partnerships with Intel and Samsung to manufacture its next generation of device processors, in a potential shift from the company’s long-standing reliance on TSMC. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Thursday, May 7, 2026, and here’s what’s happening in the channel today. WatchGuard Technologies announced yesterday that it has acquired Perimeters.io, marking a significant expansion into identity threat management. According to the company, the deal introduces WatchGuard Cloud Detection and Response, or CloudDR, an AI-first solution built specifically for managed service providers to handle identity threats and shadow AI. The new offering reportedly covers more than forty enterprise applications, including Microsoft 365, OpenAI, and Salesforce. In a statement, WatchGuard noted that this acquisition is designed to integrate identity threat detection and response, or ITDR, directly into its existing unified security platform. The company is positioning CloudDR as a tool that enables partners to detect anomalous behavior and unauthorized access across distributed cloud environments. This matters locally because managing SaaS sprawl and unauthorized AI usage is rapidly becoming a primary operational headache for the channel. Integrating these capabilities into an existing platform reduces the need to bolt on disparate security tools. The move allows Canadian partners to protect customer identities and govern AI adoption without adding significant overhead or vendor complexity to their managed security stacks. Networking startup Meter launched a one hundred million dollar partner fund yesterday, signaling a direct challenge to traditional networking vendors. The company is positioning the fund as a financial mechanism to accelerate channel growth and disrupt established enterprise networking deployments. According to Meter, the capital is designed to remove the friction of upfront hardware costs for customers while ensuring partners are compensated immediately. Solution providers can leverage the fund to offer customers a pure Networking-as-a-Service model, where Meter owns and manages the hardware, software, and upgrades. The channel implication here is substantial. Traditional networking deployments often tie up significant customer capital and require solution providers to manage complex hardware refresh cycles. Meter’s approach gives networking-focused partners a compelling commercial argument when competing for mid-market infrastructure deals – shifting client conversations from capital expenditures to predictable operating expenses while preserving their own margin and cash flow. ServiceNow’s Knowledge 2026 conference in Las Vegas closed its second day of major announcements yesterday, with the company unveiling a joint Autonomous IT solution alongside endpoint intelligence vendor Tanium. The new offering, called ITOM AI Prime powered by Tanium, integrates Tanium’s Autonomous IT Platform with ServiceNow’s IT Operations Management workflows and AI agents. According to the companies, the integration creates a closed loop between Tanium’s real-time endpoint intelligence and ServiceNow’s workflow orchestration, allowing issues to be detected, resolved, and verified without manual intervention. ServiceNow noted it is already a Tanium customer, with the company stating its 90 percent autonomous Level 1 service desk runs on the platform. The announcement came alongside Day 2 keynote remarks from ServiceNow president Amit Zavery, who outlined what the company calls its Blueprint for Agentic Business – a platform strategy built around connecting enterprise data, applying governance controls, and enabling AI to act across systems of record. Zavery also confirmed full MCP client connectivity support as part of the company’s Workflow Data Fabric. For channel partners who are building managed services practices around IT automation, the tighter Tanium integration is a signal of where platform-level AI operations are heading. In Brief The Global Technology Industry Association has appointed Andrew Allen, Jennifer Baier Anaya, and Jennifer Roy to its board of directors. NVIDIA and Corning have announced a long-term partnership to strengthen U.S. manufacturing for artificial intelligence infrastructure. SAP has acquired data management company Dremio and AI startup Prior Labs to build out infrastructure capabilities for enterprise AI initiatives. Millennium Micro’s Philippe Fortier, director of Quebec and Maritimes, outlined the operational impact of Quebec’s new baseline cybersecurity regulations on managed service providers during a keynote at ITSec 2026. Apple is reportedly exploring partnerships with Intel and Samsung to manufacture its next generation of device processors. Full details and links in the show notes or the blog post. Later today on In The Channel, we go deep on the ServiceNow partner model with the company’s senior vice president of global partnerships and channels, Michael Park – including the mechanics of the 100-day Go Live AI guarantee and what the compression of traditional services work actually means for solution providers. And if you haven’t heard it yet, yesterday’s episode with Cynomi Chief Evangelist Tim Coach on third-party risk management is worth your time – specifically the recurring revenue opportunity hiding in your clients’ vendor stack. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Bill McDermott, CEO of ServiceNow This is a Reporter’s Notebook episode – no guest, just some thoughts from the ground at ServiceNow‘s Knowledge 2026conference in Las Vegas. Earlier on Tuesday I spent about 40 minutes in a press fireside chat with ServiceNow chairman and CEO Bill McDermott. He’s one of the most practiced executives in enterprise technology, and he came with big takes. This episode skips the valuation conversation and focuses on what he said about where the industry is going. Three arguments are worth pulling out. First: the AI race isn’t won by the best model – it’s won by whoever can make AI deterministic and governable enough to actually run an enterprise on. “Governance isn’t a feature. It’s the whole ball game.” Second: AI isn’t optional, it’s arithmetic. With a projected shortage of 50 million workers globally by 2030, McDermott’s argument is that AI isn’t coming for your job – it’s coming to fill the jobs there won’t be enough people to do. Third: ServiceNow’s platform, with a hundred billion workflows already running, was always the foundation AI needed to land on. The stat that lingered longest: by McDermott’s own accounting, only one in ten enterprises has actually moved AI into a real, impactful business process. Which means for most of your customers, the agentic business isn’t something they’re navigating yet. It’s something they’re aspiring to. And that’s the channel opportunity. Read Full Transcript Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. A rare double-up on In The Channel today. We've already dropped a great interview with Tim Coach from Cynomi on third party risk management. But this is something different altogether. This is a what I like to call a Reporter’s Notebook episode – no guest, just me and some thoughts I want to share from my time on the ground at ServiceNow’s Knowledge 2026 conference in Las Vegas. Specifically, I spent about 40 minutes in a room with ServiceNow chairman and CEO Bill McDermott, along with my peers in the indsutry press, in a fireside chat format. You know, I'm always somehow just a tiny bit disappointed when there's not an actual fireplace. But I digress. McDermott is one of the most practiced and polished executives in enterprise technology – he knows exactly what he’s doing when he talks to press. But he’s also genuinely quotable in a way that a lot of enterprise CEOs aren’t, and I came out of that session with a few things I wanted to think out loud about. Fair warning: he spent a meaningful amount of time on the ServiceNow valuation story and the disconnect between where Wall Street has the stock and where he thinks the business is going. I’m going to mostly skip that part. You’re solution providers, not analysts or institutional investors. What I want to talk about is what he said about where the industry is going, because I thought it was worth unpacking. So. The line that’s stuck with me since I walked out of that room. “Governance isn’t a feature. It’s the whole ball game.” That’s the sentence I’d put on the poster if I were running ServiceNow’s marketing right now. And it’s not just a pithy line – it’s the entire strategic argument the company is making, distilled down to nine words. Here’s the bet McDermott is making, and I think it’s worth understanding because it has real implications for how you think about the next few years of your business. The first bet is that the AI race isn’t going to be won by the best model. It’s going to be won by whoever can make AI safe enough, governed enough, and deterministic enough to actually run an enterprise on. He drew a distinction that I thought was clarifying. He said – and I’m quoting – “You can’t have a probabilistic solution for an enterprise. It has to be deterministic and it has to be right every time.” That’s the core argument against the pure large language model play. An LLM gives you the best answer it can given the data it has. It’s probabilistic by nature. That’s fine for a lot of things. It is not fine when you’re running IT service management for a bank, or HR workflows for a public sector organization, or customer operations for a telco. ServiceNow’s argument is that the governance layer – what they’re now calling the AI Control Tower – is the thing that makes AI enterprise-safe. Not just a nice add-on. The precondition. The second bet is that AI isn’t optional. It’s arithmetic. McDermott came back to this a few times. There’s a projected shortage of 50 million workers globally by 2030. The workforce isn’t growing fast enough to meet demand. Birth rates are declining. The enterprise can’t staff its way out of the problem it’s about to have. And so the argument isn’t “AI will help you be more efficient.” The argument is “AI is the only answer to a math problem that is already in motion.” He put it bluntly: AI isn’t coming for your job. AI is coming to do the jobs there won’t be enough people to fill. That’s a different pitch, and for a lot of your customers, it’s a more honest one. Is it a glass-half-full take? Sure. But considering the number of glass-completely-empty takes around AI and what it may do to the workforce of the future, I think it's worth considering. The third bet is the one that I find most interesting, and it was stated less explicitly, but I think it’s the most important one for your business. The bet is that ServiceNow was built for this moment. That the platform that’s been processing workflow for twenty years – the one that already has a hundred billion flows running, most of them untagged and unidentified – was always the foundation that AI needed to land on. He said it directly at one point: “This platform was always waiting for AI.” And I think what he’s really saying is: the hard part isn’t the AI. The hard part is knowing what to do with it. Knowing which workflows to activate. Knowing how to govern what you activate. Knowing how to quantify the outcome. And ServiceNow’s argument is that twenty years of enterprise workflow data, and the relationships and trust that come with it, is a moat that a hyperscaler or a pure-play AI company cannot replicate. There was a moment in the session – a little lighter – where McDermott talked about his relationship with Jensen Huang. He joked that every time he appears on stage with Jensen, NVIDIA’s market cap goes up by about a trillion dollars. He then pointed out that his own company’s multiple hasn’t quite kept pace with that. He was being self-deprecating in the way powerful people can afford to be. But the point underneath it was real: the NVIDIA partnership gives ServiceNow something the pure platform story couldn’t – a direct line into the AI infrastructure conversation, not just the AI governance conversation. There was one stat he dropped that I’ve been chewing on since then, a statisitical representation of the challenge that he faces, and that you face. And also of the opportunity, for those who play the game wisely. Only one in ten enterprises, by McDermott’s accounting, have actually moved from AI experimentation into AI that has genuinely impacted a core business process with real agentic workflows. One in ten. This is the CEO of the company that just staked its entire conference on the theme of “Welcome to Agentic Business” telling a room full of press that nine out of ten enterprises aren’t there yet. He wasn’t being pessimistic – he was making the case for the runway. But I thought it was an unusually honest thing to say out loud, and it’s worth noting. Because if one in ten is the number, then for most of your customers, the “agentic business” isn’t something they’re navigating. But it's probably something they’re aspiring to. And the opportunity for the channel isn’t to tell them about it. It’s to get them there. And that’s exactly what the Go Live AI guarantee, and the AI Control Tower, and the whole machinery of what ServiceNow announced this week is designed to do. Give the channel a way to close the gap between the aspiration and the reality, at a predictable pace, with a quantifiable outcome. If you want a bit more on the Go Live AI guarantee and the AI Control Tower, we covered it in this morning's episode of The Buzz, and tune in right here tomorrow, because ServiceNow's channel leader, Michael Park, has a lot to say about the mechanices of the Go Live AI guarantee in particular. One last quote I’ll leave you with. Someone in the room asked McDermott how he stays energized given the complexity of everything happening right now. He didn’t hesitate. “This is the best time I’ve ever seen for innovation in the enterprise.” He’s a CEO, so you take that with appropriate seasoning. But I was in the room, and I’ll tell you – to me it felt like he meant it. More from Knowledge 2026 coming this week, so keep your favorite podcast app nearby. If you’re finding In The Channel useful, please follow or subscribe wherever you’re listening – we’re on Apple Podcasts, Spotify, YouTube, and most major directories. Ratings and reviews are always welcome. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Tim Coach, chief evangelist at Cynomi For most managed service providers, the security services story has followed a familiar arc: endpoint protection, email security, security awareness training. Each category added value, then became table stakes. Third-party risk management – TPRM – is what comes next, and according to Cynomi Chief Evangelist Tim Coach, it may be the stickiest revenue category yet. The case is straightforward. Every business relies on a web of vendors, software providers, and service partners. Each one is a potential vulnerability. And most SMBs have no formal process for knowing how well those third parties are managing their own security – or what happens to them downstream if one of those vendors gets breached. Research from Cynomi suggests 45 percent of organizations will face supply chain attacks, and 30 percent of data breaches already involve a third party. The attack surface has shifted to the things organizations trust most. For Canadian MSPs, the regulatory pressure is specific and near-term. OSFI’s Guideline E-21, with a September 2026 compliance deadline for federally regulated financial institutions, puts third-party oversight explicitly on the agenda. The cascade effect on their vendors – and the MSPs serving those vendors – is already in motion. Perhaps the sharpest signal in this conversation: cyber underwriters are now denying SMB coverage not because of anything the SMB did, but because they are connected to an MSP. The managed service provider, long positioned as the path to better insurance outcomes, has become a risk factor in its own right. Coach’s recommended first move for any MSP building into TPRM isn’t a vendor questionnaire – it’s a Business Impact Analysis. Understand how the client actually makes money, which vendors are critical to those revenue processes, and what an hour of downtime costs. That reframes the conversation from technical widgets to revenue, cost, and risk – the language every business owner speaks. – UPLOAD AUDIO Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, your host for the show. My guest today is Tim Coach, Chief Evangelist at Cynomi, a vCISO platform purpose-built for MSPs and MSSPs. Tim brings an unusually grounded perspective to the space. He’s an engineer by training who spent nearly two decades building, running, and consulting on managed service practices before landing at Cynomi after seeing the platform first-hand and recognizing it could have solved one of his biggest operational headaches as an MSP owner – the CISO bottleneck, the point at which growth stalls because the security function can’t scale without adding expensive headcount. That personal history shapes everything he thinks about TPRM, third-party risk management, which is increasingly being talked about as the next major revenue category for MSPs after human cyber risk. Today we’re talking about what building a TPRM practice actually looks like, why cyber insurance has quietly flipped the MSP value equation, and why the right starting point isn’t a vendor questionnaire at all. Let’s get right into it, my chat with Tim Coach. Tim, thanks for taking the time. I appreciate it. Tim Coach: I absolutely love to be on. Thanks so much for having me, and for having Cynomi on your webinars. We’re always happy to do these things and educate the community. Robert Dutt: You’ve spent a long time in and around the MSP community. How did you end up at Cynomi specifically, and what was it about the opportunity around TPRM that pulled you in? Tim Coach: TPRM was eventually in the process – let me back up. What got me into the community was my engineering background. I went to college for what was called network communications back in those days. Basically I’m a network guy – I always point at the front-end programming guy and say, “It’s your fault,” and the programming guy says, “No, no, it’s the network’s fault.” So I did that for a large-scale nationwide company for many years, and then I fired my MSP. The owner was like, “Well, if you’re so good, why don’t you come over here and run this?” And I said okay. It took me about 24 hours to realize I didn’t have a clue what was going on – the place was chaos. But through process and procedure, and a military background, I knew I could get it under control. I ended up with a business partner from that experience, and we spent about 20 years rebuilding and consulting with MSPs. About five years ago, I just needed something different. The kids were a little older. I started looking at what else was out there, talked to a couple of mentors in the space – I’m sure if I mentioned their names everyone would know them – and they said, “You should come over and do this.” So I jumped. I went to work for a Canadian company, grew them quite a bit in the first year, then moved to an Australian company, grew them, and then went back to consulting for a short time. David from Cynomi was recommended to me as a consulting connection. We were going back and forth and he said, “Why don’t you come on board?” And I said, “I’m not really interested in selling a widget” – and it’s a security widget, right? There are so many great widgets and great personalities in the security space already. Probably not my jam. But he said, “No, no – let’s look at it.” And he showed me what Cynomi did, and I was blown away. The reason I was blown away is that at my most successful MSP, we hit a stopping point in our growth. The reason was our CISO – and this was before CISO was even a cool term. He was our bottleneck. Not because he was inefficient as a person, but because of the way he had to work: 80 pages of Excel spreadsheets and hours and hours of questionnaires. When I first saw Cynomi, I thought, “Here’s a way I could have doubled the size of my company with the same staff, the same CISO.” That’s what really inspired me to come on board – seeing that dashboard and connecting it to the personal pain I’d experienced around the security bottleneck. Now with the addition of TPRM, that excites me even more, because back in my MSP days I had a lot of bank clients, and banks are SOC 2 all over the place. Part of SOC 2 is that you have to have TPRM – you have to be responsible for everybody in the chain. So now we’ve built out a platform that lets the MSP, MSSP, ITSP, or whatever SP you want to put in front of those letters, easily manage vendor relationships and understand where clients are in their security posture. Robert Dutt: You may not feel it’s cool, but it’s certainly foundational security. Tim Coach: And that’s the problem, right? That’s why we’re still talking about security – because nobody knows how to talk business. They all talk widgets, bits and bobs: here’s this cool firewall, MDR, XDR. But you know what your clients don’t care about? The widgets. They care about being secure. Until we can bridge that gap – until Cynomi brings something that says, here’s an easy way to get to the data and details you need, here’s CISO-level intelligence so the MSP can translate it into business terms for the doctor’s office, the manufacturing company, whatever vertical you want – we’re going to keep having this same conversation. Robert Dutt: Let’s do a little bit of that with TPRM itself. Let’s take a step back and look at it from the viewpoint of an MSP who’s heard the acronym but hasn’t really dug in yet. Third-party risk management – what are we actually talking about, and what problem does it solve? Tim Coach: What a lot of people need to understand – and I try to say this in a way that’s easy to grasp – is: manage security first, and compliance becomes a default. What I mean is that you need a baseline, whether it’s CIS Controls, Cyber Essentials Plus, CMMC 2.0, one of the financial frameworks, HIPAA, whatever applies. You need a baseline you’re actively managing your security against. In the process of meeting that baseline, compliance follows. What we’re increasingly seeing is that certification bodies, auditors, and insurance underwriters all want to see that your solutions and partners are just as secure as you are. I was at Canalys Barcelona last year and someone made a statement that blew me away: for the first time ever, we’re seeing insurance underwriters deny coverage to an SMB because they’re connected to an MSP – and the MSP is what they consider the risk. We went from being the most important people in the room, essential workers, to being the risk factor. And on top of that, helping clients with their insurance has been one of our foot-in-the-door conversations for the last decade. That’s where TPRM comes in. The frameworks and insurance underwriters now want to see not just that you’re secure, but that everyone you’re working with is secure. The problem has always been how you manage that. Back in my day, you had to call the vendor, find the right person, ask for evidence of their SOC 2 compliance, get bounced around, end up with legal, sign an NDA, and eventually get the report. Now people share that information a bit more freely, but you still need a central place to manage it – so when an auditor or insurance broker asks, you can point to it and say, “Here it is.” We do a community call every Wednesday at noon Eastern, and we’ve had a gentleman on a couple of times who has written books specifically on TPRM. He’s sounding the alarms – not bad alarms, just “it’s coming.” But like a lot of SMBs, MSPs are having to drag their clients toward where they need to be. Once you make it easy for the MSP, you make it easy for the SMB, and you finally have a way to prove you’re taking those measures. Robert Dutt: Supply chain attacks have certainly been a theme in the channel for a while – Kaseya, SolarWinds, MOVEit. But TPRM as a formal managed service element feels newer. The insurance side sounds like a big driver. What else changed to make it go from a theoretical concern to something MSPs can actually build a practice around? Tim Coach: I firmly believe you cannot be a business partner without knowing how your partner makes money and how you need to protect them. I can’t protect them if I don’t know what they’re using. It’s the old adage: if two people are managing something, nobody’s managing it. TPRM is really the next step for the ITSP to move from a transactional relationship to a true business partnership – ensuring that everyone your clients are using is also protected. Because what happens is what always happens: it doesn’t matter what you have hard-coded in the contract about not being responsible for X. When something goes wrong, the SMB comes back and says, “But I thought you were managing this.” We go over it in the contract reviews, sure, but the conversation still happens. When you’re genuinely talking business – saying, “I’m going to protect how you operate quarter after quarter, year after year” – you’re protecting their entire environment, not just your piece of it. That’s when you move to a real business relationship instead of a sales relationship where every conversation is an upsell or a cross-sell. We’ve done it to ourselves a little bit, honestly. It’s like an insurance agent in Oklahoma trying to sell hurricane insurance. That’s not what we should be doing as business partners. TPRM allows us to have a full understanding of the client’s environment and make sure everything is protected – or at minimum, that the gaps are known by everyone. Robert Dutt: Cynomi has described TPRM as the next major revenue category after human cyber risk. Can you walk me through what the recurring revenue model actually looks like, and what makes it sticky? Tim Coach: Everything leads to MRR – that’s business. But you have to start with a project. You need to understand where the client is in their security journey before you can manage them ongoing. SMBs don’t do things for free, and neither do our partners. This is a revenue generator. But it’s a revenue generator because it actively has to be managed. I always say: I can’t throw a server at security. I can’t throw a firewall at it and declare myself secure. The best analogy I’ve heard for security is a block of Swiss cheese. There are holes, and you can stick a fork through those holes quite a way. But if you slice that block and turn every slice 90 degrees, the holes are still there – they’re just not as deep or vulnerable. That’s TPRM. There is no set-it-and-forget-it. It has to be actively managed, and that active management is where the recurring revenue lives. Robert Dutt: What does a typical engagement look like early on, for an MSP starting from zero with a client? Where does the work begin, and what surprises people about the scope as they go deeper? Tim Coach: Everything begins with an assessment. With Cynomi’s tools, we can use Cyber Essentials Plus or CIS Controls as a self-regulating baseline and add a couple of hours to the initial assessment to incorporate the security piece. We all do assessments upfront to understand what we’re getting into – or what needs to be fixed before we really dig in. Once you’re in the security layer, the next step is TPRM. And TPRM brings with it something I think is critically important: the Business Impact Analysis. It’s not enough to ask, “What does your client do?” They make dog food – do they? Or is that just the end product? When I was an MSP, I had a metal manufacturer that cut and stamped metal. But if you asked their CFO what the business was, he’d say, “Making pallets – I make more on pallets than on the stamping work.” I used this example in a presentation just yesterday. Years ago I was walking through a manufacturer’s facility and asked about a machine: “What does that one do?” “That runs the software that completes our product.” “Why isn’t it plugged into the network?” “It’s a Windows 98 machine.” “Why are you still running that?” “Because it runs decade-old German software that costs ten million dollars to replace. And we only have that one machine.” If you’re not walking through and genuinely understanding how they make money, you don’t know where the risks are. And that’s what TPRM forces you to do. Ideally, I’d love to sell a project that includes a full security assessment, a BIA, TPRM, BCP, IR planning, all of it from day one. But it doesn’t happen that way. You have to phase it. Once you understand the BIA and what they’re actually doing, you understand where the software and systems that carry real business risk are, and you can start building that into their security posture. It’s the same principle: why hack an individual when you can hack the software that manages all the individuals? Why try to crack one account when you can compromise an MSP’s RMM tool and get access to everybody? If you go into a business without understanding their software environment and vendor posture, you at minimum need to be able to tell them where the risks are. Because the language they speak is revenue, cost, and risk. TPRM is a risk if it’s not being managed – and that’s why we’re seeing so much attention on it lately, even though some of us have been doing this for decades. We just used to call it vendor management. Robert Dutt: We’ve talked a lot on the show about MSP tools as an attack surface – RMM agents, remote access tools, backup platforms. The MSP is supposed to be managing the client’s vendor risk, but the MSP’s own toolchain is also someone else’s third-party risk. How should MSPs be thinking about that? Tim Coach: It comes back to the BIA again. What are they using? What’s creating the security gaps, and how do you build better overall management around it? There’s a project in there, but every project should lead to MRR – period. It still has to be managed. Remember when Exchange servers went away and everyone panicked about where the revenue was going to go? There was still an entire environment to manage. We always made some revenue on hardware, though that’s gotten harder – the real money is in managing the ongoing environment. TPRM is the same thing: it’s a significant security gap in the overall posture of your clients, and that gap has to be actively managed. Robert Dutt: Pushing on that a little further – TPRM platforms are pulling in a pretty comprehensive map of an organization’s vendor ecosystem: the gaps, what’s been remediated, basically a full picture of the landscape. If one of those platforms gets compromised, that’s not just a breach – that’s a pretty rich target list for an attacker. How do you think about that? Tim Coach: Think about a CNC factory. Their job is building molds to produce a specific part, and the software on their server has all the schematics fully built out. What happens if that software gets hacked? You lose all the schematics for the CNC machine – so suddenly you can’t produce anything. And if the attacker gets in early enough in the process, the downstream supply chain impact goes way beyond that one facility. That’s the risk. If you’ve got $200,000 five-axis CNC machines – and I may have a little experience with this – and you’re not protecting the software running them, and you don’t understand from a TPRM perspective what the vulnerabilities look like, that’s an ongoing, persistent risk. You always have to be managing it. Robert Dutt: Sitting where Cynomi is, how do you think about the security side of running a TPRM solution, and what should MSPs be asking vendors in this space about that? Tim Coach: Efficiency. How efficient can you make it? I’ll probably get in trouble for saying this, but we’ve essentially stupid-proofed the first few levels. We’ve built it out for you. And look – I know AI is a word we’ve managed to avoid for about the last half hour, but AI is meant to enhance the human. It’s a tool. What we’ve done at Cynomi is build AI agents and intelligence into the platform to make this work manageable at a lower labor level. If I can take work that previously required a CISO – an expensive asset – and bring it down to a tier-two technician, my margins go up because my labor costs go down. That said, we’re not replacing the CISO. I used to work with a company that built a component for Apache helicopters – no public-facing anything. If a tier-two tech runs a report showing no web security for that client and flags it as a critical gap, the CISO might be the only person who knows that client has no public-facing presence by design. That context matters. The CISO still needs to be the final approval layer. What Cynomi has done is open up bandwidth for other people to do the groundwork, so you can grow your company without adding another six-figure salary. When your staff becomes more efficient, the CISO is less of a bottleneck – which was the original problem we started with. Robert Dutt: For the Canadians listening, there are some very specific regulatory drivers on the table right now. OSFI’s Guideline E-21 has a September 2026 compliance deadline for federally regulated financial institutions. Can you talk about the role you see TPRM playing in responding to that kind of regulation? Tim Coach: What we’re seeing is that the insurance underwriters, auditors, and regulators are the ones setting the standard, and the industry has to meet it – but the industry isn’t yet at a point where it can easily meet a TPRM standard. So what will probably happen, whether it’s Canada, the US, the UK, or EMEA, is a pattern we’ve seen before: they’ll release a guideline, there’ll be a period of voluntary adoption, and then they’ll give it teeth. Like HIPAA – they threw it out there, and eventually it got enforcement. The thing I’ve always loved is watching the auditors, because they’re typically running a couple of years ahead of the regulation. If you stop treating auditors like your mortal enemy – “they’re here to expose everything I’m doing wrong” – and start paying attention to what they’re flagging, you can get ahead of the game. Auditors are a leading indicator. It’ll always come down to government forcing the policy, and then insurance trying to find a way out of paying claims when it’s not followed. But if you’re watching the auditors and TPRM is showing up in their reviews, you already know what’s coming. Robert Dutt: For an MSP listening to this and thinking, “I should be doing this” – what’s the realistic first move? Not the ideal end state, but the practical starting point? Tim Coach: Start with the BIA – the Business Impact Analysis. Research suggests every SMB has three to five critical processes that drive about 80% of their revenue. Do they actually know what those are? Probably not. They make dog food. They take care of kids. Whatever it is – they don’t actually know how they make money. I have an old client who’s also a friend – he works in retirement planning. If you asked how he makes money, you’d assume it’s from managing portfolios. It’s not. He makes money by selling the policy, and the insurance company pays him a commission on that. If you don’t start by understanding the BIA, you don’t really know what solutions your clients are dependent on. Start with: who is your critical software outside of us? Who maintains it? Do we have a relationship with them? Does it connect directly to how you make money? And tie it to cost of downtime. If a doctor’s office goes down for four hours – and in a medical practice you call them providers, not doctors, right? Speaking their language, not ours – what does that cost? If the pallet machine on an assembly line goes down, and that pallet machine is the only thing holding product so the rest of the line can keep moving, what’s the cost per hour? If you don’t know that, you don’t actually understand how to service your client. You’re still talking bits and bobs instead of revenue, cost, and risk. Robert Dutt: Future-looking question to wrap up: where do you see this category going over the next couple of years? Is TPRM a standalone practice, or does it fold into a broader vCISO or governance offering? Tim Coach: I think it’s going to be both. For more mature MSPs, it’ll be baked right into their silver, gold, and platinum packages – TPRM is just part of what you get at a certain tier. For others, especially those that aren’t at a full vCISO-as-a-service level yet, it’ll be available as a standalone – a meaningful piece of the security posture they can deliver to clients without committing to the full stack. Growth and maturity, right? As people build their practices, the more advanced will have it embedded. But there’s also a real path for someone starting out to say, “I need to at least get this piece right, because it’s critical to the overall security posture of my clients.” Robert Dutt: Fascinating. It’s an interesting area of technology and – to your greater point – business. I appreciate you taking the time to share some thoughts on how service providers can get involved. Tim Coach: Thanks for having me on. I always appreciate it. Robert Dutt: There you have it – Tim Coach from Cynomi. I’d like to thank Tim for taking the time today. He’s been around the MSP space long enough that when he points at something and says it’s the next thing, it’s worth listening. A few things I want to make sure land from this conversation. The first is the Business Impact Analysis as the true starting point. Before you think about vendor questionnaires or risk scoring tools, you need to understand how your client actually generates revenue – which processes drive the majority of the business, and which vendors are load-bearing in that equation. That’s not a security conversation. That’s a business conversation. And that’s the shift that moves an MSP from tool vendor to genuine business partner. The second is the insurance signal. When underwriters start denying SMB coverage not because of something the SMB did, but because they’re connected to an MSP – that’s a warning and an opportunity in the same breath. MSPs who can demonstrate they’re actively managing their clients’ third-party risk have a new and better story to tell. And the frame to carry with you: security first, compliance becomes a default. Build the practice to the right security baseline and the compliance checkboxes largely take care of themselves. In The Channel is available on Apple Podcasts, Spotify, YouTube, and most major podcast directories. If you’re finding value here, ratings and reviews are always appreciated – they help other people in the Canadian IT channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Reporting live from ServiceNow’s Knowledge 2026 conference in Las Vegas, the message from CEO Bill McDermott and NVIDIA‘s Jensen Huang was clear: the era of AI pilots is over. ServiceNow is repositioning itself as the AI Control Tower — the governance layer that sits above every AI agent an organization is running, regardless of where those agents were built. McDermott’s framing centered on what he called the “AI blind spot” — the growing reality that most enterprises are deploying agents without meaningful visibility into what those agents are actually doing. A live demo on stage showed a real-time prompt injection attack being detected and shut down by the platform. The most concrete channel announcement is the new “Go Live AI” offer — a total satisfaction guarantee committing to 100 days to production. Not a pilot, not a proof of concept. For solution providers, this is a commercial tool designed to help move customers from evaluation to commitment by absorbing some of the delivery risk. Jensen Huang’s argument was that AI should be used to “elevate ambition,” not just reduce costs — a framing that gives partners a more expansive conversation to have with clients about what outcomes are now possible. The morning’s most compelling demo came from FedEx CEO Raj Subramaniam, who showed ServiceNow’s new AI agent Otto resolving a distribution hub staffing gap in minutes that historically took three days. FedEx reported 2,000 incidents offloaded, 3,000-plus hours saved, and 85 percent accuracy in production. For Canadian solution providers, ServiceNow is offering two new tools: a governance platform to make AI deployments defensible, and a commercial guarantee to make those deployments sellable. More on what this means for the Canadian market in this week’s In The Channel interviews from the show. In brief: Zoho research reveals Canada's “false comfort zone” in workforce security. Released ahead of World Password Day, Zoho's State of Workforce Password Security 2026 report—based on over 3,300 respondents including 174 in Canada—finds that while the Canadian attack rate (30%) is slightly better than the global average, significant vulnerabilities remain. The standout finding is the AI belief-to-deployment gap: while 89% of Canadian organizations believe AI will strengthen their security posture, only 46% are actually ready to deploy AI-powered security today. The primary blockers aren’t budget, but legacy infrastructure (52%) and migration complexity (48%). The report also highlights that 73% of Canadian organizations lack complete identity visibility across their workforce, leaving them exposed to orphaned accounts and unmanaged third-party access in highly integrated North American supply chains. Syncro and Guardz embed cybersecurity directly into the MSP workflow. Announced this morning, the two companies have launched a native integration that brings the Guardz cybersecurity platform inside the Syncro RMM/PSA environment. The move is designed to eliminate the “toggle tax” of managing separate security consoles, but the real channel hook is the automated billing: the integration uses Syncro's Universal Billing to automate client invoicing for security services, removing the manual reconciliation that often eats into MSP margins. Coming on the heels of the Guardz 2026 MSP Threat Report—which found that 90% of SMBs have at least one user with compromised credentials—the partnership aims to make proactive security a standard, billable part of the daily workflow. Huntress distribution deals are now officially live. The managed security platform's expansion into major distribution is now official. Huntress has signed deals with Ingram Micro, Vertosoft, Liquid PC, and QBS Software. For the Canadian reseller community, the Ingram Micro partnership is the headline, providing a more streamlined procurement path for the Huntress Agentic Security Platform and its 24/7 SOC. The move signals a transition for Huntress from an MSP-centric “challenger” brand to a broader mid-market and public sector player, using distribution scale to reach resellers who haven’t traditionally played in the “security-only” vendor space. Kiteworks names Oracle veteran Julia Rasekhi to lead partner strategy. The Content Communications Governance (CCG) platform—which has a significant Canadian footprint—has appointed Julia Rasekhi as its new senior vice president of Strategic Partnerships and Strategy. Rasekhi joins after 17 years at Oracle, and her mandate is to accelerate a transition toward partner-led growth for the company’s regulatory compliance and file sharing platform. As enterprise security increasingly moves from “network” to “content,” the hire suggests Kiteworks is looking to scale its GSI and reseller relationships to meet new data sovereignty and CPCSC requirements in Canada and globally. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, May 6, 2026, and here’s what’s happening in the channel today. I’m reporting live from Las Vegas, where ServiceNow’s annual Knowledge conference got underway this morning with what may be one of the boldest keynotes I’ve seen at an enterprise software show in years. CEO Bill McDermott took the stage alongside NVIDIA’s Jensen Huang to make a simple but sweeping argument: the AI pilot era is over, and “Agentic Business” — where autonomous AI agents actually do the work — is here now. The repositioning McDermott is making is significant. ServiceNow is no longer pitching itself as just a workflow platform. It is now positioning itself as the AI Control Tower — the governance layer that sits above all the AI your organization is running, whether it was built on ServiceNow or not. The framing McDermott used was the “AI Blind Spot” — the idea that most organizations are deploying agents without any real visibility into what those agents are actually doing. A live demo on stage showed a real-time prompt injection attack being detected and shut down by the platform. The point was clear: if you don’t have a control layer, you don’t have an AI strategy, you have an AI liability. The most concrete announcement for the channel is what ServiceNow is calling its “Go Live AI” offer — essentially a total satisfaction guarantee. This is, as far as I know, the first time a major enterprise software company has put a guarantee like this in writing. The commitment is 100 days to production — not a pilot, not a proof of concept — an actual deployed agentic workflow. If you’re a partner trying to move customers off the fence on AI investments, this is a commercial tool. ServiceNow is essentially absorbing some of the delivery risk to help you close. Jensen Huang’s contribution to the morning was framing the economic case. He pushed back on the idea that AI is purely a cost-cutting play, arguing instead that enterprises should be using AI to “elevate ambition” — to do things they couldn’t do at all before, not just do existing things cheaper. The NVIDIA partnership is powering a new layer ServiceNow is calling the AI Factory, which provides the compute and model infrastructure underneath the platform’s agentic layer. The most vivid demo of the morning came from FedEx CEO Raj Subramaniam, who walked through a live scenario showing ServiceNow’s new AI agent — called Otto — solving a staffing gap at a FedEx distribution hub in real time. The gap that historically took three days to resolve was closed in minutes. FedEx reported 2,000 incidents offloaded, over 3,000 hours saved, and 85 percent accuracy. Those are the kinds of numbers that end the “pilot conversation” fast. For Canadian solution providers, the takeaway is this: ServiceNow is giving the channel two new tools. A governance platform to make AI deployments defensible, and a commercial guarantee to make those deployments sellable. I’ll have more on what this means for Canadian partners specifically in my In The Channel interviews from the show later this week. And there was plenty going on aside from here at Knwoledge 26. In brief today: First, New research from Zoho highlights a “false comfort zone” for Canadian workforce security, with local attack rates sitting at 30 percent. While 89 percent of Canadians believe AI will strengthen their security, only 46 percent are ready to deploy it due to legacy infrastructure bottlenecks. Second, Syncro and Guardz have announced a major partnership, embedding the Guardz cybersecurity platform directly into the Syncro MSP workflow. The integration includes automated client invoicing through Syncro's Universal Billing to help MSPs capture security margin without the reconciliation headache. Third, Huntress distribution deals are now officially live with partners like Ingram Micro, Vertosoft, and Liquid PC. For the Canadian channel, the Ingram Micro relationship is the headline, signaling Huntress’s move to scale beyond its MSP roots into the broader mid-market. And finally, Kiteworks has appointed 17-year Oracle veteran Julia Rasekhi as its new SVP of Strategic Partnerships. This newly created role is a clear signal that the content governance player is shifting toward an aggressive, partner-led growth strategy in regulated markets. Full details and links in the show notes or the blog post. Later today on In The Channel, we take a look at third-party risk management, and why it's both an opportunity for managed service providers, and a threat as insurance providers get serious about supply chain risk, with Tim Coach from Cynomi. And if you haven’t heard it yet, check out yesterday's episode with Frances Edmonds, HP Canada's sustabiility leader, on just how important sustainability is on Canadian procurement documents. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Frances Edmonds, head of sustainable impact at HP Canada For Canadian IT solution providers, sustainability has always been something to think about – eventually. Frances Edmonds says the clock is running out on “eventually.” Edmonds is the Head of Sustainable Impact at HP Canada, a two-time Clean50 award winner, and one of the most recognized voices in the country at the intersection of technology, procurement, and environmental responsibility. On this episode of In The Channel, she makes the business case for why Canadian MSPs and resellers need to be fluent in sustainability today – and what being fluent actually looks like in a sales conversation. The data from HP’s own Amplify Impact program is striking: over 70% of partners who lead with sustainability report winning new business as a result, and self-assessment scores among participating partners have improved 59% since 2021. But the more urgent signal is in the procurement numbers. The Canadian Collaboration for Sustainable Procurement represents organizations with $105 billion in combined spend – and among them, OECM (the Ontario Education Collaborative Marketplace) is already applying a 12% weighting for ESG criteria in bid documents, scored at both the OEM and channel partner level. That’s not a coming wave. It’s already in the water. Edmonds also makes a compelling case on the AI front: Edge AI carries an estimated 90% lower environmental impact than Cloud AI – a stat with real implications for how MSPs frame hardware refresh conversations with clients who have sustainability or data sovereignty mandates. Resources mentioned in this episode: HP Amplify Impact program OECM – Ontario Education Collaborative Marketplace Bob Willard’s Sustainability Advantage – free tools for sustainability planning Climate Fresh training – available through HP Amplify Impact CBSR – Canadian Business for Social Responsibility Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. We talk a lot on this show about the “how” of the channel — how to build a practice, how to manage a migration, how to secure a client. Today we’re looking at a different kind of how: how to win deals in an environment where your customers care as much about your carbon footprint as they do about your hourly rate. My guest today has been living this story for 30 years. Frances Edmonds is the Head of Sustainable Impact at HP Canada, and she’s one of the most recognized voices in the country when it comes to the intersection of technology and sustainability. HP’s own data shows that over 70% of partners who lead with sustainability are seeing measurable impact on their win rates. What does that actually look like for a Canadian MSP in 2026? We’re going to dig into the shift in procurement rules, including some hard numbers on ESG weighting in Canadian bid documents, and why the rise of Edge AI might actually be the biggest sustainability story of the year for the channel. Let’s get right into it — my chat with Frances Edmonds. Frances, thanks for taking the time. Frances Edmonds: You’re very welcome. Robert Dutt: You sit in a unique place in that you’ve been focused on sustainability for a while now — long before it was a mainstream business conversation. Can you give us the quick picture of what your role is at HP Canada today, and how that has evolved as the story has evolved over time? Frances Edmonds: Sure. My title today is Head of Sustainable Impact — that’s the name of our sustainability program. And I practice what I call CSR 2.0: corporate social responsibility 2.0. I spent the first half of my career really getting HP Canada to the point where we could call ourselves Canada’s most sustainable technology company — you can find all the proof of that at hp.ca/sustainableimpact. Then we took a look around and said: sustainability from a business context in Canada isn’t really advancing. We’ve got a few leaders, but the vast majority of Canadian businesses aren’t doing very much — including our channel. So we thought: how do we change that? In a capitalist economy, the demand signal for sustainability performance in suppliers comes at the ballot box of procurement. About eight years ago, we switched our strategy to focus on how do we change how Canada buys. That’s really my job today — to encourage everyone in the industrial economy to add sustainability into their procurement criteria and decision-making, so there’s an incentive for all companies to step up and do more. Robert Dutt: Is that all? Frances Edmonds: [laughs] Well, on top of all the other things we do to maintain being Canada’s most sustainable technology company. But I don’t do this alone — sustainability is a team sport. We require all players to come to the table and bring their relative strengths. One thing we’re doing right now: we’re onto our fourth cohort working with a nonprofit called CBSR, Canadian Business for Social Responsibility. We teach sustainability professionals at some of Canada’s largest companies — Walmart, Canadian Tire, the banks, insurance companies — how to work alongside their procurement teams to implement sustainable procurement. We partner with nonprofits like Green Economy Canada, CBSR, other industry associations, and customers and partners to drive the change that’s necessary. Robert Dutt: You mentioned there’s still a need to mature how organizations across Canada are approaching this. The Amplify Impact data shows that 70-plus percent of partners report winning new business by leading with sustainability — that’s a striking number. When a Canadian MSP or reseller is actually leading with sustainability in a sales conversation, what does that look like in the room? Frances Edmonds: It really depends on who the customer is. Some customers have sustainability goals, but the people the MSP is actually talking to don’t know that — there’s often a gap between what the corporation is committed to and what the people doing the buying or the IT implementation are aware of. So you have to do your research: understand where the customer is coming from, what the opportunity is, and then align what the MSP and the OEM are doing on sustainability with the customer’s actual pain points. Do they have difficulty managing products at end of first life — the most common issue? Do they understand where their security vulnerabilities are? If you think about managing print, for instance — you’d normally do a print assessment and find printers 15 or 20 years old sitting on the network. That’s a huge security vulnerability that nobody’s really paying attention to. Helping customers with pain points like that — showing them the opportunities, whether it’s getting value back from end-of-first-life equipment to help fund new purchases, or moving into buying as a service — that’s really the sweet spot for both an MSP and a customer to maximize their sustainability performance. Robert Dutt: Is this primarily a large enterprise and government discussion today, or is it moving into the mid-market and down into SMB? A lot of partners are working with smaller businesses who may not have a strong sustainability mandate at the top of their priority list. Frances Edmonds: I think it’s quite spotty, honestly — I see bid documents from across the country in all sectors of the economy, so it’s hard to generalize. One advantage small businesses have is that they’re often purpose-driven, and the owner can make a decision quickly. “I’m buying from a company that puts ocean-bound plastics into their products” — and that’s a faster decision than getting a university to change its procurement policy, which can take three years of approvals. What I am seeing that’s changed over the eight years I’ve been working in this area: before, people didn’t really understand the link between sustainability and procurement. Today they understand it, and the people who want to do it differently often just have inhibitors in the way — or they default to “this product’s carbon footprint is two kilograms less, so I’ll buy it.” That’s not really how sustainable procurement works. You need more information to make a well-rounded decision. Sustainable procurement is still about getting the best value for the goods and services you’re buying — but now you’re also looking at the most sustainable or circular option from the most sustainable or circular supplier, in alignment with your own organization’s goals. And governments, whose sustainability goals range from zero poverty to life below water and everything in between, have a tremendous opportunity to practice this. Robert Dutt: You’ve spoken before about sustainability scoring in RFPs and procurement documents. Where does that stand in Canada right now — is this something MSPs need to be ready for today, or is it still a coming wave? Frances Edmonds: There’s always opportunity for competitive advantage because each customer has a different focus — whether it’s bridging the digital divide in Indigenous communities, disability inclusion, or a dozen other areas. But let me give you some numbers. The Canadian Collaboration for Sustainable Procurement just issued their latest annual report. They represent broader public sector organizations with $105 billion in combined spend. Twenty-seven members have sustainable procurement embedded in their policies. Fourteen have a dedicated full-time person working on it. And one of the best examples to date: OECM, the Ontario Education Collaborative Marketplace, publicly states that they’re applying a 12% weighting for environmental, social, and governance items in bid documents — scored at not just the OEM level, but at the channel partner level as well. Robert Dutt: So if I’m a partner who wants to get ahead of this — with so many angles and approaches to consider — what’s the minimum literacy they need to have in a procurement conversation today? What should they know cold? Frances Edmonds: The universal language is carbon. What are your carbon emissions? How are you working to reduce your carbon impact? That question is coming in some form from customers, regardless of sector. We know our products are carbon-intensive: 80% of a notebook computer’s carbon impact is determined before it ever reaches the customer — it’s in how it’s built. So understanding where carbon sits in the system, and how customers can help reduce it, is the first place to start. Through the Amplify Impact Program, HP offers a wide range of training — from basic 101s all the way through to what we call Climate Fresk. That’s a three-hour workshop that helps a group understand the interconnectedness of climate change and what they can do about it. We deliver it to partner leadership so they can understand how important this is to their business. We’re actually running one next week, and partners are welcome to attend. Robert Dutt: For a partner who’s hearing this and thinking “I’m interested, but where do I start?” — what are the tools and resources inside Amplify Impact that are actually moving the needle? Frances Edmonds: The Amplify Impact Program basically took 80 years of HP’s expertise in sustainability leadership, put it into a web-enabled system, and made it available to partners for free. Everything a partner could possibly need is in there. If you’re not in the program yet, I’d strongly encourage you to join — it’s free and straightforward to get started. You sign a pledge to commit to the program, then complete an online self-assessment. With AI enhancements, it benchmarks you against your peers worldwide and gives you a customized action plan to improve your scores. The results have been meaningful: since we launched in 2021, self-assessment scores globally have increased by 59%. Partners redo the assessment annually, and we’re seeing steady progress. In Canada specifically, we’ve seen over 6,000 sustainability courses completed by partners and employees — which tells you the interest is there at the individual level. For anyone outside the Amplify Impact Program, Dr. Bob Willard at Sustainability Advantage offers a whole suite of high-quality tools for free. That’s another strong place to start. Robert Dutt: How has the partner conversation in Canada on this evolved over the last five years, and where does it need to go next? Frances Edmonds: Let’s look at the economic situation partners are in today. Prices are going through the roof, availability is constrained. What does a logical customer do in those circumstances? They start thinking about buying for durability and longevity — and that leads right into the “as a service” conversation. This is about deepening relationships with your customers. Customers don’t want a one-time fix anymore — they need a partner at the table. And selling as a service, with a longer and deeper customer relationship, is where the market is going. We’re moving away from selling boxes to selling services, and sustainability is just another one of those services that’s part and parcel of that shift. I always think of security and sustainability as two sides of the same coin. That’s what customers need — and we can deliver both. Robert Dutt: Security as a service is certainly well-established. Where do you see sustainability as a service in terms of maturity and adoption? Frances Edmonds: Within the Amplify Impact Program, for instance, if a partner wants to measure and manage their carbon footprint, HP has negotiated a globally discounted rate for partners to acquire a software-as-a-service tool to do exactly that. They become carbon-literate in a hands-on way and understand how to report on it to their own stakeholders — employees, investors, customers, whoever. In some cases, we even allow partners to use MDF to pay for that software. We’re essentially paying them to get started with carbon management. Robert Dutt: I have to ask about AI — it’s the conversation everyone in the channel is having right now. There’s a real tension between the push to build AI infrastructure, which is enormously energy-intensive, and sustainability goals. How should partners be navigating that for their clients? Frances Edmonds: Great question. Let’s start with the distinction between cloud AI and Edge AI. Edge AI — which, in a country of small and medium businesses like Canada, is where AI is really going to drive productivity — is estimated to have greater than 90% lower carbon impact and to be more secure than cloud AI. So we’re already on a winner there, assuming we can get AI-enabled devices into the right businesses. At its simplest: most tech people don’t actually know the relative carbon footprint of doing a Google search versus running a generative AI query. Can we just educate people to use the right tool in the right place? Don’t burn your carbon budget on something where a Google search would do. When you get into the ethics of AI use broadly, that’s a much longer conversation — and I’d like to see a lot more guidance documentation coming out on that front. Robert Dutt: That’s quite telling — that much lower footprint at the edge also speaks to what solution providers control, and brings in data sovereignty, security, many different factors. Frances Edmonds: Exactly. Security is the other piece — and they really go hand in hand. Robert Dutt: One last question: what’s the one thing you wish more MSPs and resellers understood about sustainability that they’re currently either getting wrong or overlooking? Frances Edmonds: Even when partners have made real investments in becoming more sustainable — gone through the training, completed the program — I don’t think they’re maximizing that return on investment by actually selling with sustainability. And I think it often comes down to the people taking the education not being the people making the go-to-market decisions. But as we see this shift into selling as a service, I think it will come along with it naturally. If you think about WXP — HP’s Workforce Experience Platform — there’s sustainability built right into it alongside security. The opportunity to delight customers with sustainability is real, and it’s not hard to do. It’s really just about making sure everyone knows, understands, and can connect it to what the customer actually needs. Robert Dutt: Some great advice in there. I appreciate you taking the time to share where things stand and where you see them going. Frances Edmonds: Thank you. From Canada’s most sustainable technology company — listed as one of the top 100 most sustainable corporations worldwide — this is near and dear to my heart. We’re here to make a difference, and this is one of the ways we do that. Robert Dutt: Brilliant. And it’s a conversation HP Canada has been having consistently for a while now — so it’s clearly not just an Earth Month thing. There you have it — Frances Edmonds from HP Canada. I’d like to thank Frances for her time today. It’s rare to talk to someone who can bridge the gap between high-level environmental goals and the gritty reality of a municipal RFP response, and I think she gave us some real clarity on where that line is being drawn right now. And as always, I’d like to thank you for listening. My big takeaway from that conversation is that sustainability is becoming a hard technical requirement, much like security. When you hear that organizations like OECM are moving toward a 12% weighting for ESG in their procurement documents — that’s not a nice-to-have anymore. That’s a gating factor. If you’re an MSP and you aren’t literate in this space, you’re essentially spotting your competitors a 12-point lead before the conversation even starts. I also found Frances’s point about Edge AI particularly striking. The idea that processing at the edge carries 90% less carbon impact than the cloud is a powerful narrative for partners — especially when you layer in the data sovereignty benefits we discussed. It’s a rare triple-win of performance, privacy, and planet that fits perfectly into the AI PC refresh cycle we’re seeing right now. If you enjoyed this episode, please make sure to follow or subscribe to In The Channel on Apple Podcasts, Spotify, YouTube, or wherever you get your shows. Ratings and reviews are always hugely appreciated — they really do help other Canadian channel pros find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: ServiceNow’s partner momentum is real – and the model is changing. Opening the Partner Day Keynote at Knowledge 2026 in Las Vegas Monday, SVP of Global Partnerships and Channels Michael Park led with a pointed Q1 headline: partner-sourced net new ACV doubled year-over-year, and partners delivered more than 50 per cent of Moveworks‘ net new business in the first 90 days following ServiceNow’s acquisition. The numbers put muscle behind a message the company is driving hard: this is a partner-led growth engine, not a direct play. The company rolled out two new tools to cement that model – a Partner Business Value Composer designed to help partners establish AI value baselines with customers, and a new Outcome Led Services methodology designed to move partners away from traditional time-and-materials billing toward monetizing business outcomes. As Constellation Research founder Ray Wang put it on stage: “The companies that will win are not the partners who try to rebuild the engine – they use the engines available to build the new car that doesn’t exist.” Three questions are opening every enterprise AI conversation – and governance is the one that’s sticking. Chief Customer Officer Chris Bedi laid out the framework partners should be using: How do I make AI real? How do I get to value faster? How do I govern AI everywhere? The governance question is emerging as the highest-urgency entry point – every enterprise is grappling with it whether or not they’ve articulated it. ServiceNow is positioning AI governance as the non-negotiable building block of any enterprise AI deployment, and is expected to announce a formal 100-day AI value guarantee at today’s Knowledge mainstage keynote – an offer partners will be able to use as a standardized starting point for customer engagements. The customer conversation is also shifting: “Pacesetters” that Bedi tracks as AI leaders are demonstrating 160 per cent ROI, and the story is no longer about cost reduction. Top-line revenue growth is what’s getting approvals right now. Nine in ten ServiceNow implementations go through partners – and the company is investing in that reality. Chief Learning Officer Jayney Howson put a sharp point on the session with a single stat: 90 per cent of all ServiceNow implementations are delivered by a partner. She framed the implication plainly: “You’re the last mile between buying an AI dream and seeing an AI reality.” In response, ServiceNow is making a significant investment in partner enablement – AI-assisted learning tools, a new simulated training environment, and a commitment to dramatically compress implementation training time from weeks to hours. The platform has approximately two million certified learners today, with a target of three million by end of next year. For Canadian partners evaluating where to deepen their ServiceNow practice, the message was hard to miss: the enablement infrastructure is being built, and the company is betting its partners are the ones who make the AI era real for enterprise customers. Also in brief: Nerdio launches Manager for MSP 7.0 as Microsoft cloud growth surges. The multi-tenant Microsoft management platform announced today that MSP ARR grew 51.8 per cent in 2025, with Microsoft 365 users inside the platform up more than 300 per cent year-over-year as MSPs expand their Microsoft practices beyond virtual desktop. Version 7.0 – in public preview as of today – adds four notable capabilities: a Prospect Tenant Assessment Wizard that scans a prospect’s Microsoft 365 environment and generates a client-ready security and efficiency gap report; native PSA integrations with Datto Autotask, ConnectWise, and Halo; Microsoft Purview compliance baselines; and a white-label reporting engine across Azure Virtual Desktop, Microsoft 365, and Azure. For MSPs trying to manage the whole Microsoft stack across dozens of tenants from a single pane of glass – and increasingly looking for tools that help them sell, not just manage – 7.0 has some practical additions worth a look. Anthropic takes a swing at the consulting industry. The company behind Claude announced today a $1.5 billion joint venture with Goldman Sachs, Blackstone, and Hellman & Friedman – not to license Claude, but to embed it inside enterprise workflows as a service. The model is being read as a direct shot at traditional consulting firms, and a clear signal about where AI services margin is flowing. For channel partners building AI practices, the venture is worth watching: Anthropic is structuring this as outcome-based deployment, backed by institutional capital that can go places traditional IT channel distribution cannot. ThreatDown makes a major channel pivot. The Malwarebytes spinoff announced last week that it has rebuilt its entire go-to-market model around a channel-first strategy – growing distribution from one per cent to 40 per cent of its business. The company is launching a new Nexus Partner Program with deal protection and margin incentives specifically designed for MSPs. For a cybersecurity brand that has been largely direct-led, this is a significant reversal and puts ThreatDown in direct competition for MSP mindshare with established channel-first security vendors. Cisco is acquiring Astrix Security for $350 million. The Israeli startup specializes in non-human identity security – securing the API connections, OAuth tokens, service accounts, and AI agent identities that are multiplying fast as agentic deployments scale. It’s a logical buy for Cisco as the attack surface around AI agents becomes one of the harder problems in enterprise security. Read Full Transcript TRANSCRIPT TO COME
Nat D’Ercole, data transformation leader for AI and data at Deloitte Canada In the final episode of In The Channel’s three-part series from SAS Innovate 2026 in Grapevine, Texas, we sit down with Nat D’Ercole of Deloitte Canada for the practitioner perspective on enterprise AI transformation – what it looks like from inside the organizations actually doing the migration and governance work. The conversation opens on the reality of Viya migrations at enterprise scale. Deloitte’s approach starts with a scan of the client’s current environment – understanding which workloads are actually running the business versus which haven’t been touched in years – before building a roadmap that addresses cost structure, change management, and what a future-state architecture actually needs to look like. A central theme is data governance maturity as the key determinant of AI readiness. Nat introduces the concept of human hallucination – multiple versions of the truth produced when ungoverned data is accessed and wrangled without standards across an organization. His point is that the organizations that have already done the hard work of data governance are the ones genuinely positioned to move fast on AI. Those that haven’t are still stuck solving the foundation problem first. On OSFI E-21, Nat echoes what SAS Canada’s Ryan MacDonald described earlier in the series – regulation as a useful catalyst rather than a burden – and addresses the risk and fraud use cases where the Deloitte-SAS partnership is seeing the most active investment, including procurement integrity and financial scenario modeling. The episode closes on SAS AI Navigator as a complement to Deloitte’s own trusted AI framework, the use of AI-augmented engineering to accelerate migration timelines, and a thirty-year observation about the 80/20 problem – and why this might finally be the moment it gets flipped. Read Full Transcript Robert Dutt: Hello, and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. This is our third and final episode from last week’s SAS Innovate 2026 in Grapevine, Texas. And if you’ve been following along, you’ve heard the view from SAS Canada leadership – the AI maturity story, the governance urgency, what the mid-market channel opportunity looks like – and then the global channel strategy conversation with John Carey, the build-out of the indirect motion, the TD SYNNEX partnership, and where the channel goes from here. What we haven’t heard yet is what it actually looks like from inside a real enterprise engagement. That’s what this episode is. My guest is Nat D’Ercole, data transformation leader for AI and data at Deloitte Canada. Deloitte is one of SAS’s major global systems integrator partners, and Nat works with the kind of large Canadian enterprises that are right in the middle of the AI transformation conversation – Viya migrations, data governance strategy, OSFI E-21 readiness, risk and fraud modernization. The practitioner reality, not the roadmap. We talk about what it actually looks like to walk into a client and untangle 20 or 30 years of SAS implementation. We get into data governance maturity as the thing that most determines whether an organization is ready for AI. We talk about what Nat calls human hallucination, and why it’s not as different from the AI kind as you might think. And we close on a concept that Nat has been waiting 30 years to see become real – the 80/20 flip. Let’s get right into it. My chat with Nat D’Ercole. Nat, thanks for taking the time. I appreciate it. Nat D’Ercole: Pleasure to be here. Robert Dutt: Obviously, you guys are one of SAS’s major global partners, but for an audience that’s primarily VARs and MSPs – that kind of partner – the Deloitte AI and data practice might be a bit of a black box. Can you tell us a bit about what it looks like day to day? Who are your clients? What are they typically asking you to solve today? Nat D’Ercole: Of course. Our clients are facing complex issues in terms of how to manage their data, manage their models, and obviously working in an age of AI and sorting all that out in terms of where they are today, what are they using today, the cost of running all that today, to where they need to get to – both from a data, tech, people, and process perspective. So being a professional services firm focused on helping our clients with both advisory, implementation, and supporting our clients’ systems are key areas that our clients look to us for support. Robert Dutt: A little earlier, I talked with Ryan Macdonald, who leads SAS Canada. The subject of hidden SAS came up – in so much as a lot of customers end up finding they’re running SAS software, running key business functions on SAS software, and not necessarily even aware of it, because it’s just become such a part of the underpinnings. It’s just there. It’s invisible even to themselves. When you walk into a client that engages Deloitte on, say, a Viya migration, is that something that you often see? And what does that journey kind of look like? Nat D’Ercole: Great question, Robert. And that comment from Ryan really makes sense to me. Our clients have been using SAS for many, many years – some 20, 30 years, and maybe even longer. And so SAS is used for everything from data management, modeling, analytics, reporting, data wrangling, and so on and so forth. And it’s a web of solutions that organizations across departments have implemented. And so understanding what they currently have in place is a challenge. And so we do help them with that in terms of providing them with a scan of their current environment and helping them understand what workloads are actually running their business versus workloads that haven’t been touched in years. And with that, we’re able to help them with a roadmap to address those workloads and determine what is fit for purpose in terms of moving to a future state. Robert Dutt: You guys are dealing with big projects and pretty high-stakes stuff, and not the simplest thing – like a Viya migration at enterprise scale is clearly not a simple concept. What do you see as the real cost and complexity pressure points for customers? And how do you help clients navigate those without the project stalling out? Nat D’Ercole: You know, I think what’s really important is to understand – just building on my previous answer – understanding what is running their business and the cost structure associated to that. So obviously there’s technology licensing, there’s training on existing solutions, target solutions, change management, upskilling, etc. in terms of some of the key cost drivers. And let’s also refer to storage as well as another area of cost. So analyzing our clients’ environments and really taking a closer look at each of those buckets to help them figure out where are they now, and what are the opportunities, what are the options for them moving forward. Robert Dutt: Governance – obviously a big topic here – and the idea of governance and trust becoming inseparable from the AI conversation has been a big theme here and elsewhere. Curiously, what are you seeing in that, and is it changing what you’re being hired to do? Are clients coming to you with a technology problem, or are they coming to you with a governance and risk problem that has a technology component to it? Nat D’Ercole: Yeah, so clients are hiring us to solve a business problem that is enabled by technology, enabled by change. And to address your specific question around governance – governance comes in the form of data governance, AI governance, model governance, etc. We do find that the level of preparedness in organizations around data absolutely varies from immature to mature. So those organizations that have addressed data governance are those that are most prepared for the AI age and being able to take the next step. Now, not everything requires structured data and highly clean data. So depending on the use cases, it is quite possible to apply AI and begin to see benefit. However, more and more I do see organizations invest in things like master data management, invest in data governance, and invest in operating models. And those operating models are also AI-ready. So we’re starting to see the need for roles such as prompt engineers, AI engineers that are interrogating results of models, ensuring that there’s a continuous feedback loop – and where models are drifting or hallucinating or so on and so forth, that there’s a human loop catching that. So these are new roles that are being created and need to be part of an overall governance strategy. Robert Dutt: What role do you see yourselves playing in leveling up those organizations who haven’t gone far enough in governance thus far to get the most out of the AI future? Nat D’Ercole: I’m actually working with a client right now where they haven’t addressed data governance and they’re stuck with legacy solutions where very much it’s been the wild wild west – if I could use that term – in terms of accessing data, enabling analysts across the organization to wrangle that data and develop outputs that their leaders consume. And so when that happens without governance, you get things like what I refer to sometimes as human hallucination, where there’s multiple versions of the truth. Organizations do see that today. And to me, that’s the human side of these hallucinations that we’re seeing with AI. So for those organizations, in terms of leveling up, it is certainly approaching it from a people perspective first – ensuring leadership is in place, necessary roles around domain ownership, necessary standards and policies are in place. And really, what is the motivation for elevating data governance in the organization, ensuring that that messaging is clear from the executive level down. Robert Dutt: So if human-in-the-loop is the solution to AI hallucinations, is AI-in-the-loop the solution to human hallucinations? Just kidding. Moving on to the regulatory environment – first thing that comes to mind, especially because SAS is so big in regulated industries, is finance and OSFI E-21 in particular. When you’re working with organizations that have to meet that bar, do you see it creating real urgency in the conversations you’re having? Or are clients still finding ways to buy time or building out how they respond to some of the regulations that we see? Nat D’Ercole: Well, there’s nothing like having a catalyst in place to motivate – exactly. So yeah, I think that’s where regulation provides guidance, direction, standards. These are areas that organizations can look to in order to inform how they need to move forward as well. So that’s very much welcome, I would say, in terms of helping organizations steer their investments so that obviously they comply – and no one wants to be facing penalties. Robert Dutt: Sticking with financial services – risk and fraud is highlighted as an area of strength for the Deloitte/SAS partnership. Where are you seeing the most active investment and I guess the most interesting use cases right now? Nat D’Ercole: I would say in terms of risk and fraud, procurement integrity are areas that are horizontal across organizations. You can go from a fraud perspective – not just procurement, but other types of fraud within organizations. And then from a risk perspective, there are areas around financial risk where organizations need to ensure that they have proper scenario modeling in place to understand what stresses they need to address from an organization and modeling perspective. So I would say those are common use cases – asset liability management, treasury – just being more versatile, more accelerated in terms of running these scenarios. So solutions like SAS do provide capabilities to address that speed of process. Robert Dutt: In general terms, as you’ve been here this week at the event – whether it’s a specific announcement, whether it’s an area of conversation, whether it’s what the leadership at SAS is thinking about – what’s caught your eye, caught your ear, and made you think, “Oh, I need to learn more about that”? What’s been your headline of the event? Nat D’Ercole: The keynote – the interview that Jen Chase did with Mel Robins really hit home for me, and how she applied it to AI. And for me, ensuring that leaders are leaning in and providing the change that they want – or being the change that they want to see in the organization, living the change – and also helping organizations from a leadership perspective, executive perspective, to be comfortable. Many employees, I would say, across industries and organizations – some as Mel referred to – are afraid of what AI’s potential can do to their jobs. That’s a real human reaction. And so from a leadership perspective, creating the right environment for people to begin to lean in. I’ve said many times that, “Will your job be replaced?” – and oftentimes the answer to that is, “Yes, it’ll be replaced by those folks that are embracing AI.” So now is the time to lean in and begin to learn how to use it. So Mel’s comments definitely resonated. I looked around a large room – over probably 300 tables – and many people nodded with some of those remarks. So for me, that really resonated. Robert Dutt: Pulling on that leadership thread a little bit – from where you’re sitting, what does good leadership look like in terms of guiding that AI discussion? Because that can be everything from really understanding it, making the case for it, making clear communications – not pushing, but being behind the organization’s efforts – to the kind of stereotypical thou-shalt-from-on-high, “The board tells me I have to do AI. Everyone’s talking about AI, make it happen.” Nat D’Ercole: I think from an executive perspective, beginning to make investments in AI and ensuring that there’s a path forward for the organization – as individuals, departments, and then the enterprise. So that path forward, typically when we work with clients, we look to understand where the low-hanging fruit might be, both from an efficiency perspective and effectiveness. By effectiveness, being able to get insights faster, being able to run through processes faster, but at the same time ensuring – back to our previous comment – ensuring that the human is in the loop. Executives are also looking for ROI in use cases. And I would say that ROI should be looked at most definitely, but be somewhat lenient in terms of the payback timeframe. Some may be one year, some may be two years. The important thing is to start and begin to learn from the experiences, and have a set of – or journey roadmap of – use cases that will enable the organization to be more efficiently effective as a whole. Robert Dutt: One of the bigger announcements here – and certainly the ones that got a lot of the attention and a lot of stage time – was SAS AI Navigator, built around governing AI use cases, models, and agents all at scale. Does a tool like that change what you guys deliver, or does it slot into something you’ve already been building? Does it kind of augment manual processes for you? Nat D’Ercole: Yes, I would say it complements our trusted AI framework. I really like the visuals around the AI Navigator, and it really showed how AI could be green, could be yellow, and then could be red – and then ensuring that there’s a human loop addressing those red drift areas. So it certainly complements. And knowing how to bring the two together is, I would say, areas where clients will need help, and certainly what to prioritize first. Robert Dutt: In talking to Ryan, the idea of clients increasingly looking at engagements that involve the scale of a GSI such as yourselves alongside niche industry-specific partners in the same engagement – and kind of creating that ecosystem approach. Curious if that’s something that you’re seeing and building for, or still more of an exception than rule in Canada. Nat D’Ercole: I would say, going back to a previous question, we do lead from a business perspective and clients are coming to us to ensure that the technology investments that they are making make sense from an overall business perspective. And so how those investments are realized, we will often be an orchestrator of our alliances – both technology alliances and potentially industry-specific – where there’s expertise that we need to pull in as part of solutioning for our clients. So not abnormal, I would say. Where it’s justified, certainly our ecosystems and alliances are a key value driver for our success. Robert Dutt: What’s the common genesis of that? I’m curious how often it’s you guys pulling in another party because they add something to the engagement, versus customers having an incumbent or someone they want to work with alongside you. How does that start, basically? Nat D’Ercole: It really starts with having the conversation with the client – what are they thinking, and how can we help them best, bringing the best resources and capabilities to their problems. Clients may also have biases in terms of what they’re comfortable with. So it’s understanding that and advising them on whether that makes sense or doesn’t, and why. Robert Dutt: Let’s get meta with AI a little bit here. There’s a lot of conversation in consulting about using AI to deliver AI projects faster. Is that something that you guys are doing in this practice? And what does it look like if it is? Nat D’Ercole: Oh, absolutely, Rob. These are demands that our clients are requesting – that whenever there’s any engineering in place, whether it’s custom engineering or custom build solutions, custom build models, what have you, or migrations for that matter – migrating from legacy code, legacy reporting solutions, legacy SAS to SAS Viya, etc. – leveraging AI to accelerate time to value, lower the cost of delivering. And so to that end, we have developed accelerators. We do leverage AI and AI-assisted development engineering – AI-augmented engineering, if you will – to deliver overall lower total cost of implementation. Robert Dutt: What does the team that you’re building to do this work in Canada look like? I’m curious especially what the skills you’re most looking for are, and what are the skills that are hardest to find or most need to be developed because they’re brand new. Nat D’Ercole: Certainly data scientists, engineers, domain expertise in an industry that understands the business problems, understands the business language, change management – these are core consulting skills. I would say it just gets further augmented in the area of AI, and ensuring that resources have or are building experience or getting upskilled in the areas of AI to solution our clients’ problems. So I would say those are the key areas. And the last one is that trusted AI area as well – where our risk practice is focused on that. So from overall servicing a client, being able to pull from all facets of our multidisciplinary capabilities across the firm are key aspects in terms of why clients are coming to us to support them, because it’s not a technology problem. Robert Dutt: Last one for me – what does success look like for a Canadian organization that’s, let’s say, 18 months into this kind of a transformation? And what’s the one thing that most often determines whether they get to success or not with an AI project? Nat D’Ercole: I would say having clearly defined upfront business rationale – what does the future state look like from a business economics perspective? I’m not just talking about financial return. I’m talking about what does it mean for their people, and being able to sell that. Having that vision in place and actively working to chip away at building that out with the organization, within the organization – upskilling them so that they have the necessary skill sets to move forward, take on more themselves, et cetera. So you definitely need to have the persistence, the top-level leadership to continue to drive, and I would say celebrate successes, advocate for better ways of working, and the benefits that it’s driving for the organization. So just continuing to sell the benefits, continuing to provide that vision for employees so that they understand what this means for them as they move forward. Those use cases where AI is replacing just the redundant tasks that employees are working on to get a report out – these are all areas where AI can improve the efficiencies, improve the quality, improve the trust, so that employees can focus on those higher-order, higher-value areas, strategic thinking – things that they’ve been hired to do. I’ve been in this business for over 30 years and there’s always been that 80% of the time people are pushing data around, preparing data, and 20% is being spent on value-added activities. So AI really provides now the opportunity to flip that – finally. But obviously it does require safeguards, it does require executive support and leadership. So yeah, it’s a great time to be in, to be consulting, and to be working with clients to help them realize better ways of working. Robert Dutt: All right. Well, good luck in making that flip. It is a long time coming, as you say. I hope Innovate finishes strong for you, and thanks again for taking the time. Nat D’Ercole: Thank you, Robert. Robert Dutt: There you have it – Nat D’Ercole from Deloitte Canada. I’d like to thank Nat for his time, and that wraps up our three-episode run from SAS Innovate 2026. Thanks for listening. Few things I’m taking away from this one. First, the human hallucination concept. When organizations haven’t addressed data governance, you end up with multiple versions of the truth – different teams, different numbers, different answers to the same question. Nat’s point is that this is the human-side equivalent of what we’re trying to prevent with AI governance, and that the organizations that have already solved the data governance problem are the ones that are actually ready for AI. Not the ones with the best AI strategy – the ones with the cleanest data foundation. Second, the 80/20 flip. Nat’s been in this business for over 30 years. For most of that time, people have spent 80% of their time pushing data around and 20% actually doing value-added work. AI has the potential to flip that. That’s not a new observation, but hearing it from someone who’s been watching it not happen for three decades really gives it some weight. And third, Deloitte positioning as the orchestrator. They’re not just the big GSI anchor in these deals. They’re the ones pulling in niche specialists, aligning technology alliances, and making sure the business case holds together across all of it. That ecosystem John Carey described from the vendor side – this is what it looks like from the delivery side. Hope you enjoyed this special coverage from SAS Innovate 2026. As fate would have it, we’ll have a new series starting later this week – more on that to come, but safe to say I’m currently on my way to Las Vegas. If you found this one useful, follow or subscribe to the ChannelBuzz.ca podcast. We’re on Apple Podcasts, Spotify, YouTube, and most of the major directories. Ratings and reviews are greatly appreciated and really help others in the channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
John Carey, senior vice president of global channels at SAS Institute Recorded on site at SAS Innovate 2026 in Grapevine, Texas, this week’s In The Channel features John Carey, senior vice president of global channels at SAS Institute, in a conversation that covers the full arc of his four years building SAS’s channel program from the ground up. When Carey joined in 2022, SAS had a history with partners – advisory engagement, project delivery – but limited co-sell and no resell motion. His mandate was to change that. The conversation traces that journey: the introduction of a clear market segmentation (enterprise above the line, channel below the line), the decision to route transactions through partners while keeping end-user contracts with SAS intact, and the live project underway right now to migrate direct customers to indirect. A central theme is the distribution partnership with TD SYNNEX, which Carey frames as a leverage mechanism – moving from thousands of customers to hundreds of partners to one distributor – giving SAS the financial and operational flexibility it needs while giving partners financing terms, invoicing support, and credit options a software vendor is not built to provide. On the competitive landscape, Carey draws a sharp line between SAS and the AI tools crowding the market. Others turn up with an easy button and a black box. SAS turns up with a transparent box and a governance framework – and with SAS AI Navigator now tracking agent behaviour across the Viya platform, that framework is getting sharper. The episode closes with a candid look at the partner economics model – an inverted approach that makes it easy to start selling and lets services investment follow the book of business – and a direct invitation to Canadian solution providers with data, security, and infrastructure skills to get into the conversation now. Read Full Transcript Robert Dutt: Hello, and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. Still coming to you this week from Grapevine, Texas, from SAS Innovate 2026. If you caught our last episode with Ryan Macdonald, leader of SAS Canada, you heard the view from the Canadian perspective: the AI maturity story, OSFI E-21, and the mid-market channel opportunity. This time I’m going a level up. My guest today is John Carey, senior vice president of global channels at SAS Institute. John’s about four years into the role, and he came in with a specific mandate: to rethink what partnering looks like for a company with a long history of advisory and delivery through partners, but limited co-sell and essentially no resale motion. Four years later, the picture looks pretty different. There’s a clear market segmentation model, a distribution partnership with TD SYNNEX, an active project underway right now to migrate direct customers to indirect, and a 30% channel revenue target that’s already evolving into something even more ambitious. We talk about all of it: what he found when he arrived, how the direct-to-indirect transition is actually landing with customers, what the partner economics look like for a new SAS partner in 2026, how this week’s AI Navigator and agentic AI announcements change the channel opportunity, and what he thinks the SAS channel looks like in three years if things go well. Let’s get right into it. My chat with John Carey. John, thanks for taking the time. I appreciate it. John Carey: Appreciate it. Good to be here, Robert. Robert Dutt: You’re about four years into leading channels for SAS if memory serves and I’m able to do the math—both of which are somewhat suspect. Can you tell me a little bit about what you found when you got here and the quick version of the journey in building the channel from your point of view? John Carey: Got it. Well, first of all, you absolutely did get it right. It is, come June, four years since I joined SAS. Now, the first thing—I was brought in by the ELT, with an ELT remit to rethink partnering for SAS’s future. So we had a history of partnering. If you think about where SAS came from, a lot of advisory engagement, a lot of delivery through partners, but not necessarily a lot of co-sell and certainly no resell. So one of the remits coming in was to assess the business, understand what the opportunities were, and build a program that allows us to create a growing business that is driven by partners and owned by partners. And we get the acceleration and the leverage of the partner community that all software vendors are seeking and hope to take advantage of. When I came in, I would say we lacked maturity in our partnering in some areas. We were definitely mercurial in a way that wasn’t helpful. Partners didn’t have consistency, and we weren’t persistent in holding ourselves and our partners accountable. There was a lot of, “If only… it’s not me, it’s them.” So phase one: get to a single source of truth. So we introduced undisputed channel revenue. Let’s agree and measure together the value of the channel in our business. The other thing we did is we segmented, for the first time, our market. We had historically looked at our install base as a quadrant, an ABCD, thinking about propensity for growth and saturation. And we moved to the more traditional pyramid, but with a binary segmentation. So above the line: enterprise; below the line: channel. And that allowed us to prioritize routes to market. So in the enterprise, it’s very much a co-sell partner delivery model. GSIs are a very strong focus. Technology partners are a very strong focus up there. And then certain regional boutique consulting partners continue to be high value, particularly in our vertical industries—FSI, public sector, life sciences. Below the line, the story was: how do we give this business to the partners, give partners autonomy, and allow them to determine their own future? So that was really about taking business that was historically direct and making it indirect. Actually, this year, we have a whole project where we are moving our channel direct install base to indirect. So, communicating with the customer about why it’s good for them, communicating to the partner of what they need to do to be ready, and then putting that fuel into an engine that we’ve been building over the last few years with partners with strong SAS skills, but who were traditionally services partners and have had to build something of a resale muscle. We’re also starting to recruit some more traditional high-powered solution providers, as well as really focusing on managed service provider opportunities with partners who not only can sell the solution, but they host and operate the solution for the customer. And the nexus of this was finding ways to bring the enterprise value of SAS to the non-enterprise client base, and to do that through our local superpower, which is our partner community who understand those customers and their pain points in a way that we just don’t have the resources to do, and to make sure they’re empowered with the kind of tools and the right cost structure to be able to give that enterprise value at a non-enterprise price point. Robert Dutt: How has that direct-to-indirect transition gone? How does that land with customers? It’s got to be a bit of a communication challenge because you want to make sure you’re not positioning it as “we’re stepping away from you,” even if you’re introducing a partner into the mix. John Carey: Yeah. So this is what we’re going through right now. So first of all, there’s the angst as a vendor of saying, “I’m about to go to a customer and say our transactional relationship is going to change.” But really, our contractual relationship remains intact. The contract between the end user and the vendor stays in place. We are responsible for delivering on the value of the platform or the solution provided. What we’re doing is we’re rerouting the transaction through a partner, which means we can support more currencies. We can support different pricing conditions and payment terms that, as an enterprise, we’re just not able to entertain for anyone but the largest customers. And so our positioning is: it gives our customers far more flexibility and more intimate engagement than being part of a long tail of customers for a large enterprise that end up in this pool that you call “programmatic”—which we all use the words, but none of us like those words. And a way of avoiding that is to say, “This isn’t programmatic. This is channel-managed,” because this is where the partners are stepping in to make sure that that customer feels like the most important customer of that partner, rather than the not-most-important customer of a large vendor. Robert Dutt: Can you tell me a little bit more about the managed services motion and how you see that evolving, especially as SAS overall has become much more open in terms of the whole structure there—getting into MCP and acknowledging that a lot of times customers are going to be consuming SAS’s insights and abilities through the chatbots and other channels, for want of a better word? John Carey: Well, look, first of all, I’ve certainly lived through enough inflection points to recognize one as it comes along. And this is an inflection point where there’s opportunity and risk. When I think about the philosophy from the channel, certainly with channel customers, I want those customers hosted by partners. Why? Because a big part of their TCO challenge is just giving them access to software doesn’t mean they can afford the resources to operate and maximize return on that software. If they can be supported by a managed service provider, by a solution provider who’s hosting on their behalf, now they have access to actual educated, certified SAS resources who are dedicated to making sure they maximize the return on that investment. And so with that underpinning, you then think about the integration of the chatbots—the Anthropic’s, Copilot, Gemini integration. It’s pretty scary for mid-sized customers to be thinking about this. I mean, do most people know that if you put your data up on those things that it’s no longer privileged? Do most people know that there’s an element here which feels like social media, that we’ve since learned who’s being monetized here? This feels free, but actually I’m feeding this model all of my proprietary data to get a presumed efficiency which may or may not turn up, in the hope that it doesn’t hallucinate. Well, when I look at that and I think about SAS making data ready for the AI lifecycle, SAS having a governance infrastructure that allows us to identify bias, to make sure—now, as you heard announced yesterday, the AI Navigator that allows us to track these agents and ensure that we understand whether agents are behaving in a way that is copacetic with the intention of the business user. And if one fails or starts to behave in a way that is not aligned with the organization, you’re able to flag that. You’re able to communicate that to other connected agents so that you can source the problem and solve the problem. I think when we think of it in that way, this is a real opportunity for the channel to step in. These moments of “How do I bridge the technology into value?” is the perfect space for resellers, service providers, solution providers to step in, navigate that complexity for the customer, give the customer confidence with the technology choices that they’re making—that they are safe and secure with SAS. As I frame it, we’re a 50-year-old vendor who’s been in the most regulated industries. Others out there turn up with an easy button and a black box. We turn up with a transparent box and a governance framework that means we acknowledge nothing’s easy, but once you engage in this, you will survive audit. You will be able to understand where problems occurred and why, and you will be able to remediate. Robert Dutt: A few years ago, maybe about three, you guys signed on TD SYNNEX. I think that’s the first major global distribution partner for you guys. What was the hypothesis behind that move, and how has it worked out? John Carey: So the general hypothesis was—and again, I’ve been in the industry a long time. I think every year we hear the headline, “This is the year distribution is no longer relevant.” I actually did a column on that not too long ago. Robert Dutt: There you go. John Carey: And meanwhile, they continue to provide new and incremental value. One of the hypotheses was as we moved to indirect, there is obviously—from going from thousands of customers to hundreds of partners, going from hundreds of partners to one distributor allows us to get that leverage effect through quotes, transactions, credit. Something that provides a security to us as a vendor that allows us to lean in, but also provides structure and options at the partner level that they need, but are not a priority for us as a vendor. So TD SYNNEX offers financing terms. They will invoice on behalf of the partner. They will put together creative fiscal options that allow customers to stretch. They’ll even offer to assess credit based on the end user’s credit rather than the partner’s credit. Those are fantastic services that just, frankly, as a vendor, aren’t our core business. So what we’re able to do is to address more customers through more partners and do the thing that we’re really good at: solve their data and AI problems through Viya and our solution stack and bring value to those businesses. Robert Dutt: Given all that, a while ago the goal was set for 30%, I think, of revenues through channels. Where does that sit today? What’s the momentum looking like? And what do you see as sort of remaining obstacles along the way to that goal? John Carey: Yeah, so great progress. So if I think about segments—the channel segment, which is 100% indirect, is between 10% and 15% of our business. In the enterprise, there’s a lot of channel fulfillment and engagement. And so overall, we are very close to that 30% of the total business being with or through a partner. But we want to—the new goal is, as all goals change: I want to be 30% of the overall business with that channel segment. With that segment of customers that are exclusively partner, and therefore be a strong contributor into the enterprise accounts with partner co-sell, partner fulfillment, and partner delivery. So future’s bright. All goals, as they need to, change over time and the bar increases. And we are doing a great job of forcing that bar up every year so that we have to ask more of ourselves and our partners so that we make sure we focus on delivering value to our customers. Robert Dutt: Let’s talk about what it looks like to be a SAS partner today in terms of the economics and all that kind of good stuff. What does success look like economically for a partner today? And how is that story changing as the product portfolio and the goal shifts? John Carey: As you say, goals are made for changing. And especially in this industry, things change fast. So maybe a good way of thinking about this is: what’s the conversation with a new partner that we’re onboarding? And one of the things we’ve tried to do is to say, “Hey, look, we will have the packaging so that you can focus on sales readiness first and build a book of business with us.” So that’s where we leverage package service offerings from our SAS consulting organization that are resellable by partners. We are rationalizing our product portfolio for the SMB market to be far more prescriptive. We know what works, but we still have the full enterprise list of offers, and frankly, it doesn’t add value. It adds something of a confusing layer of options that aren’t really relevant for many of the use cases and customers that we and our partners specifically deal with. So phase one: build an annuity business on the resale model. As you become—and as it makes sense in your business—to invest in services headcount, then those package service offerings get replaced by your own services. And it is a services-rich business. The great thing about a data and AI platform is once you start answering questions and you’ve built that trust with the client, more and more questions occur. And models need to be refined; models need to be promoted. And as a partner, if you are doing this in a regular cadence, you are building a scenario where that customer trusts you as their trusted advisor and comes to you for those service elements. So the baseline is—and we pay more on New than we do on Renew. There’s an annuity business build out there that is driven by sales enablement and sales focus and strong investment in demand generation on our channel marketing center platform, where you can run co-branded campaigns and drive real top-of-the-funnel demand. We’ll work with you on getting that down into closed business, and we know how to do that very well. As it becomes reasonable for you to make investments in technical resources where you know you have a book of business, you can apply those resources too. That’s where we ask partners to lean in. And at that point, they are now attaching services, and that grows their—and we know that services are more profitable than the resale. So it’s table stakes: build a book of business that’s got an annuity associated, and then use that to catalyze investment in more profitable services over time, which is something of a sea change. When I came in, there was a lot of investment required before a partner was allowed to sell. And we’ve inverted that to say, “I want it to be easy for you to sell and we’ll support you.” And when you’ve got the right amount of business behind you, then it makes logical sense for you to invest. And that investment is the outsized return for you as a partner. Now, for our existing partners, it’s the inverse, right? They were already doing a lot of delivery. They know how to do the services. This now gives them a vehicle to attach those services to that’s more autonomous and less dependent on a SAS seller to pull them in after. And so with that, they’ve made great investments in sales functions within their organizations for product sale and attaching their own services straight out of the gate. Robert Dutt: Big announcement week this week with AI Navigator on governance, the new agentic AI capabilities across the board, the industry accelerators. From a channel strategy standpoint, do these announcements change who you’re looking for in terms of partners, or is it an opportunity to do more and different things with the base? John Carey: I think the honest answer is both. If I think about our GSIs, the accelerators, the models, the agentic capabilities are incredibly attractive to our global systems integrator partners. And it gives them a reason to lean in even more with us around account telemetry, account planning, and moving out of that advisory engagement into delivery engagement with them. And we are now a very modern platform that has been very considerate of where our customers are. We’re a company who reflects the personality of our founder. I think of that Teddy Roosevelt quote: “Walk quietly, but carry a big stick.” Well, we walk quietly, but with our platform and our solutions, that’s a very big stick. It makes a lot of noise. And I think what you saw at this Innovate was kind of something we’ve known for a while, but now the market is starting to recognize is that there’s a lot of significant growth value there for existing customers as they move to Viya and the Viya solutions with the agentic AI integrations, with the accelerators. So that’s happening, I think, on the other side. We are now at a point of inflection where enterprise capabilities are expected at non-enterprise accounts. And how we execute on that is through partners and through prescription and optimization, so that when we engage, we give those customers a very clear message of what they can do and what they can achieve and what it’s going to cost them. And that is all within their budgetary expectation, and we execute on that relentlessly and consistently with our partners. Robert Dutt: When I chatted with Ryan Macdonald, who heads up the Canadian operations, a bit earlier, he talked about—especially in competitive situations—what he called a “hidden SAS situation,” where organizations will find that they’re running business-critical decisions on stuff, on SAS, that they’ve almost forgotten about. It just kind of sits there, it just works. And the conversation becomes about: how do you upgrade and grow from that foundation? How do you find that conversation showing up in the partner community? And if it is, in fact, a partner conversation, how are you equipping partners to realize that opportunity? John Carey: Yeah, so I think that’s very much a conversation with our established enterprise industry accounts. And so how I think that shows up is our conversations with our global systems integrator partners. They’ve made investments in assessment tools and accelerators and migration pathways that help a customer understand how they are currently using their SAS estate and what critical functions are being run on that estate, so they can help a customer understand the actual relevance. It’s like, I live in Florida, right? I only notice the air conditioning when it doesn’t work. But you don’t switch off the air conditioning unless you’ve got an alternative ready to go. And their job is to make sure customers, when making strategic decisions, understand the impact of decisions they may make. And that, I think, creates an opportunity for how we’re talking about: “We’re going to actually upgrade you so that you have better climate control, right? You have new options. It can be more cost-effective as it scales and it can meet more of your needs. And you don’t lose the critical foundation that you’ve been building your business on.” I think there’s some of that recognition that we’re a relatively humble organization, but I’m starting to hear more of our customers acknowledge, more of our partners talk about, “Hey, let’s not shy away from the fact you’re running your business on SAS.” This is critical functionality. We hear billions being managed. When we think about our price book, we talk about billions of assets under management. I mean, that’s the order of magnitude of what we’re managing from a risk or a fraud perspective. And we want to make sure that we can meet customers where they are and make sure they make decisions that are good and solid for their business. Robert Dutt: Another one that came up with Ryan was the idea of increasingly seeing GSI plus niche specialist partner and kind of the ecosystem play. I’m curious if that’s a deliberate strategy. Is it something you’ve observing and adopting to? John Carey: For me, I think it’s always been there. I think GSIs have always really effectively subcontracted in specific expertise and niche value as needed when doing delivery. I think what’s happening now, again, with disruptive inflection points—what I believe we see happening is things that were already happening become very visible. So I think what we’re seeing right now is, rather than that being a subcontract relationship, it’s a more explicit contract with GSI, contract with boutique partner with very specialized expertise. And it’ll settle over time, and it may even go back to more of a subcontract model. But I think that’s great. We’re all acknowledging that there is value in industry expertise, and even within industry expertise, there is real value in some very niche expertise that requires that level of investment. And you should be paying to make sure you get the right value resource working on your project. Robert Dutt: If I’m a Canadian reseller or a system integrator who hasn’t worked with SAS to date listening to this and thinking, “All right, they have an interesting story, they’re in an interesting place.” What’s the right profile for a partner for you right now? What are you looking for? What do you actually need more of in the market? John Carey: I would say I’m looking for solution providers. So I’m looking for partners who can address mid-market organizations’ needs across data and AI. With a strong relationship with TD SYNNEX, great credit, skills in infrastructure, security, data, who are looking to an adjacent expansion where bringing in SAS as a way to modernize that data for the AI lifecycle and turn that data now into insight and from insight into workflow integrated with agentic capabilities. If that’s your bag, don’t just knock on the door, knock our door down. We want to talk to you. Robert Dutt: Fair enough. Final question: what does the SAS channel look like in three years if things go well and there aren’t additional changes along the way? What would you point to and say, “That’s the thing we’re building towards”? John Carey: I think the service provider in the mid-market and below will become a far more dominant motion. I think in the enterprise, we’ll see even more integration of partners from a fulfillment perspective as customers start to push vendors to engage with them through the advisors who have guided them through this transformative period. And I think as a vendor, you just have to acknowledge that the customer is going to tell you who they want to buy from. The customer is going to tell you who they want to work with. And as a vendor, what you want to say is, “Well, if they have the skills, we should lean in. If they don’t have the skills, we should be really honest about the fact that we think you could be better served by a partner that looks with this profile and skills, and here are some we would recommend.” But again, the customer is ultimately going to make the trade-offs. But I would say managed service providers are increasing, and partners building their own value on top of the Viya platform in industries where we have yet to unlock use cases are becoming more and more the norm. Robert Dutt: Especially since so much of the audience is in that MSP space, I think that’s going to be one that hits home. Well, John, I appreciate you taking the time on what I’m sure has been a very busy week. John Carey: I appreciate it, Robert. Thank you for the time. Robert Dutt: There you have it—John Carey from SAS Institute. I’d like to thank John for his time and thank you for listening. Few things I’m taking away from this one. First, the framing I kept coming back to is the transparent box versus the black box. Others turn up with the easy button and a black box. SAS turns up and says nothing is easy, but when you engage with us, you’ll understand where problems occurred and why, and you’ll be able to remediate. In an environment where AI governance is moving from a theoretical concern to an operational requirement, that’s a differentiated position and for channel partners, it means the conversation is not just about selling software. It’s about being the guide that helps the customer make confident technology choices. Second, the direct-to-indirect migration is live right now. The contract between the end user and SAS doesn’t change. What changes is the transaction route, and the pitch to customers is that instead of being part of a long tail at a large enterprise, you become the most important customer of a partner who’s dedicated to your success. It’s a strong repositioning and the kind of opening that partners who have not been in the SAS conversation before should be paying attention to. Third, John was pretty clear about where the next three years go. Managed service providers building up their own value on top of the Viya platform in industries where use cases are still being unlocked. If you’re an MSP with deep vertical expertise and data, security, or infrastructure skills, this episode makes the case for why you should be knocking on SAS’s door. We’ll be back on Monday with more from SAS Innovate as we hear the practitioner side of the story: my conversation with Nat D’Ercole from Deloitte Canada on what AI transformation actually looks like from inside a major Canadian enterprise engagement. If you found this one useful, follow or subscribe to the ChannelBuzz.ca podcast. We’re on Apple Podcasts, Spotify, YouTube, and most of the major directories. Ratings and reviews are greatly appreciated, especially when they have five stars. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: Integris, a managed AI and IT services firm backed by OMERS Private Equity, has announced its intent to acquireFirst Focus, the largest managed service provider serving small and midsize businesses across Australia, New Zealand, and the Philippines. The deal, subject to regulatory approval, is designed to extend Integris’ geographic reach while accelerating delivery of AI-enabled managed services across regions. For the channel, the transaction is a clear expression of the platform MSP consolidation trend playing out globally through private equity – and for Canadian observers, the OMERS connection is notable: the Ontario Municipal Employees Retirement System is the PE backer driving this international build-out. Cybersecurity vendor NeuShield has announced a partnership with Ontario-based MSP Data Guards to deliver instant ransomware recovery services to clients. In a documented real-world use case, the companies reported restoring more than 6.2 terabytes of encrypted data in just fifteen minutes – a recovery window NeuShield says would have taken more than five days using traditional backup methods. By integrating NeuShield Data Sentinel into its managed security stack, Data Guards can offer one-click recovery of corrupted data and storage-layer protection against ransomware and file tampering, reflecting a broader market shift as solution providers move beyond prevention and detection to guarantee client data remains continuously recoverable without system rebuilds. ThreatLabs Europe, the research arm of ThreatDown, has discovered threat actors weaponizing AI agent skills to deliver the GachiLoader infostealer. Attackers are using a fake OpenClaw AI agent skill as a lure to inject the Rhadamanthys infostealer directly into memory, leveraging the Polygon blockchain for command and control to bypass traditional perimeter defenses. The malware harvests cryptocurrency wallets, browser credentials, Telegram messages, and password manager contents. The discovery is a direct warning for the channel: as non-human identities proliferate in client environments, identity and access management practices must now account for the vulnerabilities introduced by AI agents – not just human users. In brief: Sublime Security has launched its first formal channel partner program and announced a move to a 100 percent channel sales model, with dedicated reseller and MSSP tracks. The agentic email security platform uses a rules-plus-AI approach it says catches attacks that signature-based tools and generic AI products miss. Konica Minolta has announced the spring 2026 launch of the AccurioPress C5080 Series, a new line of digital production presses designed for high-volume commercial printing environments. Forescout has launched Mission:Possible, the company’s biggest channel partner tour in 25 years, spanning more than 90 cities globally between May and September. The immersive events are built around hands-on IT, OT, IoT, and industrial security challenges, with the goal of sharpening partner positioning around zero trust and continuous threat exposure management. Microsoft 365 E7 goes generally available today at $99 per user per month, bundling Microsoft 365 Copilot, the Entra Suite, and advanced compliance capabilities in a single commercial tier. Microsoft’s Q3 earnings this week confirmed Copilot has crossed 20 million paid seats – E7’s launch signals the next phase of the AI licensing conversation for solution providers. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Friday, May 1, 2026, and here’s what’s happening in the channel today. Integris, a managed AI and IT services firm backed by OMERS Private Equity, has announced its intent to acquire First Focus, the largest managed service provider serving small and midsize businesses across Australia, New Zealand, and the Philippines. The deal is subject to regulatory approval and is designed to extend Integris’ geographic footprint while accelerating delivery of secure, scalable AI capabilities across regions. For the channel, it’s a clear example of the platform MSP consolidation trend playing out globally – and for Canadian observers specifically, it’s worth noting that OMERS, the Ontario Municipal Employees Retirement System, is the private equity backer driving this international build-out. Cybersecurity vendor NeuShield has announced a partnership with Canadian MSP Data Guards to deliver instant ransomware recovery services to clients. In a real-world use case that highlights the collaboration, the companies reported successfully restoring more than 6.2 terabytes of encrypted data in just fifteen minutes. According to NeuShield, this compares to more than five days that would have been required using traditional backup methods. By integrating NeuShield Data Sentinel into its managed security stack, Data Guards can offer one-click recovery of corrupted data and protection at the storage layer against ransomware and file tampering. The partnership underscores a broader trend in the market, as solution providers increasingly move beyond prevention and detection to ensure client data remains continuously recoverable without the need to rebuild systems from scratch. ThreatLabs Europe, the research arm of ThreatDown, has discovered that threat actors are now weaponizing AI agent skills to deliver the GachiLoader infostealer. According to the company, attackers are using a fake OpenClaw AI agent skill as a lure to inject the Rhadamanthys infostealer directly into memory. The attack utilizes the Polygon blockchain for command and control instructions, allowing it to bypass many traditional perimeter defenses to harvest cryptocurrency wallets, browser credentials, Telegram messages, and password managers. As malicious actors increasingly exploit the expanding footprint of non-human identities, the discovery serves as a clear warning to the channel. IT professionals must ensure comprehensive identity and access management practices account for the vulnerabilities introduced by AI agents operating within client environments. In Brief – Sublime Security plans to go 100 percent channel Konica Minolta has announced the spring 2026 launch of its AccurioPress C5080 Series for digital production environments. Forescout goes on Mission:Possible partner tour And finally, today's the day for the launch of Microsoft 365 E7 Full details and links in the show notes or the blog post. Later today on In The Channel, we continue our coverage from SAS Innovate 2026, as we talk to SAS global channel chief John Carey about four years building out the channel program for the analytics company, the increasing role of MSPs, and how his own goals for the partner portion of the company's revenues are evolving. And if you haven’t heard it yet, yesterday’s episode featured my chat with SAS Canada leader Ryan MacDonald on the state of the AI opportunity in Canada, the role of partners, and why the value of SAS may be hidden to some customers. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Ryan MacDonald, country leader for SAS Canada Recorded on site at SAS Innovate 2026 in Grapevine, Texas, today’s In The Channel features Ryan MacDonald, country leader at SAS Canada, in a wide-ranging conversation about what the week’s major announcements mean for Canadian organizations – and where SAS sees its channel and partner opportunity growing. The conversation opens on the energy at SAS Innovate, which marks the company’s fiftieth anniversary, and what the announcement lineup – including the new SAS AI Navigator for AI governance and the expansion of agentic AI capabilities across the Viya platform – means for the Canadian market specifically. MacDonald describes Canadian enterprise AI maturity as strong in intellectual capital but still building toward consistent economic output, with the governance and trust framework a necessary foundation before organizations can scale. He draws a direct line between Canada’s regulatory environment – OSFI E-21 in particular – and the practical operational pressure organizations are feeling as model validation volumes have grown from two a week to multiple per day. On the competitive landscape, MacDonald addresses the challenge from Microsoft Fabric and Databricks with an argument about SAS’s existing footprint in business-critical decisioning layers – often invisible infrastructure organizations don’t always realize they’re sitting on, and an upgrade path through Viya designed to deliver incremental value rather than a rip-and-replace. The conversation also covers the evolution of SAS’s channel strategy, the managed services opportunity in a data sovereignty environment, and the MCP-based openness that is letting external AI agents call SAS analytics directly. Read Full Transcript Robert Dutt: Hello, and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. This week, I’m coming to you from Grapevine, Texas, where I’ve been on the ground at SAS Innovate 2026. It’s a significant week for SAS Institute on a couple of fronts. The company is marking its 50th anniversary this year, and the announcement lineup has been one of the more substantive in recent memory, with major moves in AI governance, agentic AI across the Viya platform, and a meaningful shift in how the platform opens up to external AI agents and frameworks. My guest today is Ryan Macdonald, country manager [CHECK: title recorded as “country manager” – should be “managing director” if you want to punch in] for SAS Canada. Ryan’s been with SAS Canada for about a decade, and has just stepped into a role leading the country this year. He has a front row seat to some significant strategic changes – the move to Viya, the expansion of the partner and channel program, and now what I think is a genuinely important moment as AI governance moves from theoretical concern to practical operational requirement, particularly in Canada’s regulated industries. We cover a lot of ground – what this week’s announcements mean for Canadian organizations, where Canadian enterprise stands on AI maturity right now, the OSFI E-21 story, how SAS is thinking about its channel ecosystem and the mid-market opportunity, and a candid conversation about managed services and data sovereignty. Let’s get right into it. My chat with Ryan Macdonald. [MUSIC] Robert Dutt: Ryan, thanks for taking the time, and what I’m sure is a busy week for you. Ryan MacDonald: Yes, of course. Thanks for having me, Robert. Robert Dutt: You guys turned 50 this year, and it feels like one of the bigger product lineup announcements at Innovate in a while. Curious what you felt from the room. What’s the energy, what’s the vibe that you’re getting from this year at Innovate, especially given that 50 years of SAS framing? Ryan MacDonald: I agree with the energy you’re feeling. Certainly a ton of energy around our 50th and just what we’re seeing in terms of AI tooling and where we fit into that ecosystem. So lots of conversations about the data estate, how that’s evolving, and then just really looking for the reality check on where practical value lives in the new AI ecosystem that’s being framed around, especially for enterprise technology stacks. Robert Dutt: Look at the announcement stack this week. You’ve got Navigator for AI governance. You’ve got the agentic AI expansion in Viya, the various industry solutions. Curious – and I’m sure you’ve seen some of these before they were announced to the public and been following their development – what is kind of activating your Spidey senses in terms of, “ooh, that’s going to play well at home right now.” What are we seeing as sort of the big early day opportunities out of those innovations? Ryan MacDonald: Certainly in Canada, the regulatory domain around model risk management and model management and lineage and explainability is front of mind for everybody. I think that’s the major limiting factor in terms of proliferating cost of AI, in terms of actually calculating a per unit cost of running a model or introducing intelligence to something that was maybe traditionally rules-based. And so I think not only is there a regulatory driver, but people are seeing that as a practical constraint. So a lot in the governance and trust domain is certainly a hot topic. Robert Dutt: And that kind of speaks to where I wanted to go next, actually, which is you guys have been in Canada across verticals for a long time, obviously. Curious how you would describe the overall kind of AI maturity of the Canadian market right now. Are we kind of leading, lagging? Or is there something distinctly Canadian to it? Ryan MacDonald: Yeah, great question. This is close to home. We have the benefit of working with thought leaders in AI, folks like Ajay Agrawal. And just knowing the pedigree of intellectual property around this conversation in Canada, we have so much there. Of course, Geoffrey Hinton and Ilya Sutskever and the folks at U of T have just delivered so much to this community. I think that said, enterprise adoption and converting this into economic output is still something that we’re figuring out. So I think our investments generally, relative to peer groups around the world, we’re still a little behind. I think we’re doing some advanced things. There are some exceptions to this, where use cases are at the forefront of what’s being delivered globally. But generally, I think the data estate and this trust dynamic and the need for establishing a scalable framework for trust and governance – it’s a responsible thing to do. But relative to other geographies, it’s setting a foundation before we really run away with some use cases and deliver. Robert Dutt: One thing we’re tracking – I’m sure a lot of people are – is the idea of AI initiatives that get a start and a lot of fanfare and then fizzle out before hitting production or certainly proving their worth. I’ve heard a lot of the framing of the idea of trust and governance as kind of the growth driver, rather than the compliance tax. How is that hitting in Canada? And is that any different than what you’ve seen in terms of reactions and feeling and overall motion in the states or elsewhere? Ryan MacDonald: I think there are certainly differences in the tone of this conversation. For me, the purview is mostly north and south of the border – the US and Canada. But I think in Canada, we have a regulatory domain that is really prioritizing these things. So it’s not optional for a lot of – especially in a regulated market, this isn’t really a luxury you’d have to say, do I comply with this or not? But I think it’s also putting a per unit cost parameter on this for folks that is important. We’re seeing a huge proliferation of AI. Everything – your microwave, your lawnmower, everything has some sort of AI enablement component to it. Is it necessary? Are you getting the appropriate uplift? And these teams that are validating and pushing these models through the organization – what we’re hearing from them – this went from two a week, to a month, to two a day, five a day, ten a day. And so the systems – it’s not just a luxury or a question really of the ethics. Are we doing the right thing? Is this responsible? It’s a framework that’s required for the validation process, even just table stakes, to really scale through the organization. Robert Dutt: To that point, in Canada we’ve got financial services, and particularly we’ve got OSFI E-21 coming up. That’s pretty scary – things attached to it if you’re not hitting the bar. Are you seeing that create urgency? Or are customers still in a wait and see kind of space around that? Ryan MacDonald: I think the regulatory conversations there are interesting. There’s a lot of assessment of what peers are doing. And I think OSFI, to their credit, really listens to the community. Rather than setting a standard blind lead, just based on their intellectual property and what they see as being a requirement, they really listen to the community and measure from where everybody is, taking stock of that. So I don’t believe there’s a lot of fear and panic. I think organizations – as we did a lot of work around E-21 [CHECK: transcript rendered as “E23” – confirm on playback] specifically in this space – they were really well prepared. They had some ideas on how to make this more efficient, really focus on the materiality of where the risk lives and develop a framework that’s consistent with the risk posture in other domains. And I think that’s really – nobody was suggesting, “hey, this isn’t a good idea. This is too much pressure. This is putting a cost burden on us.” That wasn’t really the dialogue. Robert Dutt: Beyond financial services and other regulated industries especially, what are you seeing in terms of how customers are wrestling with AI governance right now? Ryan MacDonald: I think the scale of maturity across industries just varies so greatly. You have some organizations that are really just getting started, and they’re acknowledging that. In some of the roundtables we’ve had the benefit of participating in, some folks are trying to find their first step in AI. What does this even mean? They’re trying to find the right resources that can guide them. They’re still building their technology estate. And then, conversely, you have folks that are, as we spoke about earlier, leading the world – the global community – in terms of things like automated decisioning frameworks and integrating what were previously siloed processes. We see this in risk and fraud domains merging together. So I think we’re seeing both ends of that spectrum in Canada, certainly. Robert Dutt: Analytics has become a crowded space lately – with Databricks, with Snowflake, with Microsoft Fabric getting in there, all in territory that you guys have been in for a long time. How do you make the case to Canadian organizations that have been told, especially by Microsoft, “hey, you can just have analytics as part of what you already have?” What’s the competitive message there? Ryan MacDonald: Yeah, that’s a regular conversation for us, of course. I think what we really offer institutions, especially given the scale of the organizations we support – and we work in almost every major industry, every major enterprise in Canada – we offer a very different risk posture in moving through this process. So they may have what were traditional analytics with SAS. Maybe we had dabbled in what was previously BI, something like that. But for a lot of institutions, we support business-critical payload. There is a core application to their business that’s being delivered with a component of SAS. And oftentimes, as our relationships diversify across the organization, maybe we have a specific technology sponsor that helped build this alongside their business counterpart. Maybe they’ve moved on. And that decisioning layer is sort of obfuscated. So we spend a lot of time identifying – hey, is this what looks like ETL work potentially, in a report or an assessment that’s performed? Is this really a decisioning layer in your organization? And that’s what we’re really finding is there. And what folks are really interested in is taking that framework – what was previously identified as legacy SAS – and seeing what we offer in terms of Viya. It’s scaling far beyond what the competition can offer in terms of decisioning frameworks and automating process and delivering core value. A lot of the AI discussion is focused now on where are you seeing ROI? How long do we have to wait? What is the roadmap to finally get something out of this? And I think that’s really the core difference. Yes, there’s a lot of tools. It’s a crowded space. The competition is fierce and they can do some very exciting things. I think what we offer organizations is really the opportunity to do those same things and more, and to take your current investments, your current intellectual property, through that framework – which delivers value incrementally rather than a build within a complete new paradigm. Robert Dutt: One of the announcements that really caught my eye this week was the addition of the MCP – in that essentially you guys are opening up the analytics engine to external AI agents like Claude to call it directly. It seems like a pretty significant shift in terms of thinking about openness, thinking about consuming SAS from wherever folks want to consume it. What does that motion mean for the Canadian organization and for your Canadian customers? Ryan MacDonald: I think this is an extrapolation of what we spoke about earlier, in the sense of we are providing these deterministic decision frameworks to these organizations today. And so we talk about this almost in the sense of the Apple/Android paradigm. This was a previously closed ecosystem. The SAS code base was proprietary. The compute infrastructure was proprietary. And the open source motion was the first move here – running Python and R and other code frameworks natively within SAS is something that we’ve supported now for years within Viya. And it’s an extrapolation of this – meeting our customers where they are. SAS did not endeavor to compete directly with the frontier labs and build LLM models. But we certainly see the benefit – this is providing the market the productivity increase, the creativity of use cases, and what this adds to decisioning frameworks. I think the shortcoming is still the deterministic component, where something can be built in a hard and trusted capacity, presented to a regulator with the appropriate lineage. That’s really where we see these worlds coming together. So I don’t think it’s a great strategic decision if SAS were to impose, “we have one specific framework, one partner in this space.” We’re seeing, in addition to the frontier labs, a lot of custom work in this space as well – enterprises that are building more small language models around their data sets. So imposing this integration framework, I think, allows us to really meet customers where they are. Robert Dutt: A few years ago there was a flurry of things going on on the channel side for you guys. You brought on TD SYNNEX as a distributor. I believe it was a worldwide, not Canadian-specific figure that you were going for – 30% of contribution through partners. Where’s the channel scene at for you today? How would you characterize where you’re at against those goals and others? Ryan MacDonald: I think we’re still making progress in that domain. The channel business is still growing very aggressively. It’s a big shift to turn, frankly, in terms of getting the allotment of customers we had when we segmented what work was going to the channel, how that was going to be developed. And we compare ourselves to our peers in the industry – they’ve been at this for a lot longer. So just the maturity continues to develop. I think we’re seeing great progress, great feedback from customers in terms of the way that the channel is able to support them. And we see proliferation of niche players here that have come out of the woodwork that are very industry-specific. So I think that’s really the opportunity – where we had a general technology-based approach for certain industry segments, what we’re seeing is these channel partners can really tie together these business outcome-driven discussions in a way that was much more expensive and difficult for SAS to scale to. Robert Dutt: What does the community look like today in terms of scale, profile of partners, what they’re doing, and where do you see that evolving over the near future? Ryan MacDonald: I think we’re seeing this change very quickly with the advent of AI in terms of what use cases are being prioritized. I think in Canada, a lot of organizations have hit a wall in terms of understanding their data foundations – they’re not necessarily ready to scale them towards all the outcomes they’re seeking to deliver. And so channel partners are that domain. What are our peers doing? And this is GSIs and niche consulting firms and everybody in between. So we’re really seeing those conversations take shape of almost a reset of the roadmap, a reprioritization of how they’re building out their target state ecosystem. And that industry expertise is, I believe, the real differentiator. There’s a lot of competition. It’s a crowded space in that sense. So having an outcomes-focused point of view, whether that’s from SAS directly or a channel partner, is really important. Robert Dutt: Is the changing nature of what you guys are focused on in terms of AI governance and all those kinds of things that we’ve been talking about changing the definition of who you’re working with as a partner? Or is that something that’s likely to happen in the near future? Ryan MacDonald: I don’t think it’ll necessarily change. We might add some things to it, but they’re really part of the same conversation. I don’t think you can have a conversation about scaling AI without a discussion about the governance framework. And in a lot of cases, model inventory work, and just being the core platform of delivering models in this decisioning layer, is something that SAS had a lot of experience and an existing footprint within. So I think it’s really germane to the way we’ve been working with these customers today. Robert Dutt: How does the service mix – how they actually bring this all to market as partners – change as kind of what you’re going after changes? Ryan MacDonald: I think there’s a lot more consultative work right now around these outcome-focused and prioritization discussions. So I think it certainly is changing. And if you’re seeing this sort of increased competition in the technology domain and more commoditization of certain tool sets, it just puts more weight on – how do I really navigate? It crowds the pathway and creates more obstacles in terms of delivering outcomes. And so I think just refocusing on outcome-oriented discussion – and a lot of times these are deep partnerships between a niche consulting vendor, or somebody that now is a channel partner to SAS, and these firms in sectors across Canada. So it’s not necessarily changing the way we’re working with them. It’s changing the prioritization of the discussion, putting consulting maybe ahead of technology. Robert Dutt: Before we sat down to record, just as we were getting to know each other, you mentioned that part of your path through SAS Canada was you had managed services, at least for a while – and I believe that to be internally. How has that shaped, and how does this moment shape, how you think about working with partners who are in that managed services kind of motion? Ryan MacDonald: Yeah, that conversation is changing everywhere in the world. The political landscape, of course, is relevant here – in terms of we’re seeing some location dictate where customers are willing to send or host data. We’re seeing geo-repatriation in that sense. We’re seeing movement to the cloud change the dynamics of the cost model, what folks are seeing in terms of stable applications that don’t necessarily need the scalability or proximity to data. We’re seeing them pull some things back on premises and build clouds internally with OpenShift and other technologies. So I think it’s a cycle like most things in technology, where we’ve had the gold rush of moving everything to the cloud. And I think especially enterprise customers are now deciding not only how do they divide that workload amongst hyperscaler partners, but what is appropriate for internal clouds, which are now growing in popularity. And I think in Canada, we’re not seeing a huge disruption in this space, but we’re seeing a lot more of our business grow in terms of managed services. And as we talk about more outcome-driven engagements – less just providing raw access to the technology – the managed service really bridges the gap in terms of the various integration points that need to be managed along the way. And so it’s not just simply providing the infrastructure and application support. We’re seeing the managed service domain, especially around SAS – where this is not a one-size-fits-all approach – really extrapolate into “can we help you really derive your outcome” with expertise in either transformations of data, or we’re providing models now in terms of a service offering, in addition to consulting work of building models custom to each application. So that’s really evolving quickly. Robert Dutt: One of the trends that we follow a lot is this move across the industry to look at partners less as a direct, straight-through channel and more as an ecosystem – a lot more multi-partner engagements, especially given where you guys sit in the complexity and custom nature of a lot of what customers are asking of you. How are you guys thinking about that ecosystem, multi-partner play? Ryan MacDonald: I think the list of partners is generally growing as we talk about extrapolating into channel and SAS’s ambition to have, as you stated, 30% of our revenue flowing through the channel in Canada. I think the customer really dictates the specific mix. And so customers in large enterprise have a preference of GSI and specific domains. And what we’re seeing more is the introduction of niche players alongside GSIs, where typically that was binary previously. They would typically – let’s say they work with Deloitte or EY, for example – that would be their preference to continue in that direction. And now we’re seeing them want to leverage the scale those organizations offer, but really like the thought leadership and expertise delivered by a niche partner, and want to bring us all together. So we’re seeing a lot more partners enter the conversation, which I think is very healthy for the competitive domain and just in terms of getting to specific outcomes very quickly. Robert Dutt: The traditional sweet spot for SAS has been clearly enterprise, and Canada’s a very SMB-heavy nation, obviously. But a lot of the stuff that’s going on right now between the Viya SaaS model and the stuff going up on GitHub and the move towards managed services suggests that there might be even more of a mid-market play than before. I’m curious what you see in terms of what a Canadian reseller can realistically and credibly pursue right now. Ryan MacDonald: That has been the way the economy has been structured in Canada for decades, of course, and something that I think our channel strategy really celebrates and prioritizes. SAS – it’s hard to work both ends of the spectrum. And so our legacy of working with enterprise customers, to explore some of the topics we’ve covered in the regulatory domain and how that takes shape, the reach to SMB customers has been something that we’ve candidly struggled with at times. The channel is really the resolution to that. So we’re seeing, as we talk about more entities in this space, the mix of consulting partners or partners in general proliferating – that’s really where we’re seeing it, down more towards the SMB segments, less on the enterprise side. Robert Dutt: Acknowledging that there’s going to be a wide range of things here, and it may even depend partner to partner, but looking at the channel as an aggregate – what do you need more of from your partners right now in terms of areas of focus, in terms of opportunities to be going at, in terms of skillsets? Ryan MacDonald: I think because we are trying to aggressively pursue this market in Canada and service this customer base – which, again, the channel is just better suited for, all around – to me, it’s the feedback loop. That’s something that we challenge, of course, our frontline in an enterprise setting. You have a consistent flow of communication that’s bidirectional. We’re getting feedback on what’s important to them, what they are doing with the platform at times in our tool sets. And having that flow through an additional intermediary is an additional step in the process in the channel segment. But I think that’s really important – just to make sure we’re collecting feedback not just from channel partners, but direct from customers – their experience with SAS, how our channel partners feel in terms of support and enablement, pricing and mechanics and the rest of it as well. Robert Dutt: Curious what you see success at SAS Canada looking like over the next 12 to 18 months. What are the conversations you want to be having that you aren’t yet? What are the measurements that you’re looking at? Ryan MacDonald: We have been growing the business – in terms of revenue, of course, is always important to us – but influence in the market, I think, is something else. SAS, having such a – as we celebrate 50 years – our legacy is something we’re incredibly proud of. It’s afforded us the opportunity to build these great partnerships in Canada, all across the country, various enterprises. I think at times the double-edged sword there is they may equate us to the way they had built with SAS previously and don’t necessarily take stock of some of the things you’re seeing us bring to market today and announcing here at Innovate. So I think that is really what we look for – not just in terms of revenue growth and are we delivering more outcomes and scaling the progress with these customers. Are we really – are they delivering within the new framework? Are we changing the narrative in terms of what they see from SAS and who we are to them? Robert Dutt: My last and definitely most important question – how many dinners did you have last night? Ryan MacDonald: I had one dinner. Robert Dutt: One? One dinner. Oh, that’s an accomplishment. I appreciate you taking the time, Ryan. Thanks. Ryan MacDonald: Thank you, Robert. Really, really nice to meet you here today. Thank you, I appreciate your time. Robert Dutt: There you have it – Ryan Macdonald from SAS Canada. I’d like to thank Ryan for his time. This was our first in-person recording with the new setup, and I think you can hear the difference. And thank you for listening. A few things I’m taking away from this one. First – the AI governance story in Canada is moving faster than it might look from the outside. Ryan’s framing stuck with me: the volume of models organizations are pushing through validation has gone from two a week to five to ten a day. The governance framework isn’t a compliance tax – it’s the operational infrastructure that makes any of this scalable. And for Canadian financial services firms, OSFI E-21 isn’t on the horizon anymore – it’s here. Second – SAS’s competitive argument is more interesting than the standard “we’ve been around longer” play. The pitch is that there’s already a business-critical decisioning layer in your organization that’s been built on SAS. And the real question is whether you’re going to upgrade and grow from that investment, or build something new from scratch alongside it. For a lot of Canadian enterprises, that’s a conversation worth having. And third – Ryan was candid that the direct sales model doesn’t reach the SMB, and the channel is the answer. What’s interesting is where the growth is coming from – niche, industry-specific partners alongside the big GSIs, with customers already wanting both in the room. If you’re a Canadian reseller or systems integrator with deep vertical expertise, SAS is worth a conversation. We’ll be back tomorrow with more from on the ground here at SAS Innovate 2026, as we chat with the global channel chief at SAS Institute, John Carey [CHECK: transcript rendered as “John Kerry” – confirm on playback before publishing]. If you found this one useful, follow or subscribe to In The Channel from ChannelBuzz.ca. We’re on Apple Podcasts, Spotify, YouTube, and most of the major directories. Ratings and reviews are always appreciated and genuinely help other people in the channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers. ChannelBuzz.ca is on site at this week’s SAS Innovate 2026 in Grapevine, Texas. Here’s some of the major news from the event. SAS announced a Viya MCP (Model Context Protocol) server at Innovate 2026, enabling external AI agents to invoke SAS capabilities – fraud detection models, statistical engines, forecasting tools – without being inside the Viya platform. Integrations with Microsoft Copilot and Anthropic’s Claude are live now, with additional LLMs coming later this year. It’s a significant architectural shift: SAS Viya becomes a callable intelligence layer inside any enterprise AI workflow, rather than a destination platform customers have to enter directly. SAS AI Navigator is the company’s new AI governance tool, a SaaS solution designed to help organizations compile a complete AI inventory and govern AI use cases, including the models and agents that power them. Navigator is coming to Azure Marketplace in both public and private configurations – lowering the entry point for governance conversations to well below a full Viya deployment. SAS’s vice president of AI ethics, governance and social impact Reggie Townsend frames the shift plainly: governance is no longer a compliance checkbox, it’s a competitive differentiator. SAS Studio is being rebranded as SAS Data and AI Studio, arriving later in 2026, alongside expanded native support for open table formats and the governed orchestration for building, deploying, and scaling trusted analytics and AI across the enterprise. A free, open-source Agentic AI Accelerator for is available now on GitHub, along with a free course to learn how to build Agents in SAS Viya. In conversation at the show, SAS chief operating officer Gavin Day offered the most candid enterprise AI market read of the week: productivity gains are real – SAS internally cut its own development lifecycle by roughly 60% using AI techniques – but for high-stakes use cases the precision problem remains unsolved. “If I ask an LLM the same question ten times, I don’t get the same answer ten times. If I’m working on anti-money laundering, that’s never gonna be okay.” Day also confirmed that as of Q3 2025, SAS automated inbound partner lead routing to go directly to qualified partners without SAS in the middle – and said the partner board acknowledged it at their meeting this week. Full interviews with SAS senior vice president of global channels John Carey and SAS Canada’s Ryan MacDonald are coming to the In The Channel feed. Elsewhere in the news: Microsoft reported fiscal Q3 2026 results after the bell on Wednesday, beating expectations on both revenue and earnings. Azure grew 40% year-over-year, ahead of the 39% consensus, and the company’s AI business crossed a $37 billion annualized revenue run rate, up 123%. Microsoft 365 Copilot now has over 20 million paid commercial seats, up from 15 million in January, with Satya Nadella noting weekly engagement is now at the same level as Outlook. For solution providers, the more immediate data point: M365 E7 at $99 per user per month goes generally available today, bundling Copilot, Entra Suite, and advanced compliance capabilities into a single commercial tier – and Microsoft is guiding for Azure growth of 39 to 40 percent next quarter at constant currency. Lenovo has acquired the firmware BIOS business, intellectual property, and engineering team of Phoenix Technologies, the company whose firmware runs on over one billion devices globally, in a deal that ends a 20-plus year vendor relationship by converting it into vertical ownership. The acquisition covers four Phoenix product lines – FirmCare, SecureCore, ServerBMC, and OmniCore – and Lenovo is framing the deal around faster security patch delivery, tighter firmware integration across its ThinkPad and commercial PC lines, and cost efficiencies. For Lenovo resellers, the practical implication is a more consistent firmware and security update story across the full portfolio, without the coordination lag that comes with a third-party BIOS vendor relationship. Canadian network management platform Auvik launched Auvik Aurora, a suite of AI agents embedded directly into its platform for MSPs and IT teams. Drawing on Auvik’s network data lake of real-world device topology, relationships, and vulnerability insights, the agents proactively flag issues, prioritize alerts, and surface device-specific command recommendations before problems escalate. CEO Doug Murray frames Aurora as the “Do” layer of Auvik’s “See, Tell, Do” framework – and notably, the agents are designed to identify devices in need of patching or replacement, surfacing revenue opportunities MSPs can bring to clients proactively rather than reactively. Cloud networking vendor Aviatrix launched AgentGuard, positioning it as the first agentic AI security platform built around containment rather than detection and remediation. The premise: most enterprises have no architectural constraints on where a compromised AI agent can move, making the blast radius of an AI agent breach effectively the entire environment. AgentGuard discovers agents across VMs, Kubernetes clusters, and serverless functions – including shadow agents – maps their connections, and enforces communication governance. CEO Doug Merritt was direct about the channel opportunity: “There’s a significant services revenue stream about to be unleashed for channel partners who understand AI containment.” Aviatrix operates 100 percent through the channel. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Thursday, April 30th, and here’s what’s happening in the channel today. A special edition today. I’ve spent the last couple of days at SAS Innovate 2026 in Washington, and there’s enough here to warrant its own episode before we get to the rest of the week’s news. Product announcements, some candid conversations with SAS leadership, and an honest read on where the enterprise AI market actually stands right now. Let’s get into it. The headline from the show floor is that SAS is opening up the Viya platform in a way it hasn’t before. They’ve launched a Viya MCP server – Model Context Protocol – which means SAS capabilities, whether that’s a fraud detection model, a forecasting engine, or a statistical analysis tool, can now be called directly by external AI agents. If your client is running Claude or Microsoft Teams as their AI interface, they can now reach into a SAS Viya model and invoke it as a tool, without being inside Viya at all. Microsoft and Anthropic integrations are live now, with more LLM support coming later this year. Alongside that, SAS Studio is being rebranded as SAS Workbench, arriving later this year, and SAS is also expanding native support for open table formats – which they’re framing as finally making cloud migration financially viable rather than painful. And for partners and developers interested in building on top of all this: an Agent AI with SAS Viya certification is available now, and a free open-source Agent AI Accelerator framework is up on GitHub. SAS has been making governance noise for a few years. This week, the company introduced AI Navigator, a SaaS solution designed to help organizations compile a complete AI inventory and govern AI use cases, including the models and agents that power them. Agent sprawl is real, and this is a direct response to it. Navigator is coming to Azure Marketplace in both public and private configurations – meaning you don’t need to be a Viya customer to have a governance conversation. I sat down with Reggie Townsend, SAS’s vice president of AI ethics, governance and social impact. His framing is worth repeating: governance is no longer a compliance checkbox – it’s a competitive differentiator. In his words, the AI debate is no longer innovation versus trust. He also told us that the Navigator product grew directly out of an internal SAS problem – they discovered five different business units were using five different AI models to respond to RFPs. They consolidated to one champion model, one challenger. That specific use case became a product feature. The most useful conversation of the week was with Gavin Day, SAS’s chief operating officer, who oversees all revenue-generating functions including channel. He gave the most honest market read I heard at the show. On AI ROI: productivity gains are real. SAS internally cut their development lifecycle by roughly 60% using AI techniques. But for high-stakes, mission-critical use cases, the precision problem remains unsolved. His line: if you ask an LLM the same question ten times, you don’t get the same answer ten times – and if you’re working on anti-money laundering, that’s never going to be okay. That’s the gap. He also confirmed what a lot of people in this industry are probably already sensing: behind closed doors, CIOs are telling him that IT budgets are being quietly redirected to AI experimentation. Nobody says it out loud. But the investment is real, and the ROI conversation is still very much open. Day confirmed that as of last summer, SAS automated their inbound partner lead routing – leads that fit a partner profile now go directly to that partner without SAS in the middle. Small operational detail, real signal about where their head is at on the partner motion. He also flagged something worth watching on pricing: his prediction is the industry is moving toward outcome-based models, where customers start paying when the technology is implemented and actually delivering value – not on a multi-year implementation runway. That’s a shift worth tracking. In addition to this episode of the Buzz, tune in later today for an In The Channel episode where I sit down with Ryan MacDonald, country manager for SAS Canada to find out about top opportunities for the company's partners back home, and tomorrow I'll bring you an interview with John Carey, who has signficantly ramped up the company's partnering efforts over the last four years. Of course, there’s plenty going on beyond SAS Innovate this week. Here are a few headlines that caught our eye – and for more detail on any of them, check the show notes or blog post for this episode. “Microsoft beat Q3 expectations last night – Azure up 40%, Copilot crosses 20 million paid commercial seats – and M365 E7 launches tomorrow.” “Lenovo has acquired Phoenix Technologies’ firmware business, bringing in-house the firmware running on over a billion devices worldwide.” “Auvik has launched Aurora AI agents, embedded directly into its platform for proactive MSP network management.” “And Aviatrix is out with AgentGuard – an agentic AI security platform built around containment, delivered entirely through the channel.” That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Michael Crean, senior vice president and general manager of managed security services at SonicWall SonicWall published its 2026 Cyber Protect Report in March with a deliberate reframe: rather than threat intelligence for its own sake, the report is built around actionable content for solution providers. The centrepiece is the seven deadly sins of SMB cybersecurity – seven predictable, preventable failure patterns drawn from real breach data. The headline numbers are sobering: 88 percent of SMB breaches involve ransomware, more than double the enterprise rate, average dwell time sits at 181 days, and 85 percent of actionable alerts trace back to identity and credential compromise. Michael Crean, senior vice president and general manager of managed security services at SonicWall, came to the company through the acquisition of Solutions Granted, the MSSP he built – one of the early pioneers of SOC-as-a-service for the MSP market. He’s direct about what the data means for partners: the seven sins aren’t just an SMB customer problem. They’re an MSP problem too. His core argument is that mastering fundamentals – MFA, patching, privilege management – is non-negotiable, and owning the right tools doesn’t change that. You can have the same toolbox as your mechanic; that doesn’t make you a mechanic. On the MSP-to-MSSP question, his answer channels Yoda: do or do not, there is no try. A month after the report’s release, Crean says partners have already been using the sins framework directly in customer conversations – which he describes as the whole point. One postscript: his personal favourite of the seven sins is number five, cost-driven security decisions. His test – ask a room of MSPs how many bought the cheapest car on the lot. Nobody raises their hand. But too many of their customers are doing exactly that with cybersecurity. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. SonicWall has published annual threat research for years, but this year they did something different. They stopped calling it a threat report. The 2026 Cyber Protect Report reframes the conversation away from data for its own sake towards something MSPs can actually use – a set of tools and talking points for strategic conversations with customers. The hook they chose? The seven deadly sins of SMB cybersecurity. Seven predictable, preventable failures that show up in breach after breach. My guest is Michael Crean, senior vice president and general manager of managed security services at SonicWall. Michael came to SonicWall through the acquisition of Solutions Granted, the MSSP he built and one of the early pioneers of SOC-as-a-service for the MSP market. Before that, nine years in the military. So when he talks about what MSPs are getting wrong on security, he’s speaking from a fairly unusual vantage point – inside the SOC, inside the vendor, inside the partner community itself. The report had been out about a month when we sat down and I was curious what the actual conversation had looked like since launch. We got into that, the sins themselves, the 181-day dwell time that should make many MSPs uncomfortable, and what it really means to be or partner with a true MSSP. Let’s get right into it. My chat with Michael Crean. Michael, thanks for taking the time. I appreciate it. Michael Crean: Absolutely, sir. Robert Dutt: You called this report the Cyber Protect Report, not the threat report that you guys have been publishing for years. That seems like a deliberate choice. What are you trying to signal with that shift and who are you really talking to with this report? Michael Crean: I think every other threat report just looks the same. It’s got some different colors, it’s got some different logos, but everybody talks about the same exact thing and it felt boring. It felt like, “Why do we have to fit into the same role as everyone else? Why can’t we do something different that’s purposeful and should be meaningful to people?” It actually gives them something to talk about – not just with themselves internally, but also to their customers. That was the reason we went down this path and decided to call it the Protect Report. Robert Dutt: I’m guessing that also sets up why you went with the framing of those seven deadly sins – the seven predictable, preventable failures. I thought that was a really neat hook for it. When you look at that list, which one do you think most MSPs would be surprised to see themselves in? Not so much their customers, but themselves as MSPs? Michael Crean: Number one – ignoring the fundamentals. I mean, it’s incredible the amount of times – because of the work that we do at the SonicWall Security Operations Centers and the amount of compromises that we’re brought in to participate in, investigate, help people with – that you just find it’s this overwhelming amount of: you had the right tools, you had the right tech, and you didn’t know what to do with it. Or you did and you just didn’t take the time to really learn how to ride the bike well. We had a compromise today where a customer of ours got hit with Akira [verify], a ransomware, and we thought we probably knew that the penetration point was the firewall, but we had to do some more investigation. And when we did the investigation, the amount of misconfiguration was staggering [verify]. You pay for all these security services, and they weren’t even enabled – IPS, IDS disabled – and they paid for them. So it’s just unfortunate. These are just, again, what we call ignoring the fundamentals. Robert Dutt: Do you have any thoughts on what’s driving that? Is it a matter of, this is up and running, moving on to the next shiny thing, moving on to the next opportunity? What’s behind that? Michael Crean: I think some of it is that MSPs have found themselves in this place of challenge where they have so much responsibility and customers are looking at them. And I heard this a long time ago when I was a child – the smart person is the person that says what they don’t know. I think a lot of people are fearful to show that side of, “I don’t know something.” But saying “I don’t know” doesn’t mean you don’t know and you’ll never know. It just means, “Hey, I don’t know that, but I’m going to go here and ask this person, or I’m going to go to this vendor and get more information, or I’m going to do some more research and come back to you with a really solid answer.” Instead, there’s this constant – I hate to use the word – but it feels like there’s this constant necessity of yes that we have to keep giving our customers. I prefer somebody to tell me, “Nope, I don’t know how to do that, but I’m going to give you a great contact so that you can get it done right.” So I think that’s part of it. And then we, as manufacturers, we keep telling people all along the way, “Hey, buy my stuff, it fixes your problems. Just buy my stuff.” Well, I can go buy the same box of tools that my mechanic has, but that doesn’t mean I’m a mechanic and it obviously does not mean that my car is going to get fixed just because I’ve got the tools. Robert Dutt: Can attest to that. Fortunately, not with great experience, but there’s a reason I do take my car to someone else to get looked at. Michael Crean: Oh my goodness, you and me both. I want it done right. And as hard as I tend to drive my cars – because I have a thing for speed and adrenaline – I would actually like them to be as proper as they can be. Robert Dutt: Well, especially given that it’s important, when you’re testing the limits shall we say, that the thing stays together while you’re doing so. Michael Crean: Absolutely. Robert Dutt: And back to that point, I think there’s also the factor of when you are presenting yourself – and most MSPs do – as the trusted advisor, the expert on this, who’s going to take care of all this, that creates an even greater disincentive to admitting, “You know what? I need to check on that. Let me find out more,” rather than saying, “Yeah, I got this.” Michael Crean: I think it’s human nature, just in general. Because the moment you admit you don’t know something or you’re not certain, at that very moment in time, we just assume that to be a point of weakness. I believe through the military – I served for nine years – and being a CEO and founder for 22 years, what I really realized, and even when it came to my kids, sometimes when you just don’t know, it’s okay to say you don’t know, but I’m going to find out, or I’m going to figure it out, or we’re going to do it together and we’re both going to be better for it than we were when we started with the question. Robert Dutt: Funny, that came up early in my journalism career too. My editor at the time would say, “Your job is not to know. Your job is to find the person who does.” Along the same lines, a little bit of a different lens. You said something that I quoted in the news piece we did on the release of the report: that the danger isn’t that AI isn’t working – it’s that we’re using it as an excuse not to do the things we already know we should. That’s a remarkably direct thing for a security vendor to say, and it touches on that eating-your-vegetables kind of advice. What are you seeing that made you include that line? Michael Crean: It’s not what I’m seeing today. It’s what I’ve seen for the last 20 years in this industry. I mean, we went from deep packet inspection firewalls to next-generation firewalls. We got all of these extra added capabilities in the firewall, but then we got lazy on doing proper firewalling – controlling ports both inbound and outbound the way we used to do it – because we felt that we were overcompensating because we had so much power and capabilities. Then we went from signature-based AV to next-gen AV where we had these mathematical algorithms doing predictive analysis to understand whether a file is good or bad. Then we got EDR technologies helping us with the behaviour behind it. We just keep adding and adding and adding. I see AI as nothing more than just another tool. But how good can a tool be when you’re not performing the fundamentals? It helps, but it just can’t – I don’t know if you’re a sports guy or not, but think about it. When you look at the best of the best, whoever that may be – I’m a hockey guy – I’ll call Alex Ovechkin today. The best of the best, the all-time goal scorer. He beat Wayne Gretzky, he took that last year. That man works hard and he works on the fundamentals. I love what AI can do for us – to help get rid of some of the tasks that we don’t want to do, that we hate to do, that we can use for automation and make things faster, help us find bugs in our code, and in a security operations center, get through just mounds of data quicker. But you still have to do the fundamentals and you have to do the right things. Because when you do the right things and then you add something like AI to it, the world becomes a much different place. Robert Dutt: 88% of the SMB breaches you’re reporting on involved ransomware. That’s more than double the enterprise rate, if I’m remembering correctly. That’s a striking gap. What’s causing that? Do you see it as primarily resources, primarily end-user training, or something structural about how SMBs get attacked that’s different from enterprise? Michael Crean: I think it’s a little bit of everything that you mentioned, but mostly what it is, is this perception of, “I’m too little. I don’t have anything valuable. Why would somebody want to attack me?” When these large threat actors are going after huge enterprises – Colonial Pipeline, JBS, some massive organization – those organizations have better tools, better resources, better people, and they probably have more maturity to respond when they start to notice an attack taking place. When you think nobody’s ever going to break into your house, you may not lock your doors. You may not care about having the 70-pound German shepherd on watch when you’re not there. Because, I don’t have anything in my house of perceived value. But when you take that shotgun approach and you can knock down a hundred SMBs and get $10,000 out of each one, that’s a hell of a payday. It’s logical what we’re seeing right now. What it requires is that we all understand we have responsibility for the data that’s been entrusted to us – whether it’s customer data or supply chain data you’re responsible for because you’re supporting another vendor. The data we have is far more valuable than we give it credit for. Robert Dutt: And I guess there might also be an element of the ability to fly under the radar – the opposite of security through obscurity – in that you make that hit on Colonial Pipeline and it’s front-page news everywhere. You hit a bunch of small businesses for ten grand each, it gets a lot less attention from media. Michael Crean: I mean – I’m sure you’ve heard this, you’ve been doing this long enough – the idea around news and media: if it bleeds, it leads. And it’s not really sexy when you talk about a two-chair dental practice that gets hit with ransomware. And the two-chair dental practice doesn’t really want to talk about it either, because they’re a small community-based organization and it’s really damaging to how people potentially look at them. Whereas a Target, a Home Depot, a Lowe’s, whoever gets hit with ransomware – they’ve got the marketing machine, the attorneys, the dollars, the insurance. And at the end of the day, they’ll be as profitable, if not more profitable, a few quarters later. Robert Dutt: The report surfaces the number of 181 days of dwell time. For an MSP who’s running monthly security reports, quarterly reviews, thinks they have things in order – that number has to sting. What does it require of an MSP’s operating model to address that? Michael Crean: One, making sure that the investments you’ve made and the technologies you’ve decided to procure – the tools you’re going to use – make sure you’re well-trained on them and well-versed on the best practices so that you can get optimal outcomes. Patch management, man – I can’t tell you the amount of times we’ve seen… you talk about this 181 days, it comes down so many times to pure patch management. And the vast majority of manufacturers give you the patches for free. But we don’t think about it, we get distracted, we don’t see it as valuable as it really is. And it’s the really simple things. Again, it’s that number one – ignoring the fundamentals. Patching has been a fundamental thing we’ve talked about for so long. And I also think that for an MSP that just magically adds the additional S and starts calling themselves an MSSP – don’t dabble in security. Either do or do not. Do not try. We’re going to throw a little Yoda in here for the day. And if you’re not going to be a real MSSP, partner with one. There are so many great organizations out there – I’ll say we’re a great organization to partner with, that’s how we go to market – but there are lots of others out there who are purpose-built for this. It’s like being the best doctor in the world but you’re not a surgeon. So you refer somebody to a surgeon to get that surgery done. Robert Dutt: Your own background includes Solutions Granted – building out one of the first SOC-as-a-service models for MSPs before SonicWall acquired you. I’m curious, when you look back at your time on the other side, when you were the MSP – are there any of those sins you look at and go, “Hmm, that sounds awfully familiar”? Michael Crean: Oh, absolutely. I will say I went through that transition – 22 years of being a VAR, to being a government contractor, to being an MSP – realizing I was a really crappy MSP. Not going to lie. My bedside manner wasn’t great. I wasn’t passionate about what I was doing. And I think that’s something that gets lost sometimes. I was super passionate about security – getting out of the military, transitioning away from that, getting into IT and the tech space. And when I found my way into this SOC-as-a-service MSP space, it’s where I found my passion and love again. And I think that means a lot. Don’t do it for the sake of doing it. I think we all have to keep the lights on and put food on the table and clothe our kids and find a way to retirement one day, but find some happiness in that too and be really passionate about what you’re doing. And you’ll probably find a lot of these seven deadly sins aren’t as deadly for you. Robert Dutt: That’s one way of mitigating it, that’s for sure. The report is framed around protection outcomes and it’s explicitly aimed at giving MSPs the language to have strategic conversations with SMB decision-makers. But there’s a responsibility question underneath that. If the MSP is the last line of defense for most SMBs – and I think we’ve talked about this a little bit already – what does good actually look like? What’s the bar you have to reach before you either back off from security and/or partner with someone else who’s much more committed? Michael Crean: I think, one, it’s a team effort. It isn’t just the MSP’s responsibility. The business owners, the decision-makers, the board, whoever you’re dealing with that’s making these decisions – they have to buy in. And if they don’t, well, then you’re at a disconnect. You’re bringing in a subject matter expert – the MSP – to help make them more secure, for survivability, for all the things they’re asking for to make sure they can operate at the highest levels possible, and then you don’t allow them to do their job. That’s a huge risk. What I will say – and this is a hard lesson to learn, but one of the most valuable lessons to learn – is when you fire your first customer. Not get fired, but you actually fire your first customer because it wasn’t the right fit and the financial impact was going to hurt. It didn’t feel good. Nobody ever really wants to get fired or be fired. But when you do that, you start to mature. And inevitably, you also help that customer mature – because if they hear the same message from multiple people: “We’ve got to do patch management. Don’t tell me we can’t. We’re going to use MFA. We’re going to have a SOC monitoring this 24 hours a day, seven days a week, 365 days a year. We’re going to take away administrative privileges. We’re going to do the fundamentals. We’re going to make investments in tools and put the right people, process, and technology in place.” The outcomes really start to matter. But it is a team sport. I can’t tell you – and I’m sure you’ve heard this – MSPs talking about, “I can’t get my customer to use MFA, so I got them to sign this indemnification clause.” How many MSPs are getting sued, and these indemnification clauses aren’t holding up? Because you’re the expert. If you believe it’s 100% the right thing to do, then if they don’t follow – you fire them. Robert Dutt: It’s funny how often it comes down to that. I’ve heard that same sentiment from MSPs in the move towards, “This is what you have to take. It is not negotiable. It is the cost, as it were, of doing business with us.” I think that’s sage advice. Michael Crean: We accept it from our surgeons, right? If I’ve got a bum knee and I need it fixed and I’m a little overweight and he knows I’m drinking a little too much bourbon or eating a little too much red meat and he wants me to lose ten pounds so that he can be successful – if I’m not doing my part, well, why does he want to do surgery on me? Robert Dutt: Point taken. The report’s been out for a few weeks now. Curious – what’s the question you’re getting most from partners that you didn’t expect as they sit with this? What’s hit differently than you thought it might? Michael Crean: I thought we were going to get more pushback on why we called it a Protect Report instead of a Threat Report. That really isn’t the question we’ve been getting. What’s been surprising to me is the commentary. The unsolicited emails, the LinkedIn requests, the comments – people have really enjoyed receiving a report that just wasn’t like everything else. There’s been a lot of commentary along the lines of, “I’m going to have this discussion and use these analogies and use these seven deadly sins to have conversations with my customers.” That’s what we were hoping for, but you never know when you go against the grain how well it’s going to hit. I think we got lucky. Robert Dutt: It sounds very much like mission accomplished. I know it’s something that caught my attention and that I’ve heard out there as well. I look forward to seeing what comes next as you continue to reinvent what these kinds of reports do and what they look like. Michael, I thank you for taking the time to talk through this and to offer some advice. Michael Crean: I appreciate your time as well, sir. Thanks a lot. Robert Dutt: There you have it – Michael Crean from SonicWall. I’d like to thank Michael for his time, and for a conversation that felt a little different from the usual vendor security briefing. His background – building Solutions Granted from scratch, running a real MSSP, operating inside a SOC, and now sitting on the vendor side – gives him a perspective that’s harder to find than you’d think among people who are now in vendor roles. A few things will stay with me. The mechanic analogy – you can own the same box of tools, but that doesn’t make you a mechanic, and it doesn’t mean your car is going to get fixed. The surgeon line – if the patient won’t follow the pre-op advice, why are you doing the surgery? His answer on when an MSP reaches maturity – it’s the moment you fire your first customer who won’t implement MFA or basic patch management, even when it hurts. And the Ovechkin riff – even the greatest goal scorer in NHL history never stopped working on the fundamentals. Now, after we stopped recording, Michael mentioned something he wished he’d worked into the interview, and I promised I’d pass it along. Of the seven deadly sins in the report, I asked which one is most personally interesting to him and he landed on sin number five – cost-driven security decisions. He illustrated it this way: he’d been speaking at a conference recently and asked how many in the room had bought a car in the last eighteen months. A lot of hands. Then he asked how many of them had bought the cheapest car on the lot. Not one hand went down. Because we think about safety ratings, about the features, about whether the thing will hold together when we need it to. But when it comes to cybersecurity, too many businesses just reach for the cheapest option. As Michael said himself, it’s a little strange to have a personal favourite deadly sin. But there you have it. The 2026 Cyber Protect Report is well worth a look for any MSP or solution provider thinking about how to have a more strategic security conversation with their customers. Links in the show notes. If you found this useful, follow or subscribe to In The Channel from ChannelBuzz.ca wherever you get your podcasts – you’ll find us on Apple Podcasts, Spotify, YouTube, and all the major directories. Ratings and reviews are always appreciated and genuinely help other people in the channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: Google Cloud has launched the new Google Cloud Partner Network, formalizing a shift in how the provider interacts with the channel ecosystem. The rollout is designed to streamline partner engagement and provide clearer pathways for partners building out generative AI practices, offering Canadian solution providers a strong secondary option to Microsoft’s ecosystem. Microsoft and OpenAI have altered the terms of their landmark partnership, including significant revisions to their revenue-sharing agreements. The restructuring points to a maturation of the relationship as both companies seek to maximize returns on infrastructure investments, a shift that will ultimately dictate pricing and margin opportunities for MSPs building practices around Copilot. Cybersecurity provider Guardz has released its 2026 MSP Threat Report, highlighting that non-human identities now outnumber human users by a ratio of 25 to one across client environments. The data indicates that threat actors are actively exploiting this expansion, using AI to accelerate attacks and bypass traditional perimeter defenses, forcing MSPs to expand their focus to comprehensive identity and access management. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, April 29th, and here’s what’s happening in the channel today. Google Cloud has officially launched its new Google Cloud Partner Network, formalizing a shift in how the provider interacts with its channel ecosystem. According to the company, the rollout is designed to streamline partner engagement and capitalize on solution providers looking to diversify their cloud infrastructure bets away from Microsoft’s dominant ecosystem. The new structure represents a strategic realignment for the hyperscaler, providing clearer pathways for partners building out generative AI and data analytics practices. For Canadian solution providers, the formalized program offers a tangible secondary option in the cloud space. Having a strong alternative ecosystem provides crucial leverage in vendor negotiations and gives MSPs a viable path for clients who are seeking different commercial models for their AI transformations or are wary of vendor lock-in. Microsoft and OpenAI have altered the terms of their landmark partnership, including significant revisions to their revenue-sharing agreements. The move signals a shift in the underlying dynamics of the tech industry’s most closely watched artificial intelligence alliance. While the specific financial splits remain undisclosed, the restructuring points to a maturation of the relationship as both companies seek to maximize their returns on massive infrastructure investments. This realignment happens just as both vendors are aggressively expanding their respective channel footprints. The economics forged at the top of this partnership will inevitably dictate the pricing, packaging, and margin opportunities available to the broader ecosystem. Canadian MSPs building practices around Microsoft Copilot, or those exploring OpenAI’s recent moves to build a dedicated channel program, need to monitor these developments closely. When tier-one vendors adjust their revenue expectations, those shifts frequently cascade down to partner profitability. Cybersecurity provider Guardz has released its 2026 MSP Threat Report, highlighting how AI-driven attacks are reshaping the threat landscape. According to the report released yesterday, non-human identities now outnumber human users by a ratio of 25 to one across client environments. This expansion is being actively exploited by threat actors, who are using AI to accelerate attacks targeting identity, email, and cloud infrastructure. The data indicates that traditional perimeter defenses are increasingly being bypassed by attackers leveraging unmonitored service accounts and API keys. This is a shift that lands directly on the service desk. Securing human endpoints and implementing standard multi-factor authentication is no longer sufficient. Solution providers now have to govern the massive web of non-human identities accessing their clients’ data. This represents a significant vulnerability that requires immediate remediation, but it also opens a distinct avenue to expand managed security practices around comprehensive identity and access management. Later today on In The Channel, we’re talking about the seven deadly sins of SMB cybersecurity. Michael Crean, senior vice president and general manager of managed security services at SonicWall, joins the show to discuss the 2026 Cyber Protect Report and why MSPs need to stop ignoring the fundamentals. And if you haven’t heard it yet, yesterday’s episode features a conversation on why networking is not sexy until it doesn’t work. Doug Houghton, director of global channels at Alkira, explains why legacy networks weren’t designed for the elasticity demanded by today’s AI workloads. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Doug Houghton, director of global channels at Alkira There’s a line from this episode that’s worth leading with: “Networking is not sexy until it doesn’t work.” That’s Doug Houghton, Director of Global Channels at Alkira, and it’s a pretty concise summary of why his company exists. Alkira was founded by the team behind Viptela – the startup that essentially created the SD-WAN category before being acquired by Cisco. The lesson they carried out of that experience is that SD-WAN, for all its promise, still ran into the limits of underlying infrastructure. You ended up with disparate networks, latency constraints, and complexity that didn’t disappear – it just moved somewhere else. What they built in response is Network Infrastructure as a Service (NIaaS) – a cloud-native, consumption-based global backbone that abstracts multi-cloud connectivity into a single managed plane. The pitch to partners is concrete: consolidate 50 physical firewalls into virtualized functions, reduce total cost of ownership by 40-70%, and do it without a rip-and-replace cycle. The timing matters, and Houghton is direct about why. AI workloads – distributed large language models, agentic workflows reaching across multiple clouds simultaneously – demand a level of network elasticity that legacy infrastructure simply wasn’t designed for. Alkira’s argument is that they’re the smooth road that makes AI-driven infrastructure actually work in practice. For Canadian partners, Alkira has real resources on the ground: a solution architect based in Toronto, a dedicated channel account manager, and publicly referenceable Canadian customers including contact center provider ContactPoint 360. The Connect Partner Program, launched in March 2026, puts approximately 20 percent total margin on the table across base discount, rebates, MDF, and POC SPIFFs – with average initial deals around $500,000 USD and typical expansion of 4x in year one. Canadian partners interested in the conversation can reach the team at partners@alkira.com. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. If you were around when SD-WAN was the big disruptive idea in networking – the promise of simplifying branch connectivity, cutting costs, getting smarter about traffic – you probably also remember it didn’t quite deliver everything it promised. Not because the technology was bad, but because the underlying network architecture couldn’t keep up. You still ended up with complexity. It just moved somewhere else. That problem is essentially the founding insight behind Alkira. The company was built by Amir Khan and Atif Khan, the same team behind Viptela, the startup widely credited with creating the SD-WAN category before Cisco acquired it. What they learned in that experience is that SD-WAN, without a proper global backbone, just creates a different set of headaches. So they started fresh and built what they call NIaaS – Network Infrastructure as a Service – a cloud-native, consumption-based approach that abstracts the complexity of multi-cloud connectivity into something you could stand up, as my guest today puts it, with just a username and a password. The timing is not accidental, because what AI demands from a network – elasticity, low latency, the ability to reach distributed workloads almost anywhere instantly – is exactly what legacy infrastructure wasn’t built to handle. My guest is Doug Houghton, Director of Global Channels at Alkira. Doug has been in the channel a long time, knows the technology in a way that might genuinely surprise you coming from a channel chief, and has a lot to say about what it all means as a real business opportunity for Canadian VARs and MSPs. Let’s get right into it, my chat with Doug Houghton. Doug, thanks for taking the time. I appreciate it. Doug Houghton: It’s my pleasure. Thank you for having me on today, Robert. Robert Dutt: So you were part of the team that built up the SD-WAN market at Viptela back in the day. What did you learn there that told you the next big thing was going to be NIaaS, and why now? Doug Houghton: First off, that’s a great question. I felt a bit like a passenger in a car racing a thousand miles an hour when we were doing software-defined wide-area networking. What we learned was that without organizing your cloud infrastructure properly, your cloud bill gets ridiculously large – especially if you keep your control element decoupled from your data plane in the cloud with all these workloads churning. But what we really learned, and what’s applicable to what we’re now doing at Alkira, is that SD-WAN truly did deliver on its core promise. It allows customers to influence traffic based on link quality and improve the user experience. If you’re on a phone call and it starts to get goofy, you can move over to a better-performing link in real time without dropping the call. That’s powerful. And the same with data traffic. What I hadn’t fully thought through was what happens as global companies start to adopt SD-WAN and disaggregate across locations in Southeast Asia, China, Latin America, and everywhere else. The latency back to the control element isn’t easy to contend with. So you ended up with organizations making decisions that effectively created four separate, disparate networks for latency purposes. And that was not part of the original promise. What we learned was that you need a global backbone that’s high throughput and low latency. The edge can still be SD-WAN – there are real things in SD-WAN that people still want, whether that’s WAN optimization, deduplication, caching, policy-based routing, forward error correction. All of that still has practical application, and site-to-site communications are still needed in many use cases. But Alkira was built inside the cloud first, employing the same principle of decoupling control plane from data plane for scale. By abstracting the cloud infrastructure, we were able to remediate the latency that those four geographically dispersed networks created. We’re the global backbone – that middle mile with high throughput and low latency – and then you connect these clusters of SD-WAN networks together and all of a sudden the promise of SD-WAN gets a lot more consumable. You have a singular network managed from a singular control plane and element management orchestrator, and you can still get all the benefits of SD-WAN at the local sites. Robert Dutt So in plain language, a Canadian MSP or VAR is used to selling network hardware or managing someone else’s infrastructure. How is selling, deploying, and managing NIaaS different from what they’re already doing, and what makes that distinction important? Doug Houghton: Let’s take a half step back and talk about what NIaaS actually is. It’s Network Infrastructure as a Service. What Alkira does is abstract the cloud infrastructure and build a routed overlay on top of it. We think of it as a virtualized colocation facility that connects and normalizes communications across your entire network. For managed service providers and service providers, our solution accelerates bringing their customers to cloud applications, cloud workloads, storage, and everything else the cloud promises. The way I explain it to my mom – and I’ve told this joke once already today because I’m sitting in a partner’s office right now – is this: if you went to Russia, Japan, Argentina, and San Francisco all in one day and had to transact in each place, and you could speak the native language in each one, that would be ideal. What we focused on was normalizing communications regardless of the cloud service provider, colocation provider, data centre – private or public – or whatever type of router is at the branch office. As an MSP or service provider that comes in, what we give to our customers and partners is a username and a password. That lets you come in and – for your old-school folks in the audience – essentially etch-a-sketch your network together. You can turn a couple of knobs, and it’s not that we’ve cranked the amp up to eleven, we’ve just removed all the numbers and automated everything. It just knows what you want to do. It’s a routed BGP overlay with the control plane abstracted from it, so the forwarding plane can route around things like the CrowdStrike outage, or losing an AWS region – which happens more frequently than AWS would like to admit – or any cloud service provider incident. The multi-cloud reality has accelerated adoption, but it presents a new problem: you’ve got an AWS expert on staff, but you don’t have an Azure, GCP, OCI, or Alibaba Cloud expert. Those are all different languages. When I tell my mom that we normalize the communications between all the assets in the network and make it easy to connect to all of them, she gets that. For the MSP looking to monetize something new or add another revenue stream, we offer a couple of compelling things. In the middle of our stack, we place a solution inside the cloud – sitting in a VPC, VNet, VCN, or Google VPC – right in the middle of all the cloud, SaaS, and WAN workloads. We’ve pleased a lot of customers by lowering total cost of ownership through the consolidation of network services they already have in their environment, in the form of virtualized network functions. Take a Palo Alto firewall deployment – say you have fifty Palos out there, all talking to Panorama, with a security engineer managing policy centrally. Instead of having fifty firewalls on the ground, you consolidate them. You go from the ground – five to ten milliseconds to the nearest public cloud PoP – hop onto the Alkira fabric, and terminate that traffic on a virtual port on our exchange point. In the middle of that exchange point, sitting in a VPC or VNet, you place a Palo Alto virtualized network function. You get the IP address of the Panorama server, and if you didn’t tell the security engineer anything had changed, they would not know. The form factor changes, but not how they interact with Panorama, how they build policy, or anything about how they secure the traffic. That remains exactly the same. We virtualize the instance and place it on a global high-throughput, low-latency backbone inside our exchange point. We deploy exchange points in HA pairs, anywhere from 100 Mbps to 40 Gbps. The customer or service provider consumes one, and we maintain the other on their behalf – because every thirty days we’re fixing bugs and doing maintenance. We swing production workloads to the backup, do the work on the primary, then reverse the order, all while keeping these customers up and running. Because we’re delivering this as a service, it has to always be on. One of the most important architectural decisions we made from the start was ensuring those two exchange points are always running active-active in a full mesh configuration, buttressed by hundreds of other exchange points globally distributed – all synchronized and aware of each other’s states. Robert Dutt: You’ve said that legacy networks can’t handle what AI demands, specifically in terms of elasticity. Can you unpack that a little? When an MSP’s customer starts deploying language models or agentic workflows, what is it that actually breaks? Doug Houghton: Good question, and I’ll give you an honest answer. I’ve started to fall in love with Claude – I think it’s one of the coolest things in the world. I can do all sorts of creative things with it. But Claude isn’t talking only to me. He’s a bit of a flirt – he goes to a lot of different places to get knowledgeable about various things and produce the outcomes I’ve asked for. And those other places are where you run into problems. I used to say the three biggest AI providers are GCP, AWS, and Azure. That’s still largely true. But the likes of Anthropic and other AI labs are distributing LLM workloads everywhere. Without the right network underneath that, it’s like buying the hottest car and driving it down a pothole-filled road. What we offer is a high-throughput, low-latency, elastic network. If you need to turn it up in a heartbeat, you can. We helped complete the S&P Global and IHS Markit merger network integration in about a tenth of the time they expected, because we’re natively segmented. Think about those two networks as large datasets that AI agents need to access. You have to secure the traffic, and you need it to be elastic – able to reach anywhere, instantly, to produce the outcome the agent was asked for. The ability to go anywhere on a road that’s smooth as glass, in the hottest car possible – that’s what we offer. Our network infrastructure solution is an abstraction: a forwarding plane that goes everywhere, and your imagination is really the only limitation. Speed, elasticity, and securing access – even for agentic, self-directed workflows – it’s still a critical element. And nobody – I said this earlier today, so I’ll say it again – networking is not really sexy until it doesn’t work. If I have to get in and route-peer and manually configure transit gateways, I’m going to punch myself in the face repeatedly. I just don’t want to do it. It slows everything down. I can automate it with Terraform, sure. But I want to consume it now. I want to prompt it now. I want the outcome now. Robert Dutt: You’ve launched Alkira NIA, your AI co-pilot and network infrastructure assistant, along with an MCP server last year. It’s interesting – you’re essentially putting AI on top of the infrastructure that’s enabling AI. What does NIA actually do for an MSP’s day-to-day operations? Doug Houghton: Maybe I have a limited imagination, but I still use it like a utility. NIA is great because it allows you to search through all our documentation in a more organized way. We have amazing documentation – there’s a lot of it – and when you’re looking for a specific configuration or something captured in a knowledge base, that tool is really useful. But continuing the utility theme: how do I do something? If I want to create a micro-segment to distribute to a bunch of business units, or build an isolated Layer 3 routing table and get it to various business units, and then set up billing with specific billing tags for each segment – I know how to do that because I’ve done it many times. But a new user may not. You can use the NIA agent to search the documentation, search previous implementation notes, best practices, all of that. That’s real value. But you can also ask it something like “why is the sun bright” and it won’t return the answer you expect. I’ve done that too. Robert Dutt: Let’s talk about the Connect Partner Program and the economics. You’ve got the Partner Profit Stack – tiered margins, quarterly rebates, MDF, SPIFFs, the Connect Pipeline Fund. It’s a full toolkit, and it’s stuff partners have seen before. What’s the real math? What does a Canadian MSP at the Premier tier actually walk away with on a typical deal after they’ve done the work? Doug Houghton: Usually about nineteen percentage points – maybe a little more. On the pre-sale side, when we get into a POC, our Premier partners can earn a $1,000 SPIFF. We close about 85% of our POCs, so there’s real value in that. Add in the rebates and MDF access, and the total haul is closer to 20% on each deal. Worth mentioning: we’ve been a 100% channel company since May 2022. My partner David Klubinoff, my technical counterpart – we worked together at Viptela and we started the Alkira channel together. It took a couple of weeks to convince our CEO that going 100% channel was the right call. I think he’s a believer now. We’ve driven significant revenue for the company, and our partners are our thought leaders – out in the market talking about our solution and solving customer problems. I was in Chicago yesterday doing a technical enablement session with thirty-plus SAs and SEs. We had the classic SD-WAN questions, and a lot of questions about segmentation and M&A. There’s enormous consolidation happening in insurance, healthcare, and other sectors, and the overlapping IP address problem that comes with mergers is something MSPs face all the time. We’ve entirely simplified that. You build a NAT policy right in the solution and the overlapping IP issue is resolved within an hour. In the case of S&P Global and IHS Markit, they thought their merger network integration was going to take a couple of years. The issue was largely the overlapping IP addresses – IHS couldn’t talk to the HR applications at S&P, and vice versa, plus all the other interdependencies. You need a fast way to solve the overlapping IP problem before you can even get to the real work. That’s been a core design element of our solution from the very start: take care of the small things, and people can move faster and get to market faster. Our biggest MSP – and this is a publicly referenceable customer – is CEDA, a French-based organization that provides managed network services to 95% of the world’s airlines. For them, it means being able to turn up a new customer faster, connecting on-premises assets to their control elements so they can begin actually managing that network. Speed, and the efficiencies and cost reductions that come from it – that’s what it does for all MSPs. If you’re consolidating fifty firewalls into virtualized functions, you’re making a good commission, getting MDF support, quarterly rebates, and a SPIFF when you engage us collaboratively on a POC. All of that happens at an accelerated rate. I’ve been screaming from the mountaintop about our solution for about four years. Invariably, you’d walk into a room, say “Hi, I’m Doug Houghton from Alkira,” and they’d say “Who?” That’s starting to happen a lot less, which is a genuinely nice thing. Over the last twelve to twenty-four months, the business has grown exponentially, the diversity of our partner ecosystem has increased, and partner margins have been very healthy. The tiered structure was really about celebrating partners who have invested in us. Honestly, I’m waiting for the day my boss tells me to stop incentivizing partners – because when that happens, I’ll know we’ve hit the apex. Our partners will be generating so much revenue that someone gets uncomfortable with what we’re paying out. I can’t wait for that day. Some of the more interesting things in the program came from actually listening. I went around and talked to a bunch of partners about their ideal partner programs and built from there. And one of the realizations – I thought it was significant – was what we were actually doing on the post-sale side. We white-glove every implementation right now, because it’s critically important to us. We haven’t lost a customer, and we intend to keep it that way. But that doesn’t scale forever. So the question became: why don’t we help our partners productize the post-sale work? We built a product catalog, a pricing calculator, and a new partner portal we’re about to release, with its own AI agent for searching market assets. The product catalog was a light bulb moment. We pay healthy margins on the pre-sale side at every tier of Alkira Connect. But we had never touched the post-sale side at all. We’re largely automated and NIaaS is as simple as possible to consume – a username and a password. My thirteen-year-old could configure a network, and she’s really smart. But there’s still some implementation work. You still need to build policies in Panorama. There’s still DDI work. There are still services that partners can benefit from – and all partner types, MSPs, VARs, master agents, sub-agents, service providers, now have a post-sale commission opportunity. Robert Dutt: You mentioned services – you’ve got services attach plays around modernization assessments, segmentation design, migration sprints. Starting from zero, how long does it realistically take a partner to get their first deal with those services attached through the door, and what does the ramp look like? Doug Houghton: There’s a lot in that question. Let’s take a half step back. We have virtual sales and go-to-market training – three modules – and then five or six technical training modules. We’ve got a lab-in-a-box environment, foundational and advanced technical training, and DDI training. Partners typically start there. Then we run regular in-person and virtual sessions – one partner has regular office hours with me, my SE counterpart David, or our architect Christopher Arenas, and we just invite partners to come and ask questions. Getting partners genuinely comfortable with the technology is the most important thing we do, because nobody goes out and sells anything unless they’re confident they can explain how Alkira solves their customer’s problem. That’s what I’m doing in Chicago today. Our customers tend to be fairly large. We’ve got our first Fortune 10 customer now. The more complex the network, the larger and more global the deployment – multiple countries, security vendors, firewalls, DDI providers, load balancers, service providers, colos. We sit right on top of all of that. The average sales cycle is about 190 days – a little over six months. A newly enabled partner might encounter an M&A overlapping IP use case, recognize the problem, and say “I think we can solve this with Alkira.” They go through a POC together with us, the customer commits, and that first deal closes around 190 days. A little class week: it’s actually 190 and a half. The average deal size is about $500,000 USD. We then see significant expansion: typically 4x growth in the first twelve months after the initial close, and around 8x in the second twelve months. Real incentive to stick with it. We’re loyal – if the customer doesn’t kick the partner out, we go to bat with that partner on every expansion deal. We land, then expand, with the same partner. BNSF, one of our other public references, has expanded several times to address more and more use cases. The solution gets sticky and customers are genuinely surprised by how easy it is. On the post-sale side, we come in and help with implementation, especially early on. But we’re reaching the point where more capable partners can handle it themselves. We’re building a post-sale certification for Alkira right now. In the meantime, we ride shotgun through the first couple of implementations – virtually in Slack or in person – until partners are fully up to speed. All partners have access to our Slack channel, along with our entire solutions architecture and SE staff. One partner working on a Fortune 10 engagement has a great habit of putting a subject header in Slack and starting a conversation. He’s been on services at this customer for three or four months – a significant engagement. He’s the one who originally described the network as a “spaghetti mess,” which I still chuckle about. I actually built the product catalog based on those Slack headers – pulled them together, socialized them with a group of partners, got input, and built from there. To directly answer your question: you’ve got to get through that first deal, and we’re going to ride shotgun with you through the first couple of implementations. The partner learns, gets comfortable, can monetize it, and can deliver independently from there. We have no illusions about going back to being a direct company after May 2022. It’s ride or die – 100% channel, and we enable our partners to solve their customers’ problems and support them while they do it. Because our partners have been our biggest growth engine. Robert Dutt: You’ve talked about a goal of doubling revenue through partners. What does the ecosystem look like when you get there? This sounds like it could primarily be a GSI or large integrator play, given the customer complexity you’re describing. Or do you genuinely see a path for mid-market MSPs and VARs to build a meaningful NIaaS practice? Doug Houghton: Another tough question. Yes, I do have GSIs as partners. We have a fairly robust and diverse partner ecosystem, and we see small shops rising up while larger shops are moving a bit more slowly, honestly. We’re still in that brand awareness honeymoon period – people are realizing our technology is compelling, getting themselves enabled. Some large partners we’ve recently brought on are still ramping. The biggest and most established organizations aren’t yet as capable as they will be, but we’re working diligently on that. Some of our smaller partners, on the other hand – I’m thinking of a friend of mine in Utah who is just an absolute champion. He knows our solution better than almost anyone. He closed six or seven deals in the past year, supported the implementations, did it largely on his own, because he’s curious, motivated, read all the documentation, and has been through full implementation cycles with us. He works at a ten-person shop. They just happen to have really good customers, and he knows the solution cold. So we’re at different stages with different partners in terms of maturity. The answer to your question is genuinely both. The small shop in Utah and the large national partner dedicating more resources as they see more customer problems Alkira can solve – we see wins across both. In the networking space, a six-month sales cycle is about as fast as it gets. I’m giving you a username and a password and you’re going in and connecting all of a customer’s assets together. The path exists for partners of every size. Robert Dutt: You’ve called out Canada specifically in your expansion plans, alongside the UK, EU, and the Middle East. What does that look like operationally – localized support, a Canadian channel team – or is it more of a global platform available to Canadian partners? Doug Houghton: Let’s talk personnel. We have a dedicated rep in eastern Canada, based out of New Hampshire, and a brilliant solutions architect just outside of Toronto. We’ve got a channel account manager – very capable teammate of mine, Savannah Stone – and the entire global solutions architecture staff accessible via Slack. We recently closed a very significant logo in Canada – a large insurance company – and our publicly referenceable Canadian customer is ContactPoint 360, a contact centre and BPO provider. They wanted to connect their Latin American operations back to Canada and couldn’t find an effective way to do it without us. We route them through the US West region, and the results have been excellent. We’ve also added CDW Canada as a partner, and I’ve got a value-added distributor that helps with field events. It’s not a massive footprint yet – it’s a bit of “they come first, then we build” – but there is a tremendous amount of opportunity in Canada and in Latin America that I’m genuinely excited about. Nobody’s told me no yet on spending budget, so here we go. A great story on the Canadian side: a gentleman named Chris Thelosinos, an architect and consultant who works with others in our space, is a member at a wine shop in Toronto. During the Toronto International Film Festival last year, we hosted a wine event right next to TIFF. I don’t drink alcohol, so it was entirely about the conversations for me – and I had the best time. We had significant customers come out, and the demand for simplicity, ease of implementation, and everything Alkira does well was just as strong in Canada as anywhere else. The market need is real. We talk about global backbone as a service all the time. Connecting China to San Francisco carries a distance and time tax, but it’s easy to configure. For organizations navigating geopolitical complexity around China access, or needing GPU connectivity in and out, we just abstract the Azure and AWS mainland China instances. They operate the same way as their Canadian or US equivalents. And you can consume it pay-as-you-go – stop using it, stop paying for it. That’s a compelling model for MSPs looking to grow into different regions. Robert Dutt: Last question then. For that Canadian MSP who’s listened to this and is thinking, “This sounds like a real opportunity” – what’s the one thing you’d want them to take away and act on? Doug Houghton: I’d ask them to go to partners@alkira.com and send us a note. And I will ply them with all sorts of content – videos, learnings, deal registration information, everything they need to get started in the space. Tongue in cheek, and also completely seriously: partners@alkira.com. If you’re looking to grow your business as a managed service provider – managed network, managed security, managed load balancing, managed DDI, managed connectivity – we’re a really great place to start. Because it’s never unpopular to walk into a customer and solve their problem quickly and say, “I can help you with X, Y, and Z, and I can do it in the next couple of hours – and that’s going to drive a total cost of ownership savings of 40 to 70%.” Nobody ever kicks you out of the office when you say something like that. Robert Dutt: Amazing. Doug, I appreciate you taking the time. Thank you very much. Doug Houghton: Robert, thank you for the engaging conversation. I hope your listeners get some good stuff out of it. Robert Dutt: There you have it – Doug Houghton from Alkira. I’d like to thank Doug for his time, and honestly for being one of the more entertaining guests I’ve had on in a while. “Networking is not sexy until it doesn’t work” is a line I’m going to be thinking about for a while. Thanks to you for listening as well. If this conversation sparked something – whether it’s curiosity about NIaaS, the AI infrastructure angle, or what roughly 20% total margin on a $500,000 average deal could do for your business – Doug made it easy for you to take the next step. Drop a note to partners@alkira.com. That’s the front door. And from what I heard today, they will absolutely get back to you. Here’s the thing that stuck with me most in this conversation: the argument that the AI moment isn’t just a software or services play. It’s going to force a reckoning with network infrastructure that a lot of organizations have been deferring for years. The partners who treat that reckoning as an opportunity rather than a fire drill are probably going to look very smart in about three years. If you’re finding the In The Channel podcast from ChannelBuzz.ca useful, the best thing you can do is follow or subscribe wherever you get your podcasts. We’re on Apple Podcasts, Spotify, YouTube, and most major directories. And if you’re enjoying the show, ratings and reviews are genuinely appreciated – they help other people in the Canadian channel find us. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: More than 100,000 tech jobs have been eliminated industry-wide in the first four months of 2026, with AI cited as a direct cause in nearly half of those cuts, according to tracking data reported by CNBC. Meta cut 8,000 positions – roughly 10 percent of its global workforce – with CEO Mark Zuckerberg explicitly framing 2026 as the year AI begins replacing workers. Entry-level and generalized IT roles are taking the heaviest hit, raising practical questions for MSPs about how their customers will think about IT headcount and services spending going forward. Keeper Security has released Verify Mode as part of version 17.8 of its browser extension – a real-time credential validation feature that stops users from submitting passwords to phishing or adversary-in-the-middle sites at the exact moment of entry, before credentials are ever exposed. The release also includes enhanced browser controls for administrators managing credential access across a user base. The feature directly targets the ClickFix and adversary-in-the-middle attack patterns that have been rising, adding a human-layer control at the point where most credential compromises actually happen. Pia has launched Pia Chat, a Microsoft Teams-native application that brings AI-powered service desk capabilities directly into the platform MSP clients are already working in. An AI Resolution Assist feature handles incoming support requests and routes users to targeted SmartForms, enabling zero-touch ticket resolution for routine issues – with full context automatically attached when escalation to a technician is required. The tool is designed to eliminate the context switching between Teams and PSA tools that creates operational drag for service desks, reducing ticket queue bloat and freeing technician time for higher-value work. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Tuesday, April 28th, and here’s what’s happening in the channel today. The tech industry has shed more than 100,000 jobs in the first four months of 2026, and artificial intelligence is increasingly being cited as a direct cause rather than a background factor. Meta cut 8,000 positions last week – roughly 10 percent of its global workforce – and Microsoft has made significant cuts as well. What’s notable is how explicitly the reasoning is being framed: Meta CEO Mark Zuckerberg described 2026 as the year AI starts to replace workers, not just assist them. Tracking data shows AI is directly driving nearly half of those eliminations, with entry-level and generalized IT roles taking the heaviest hit. For Canadian solution providers, this lands in your lap in a very practical way. Your customers are watching these headlines, and some of them are going to start asking whether they still need the same level of IT headcount – or the same IT budget. That’s a double-edged conversation: on one side, a risk to managed services contract value; on the other, an opportunity if you can reframe your services around what AI still can’t do, and what happens when it goes wrong. This one is worth getting ahead of before your customers bring it to you. Password manager Keeper Security has released version 17.8 of its browser extension, and the headline feature is something called Verify Mode – a real-time credential validation layer that sits at the exact moment a user enters a password into a web form. The idea is straightforward but the timing is sharp. Rather than flagging a suspicious site after the fact, Verify Mode checks the destination against Keeper’s known vault of saved credentials at the point of entry – before anything is submitted. If the site doesn’t match where that credential is supposed to go, the user gets stopped. The release also includes enhanced browser controls giving administrators tighter oversight over how credentials are accessed and used across a managed environment. This is a direct response to the adversary-in-the-middle and ClickFix attack patterns that have been climbing the threat charts over the past year – techniques specifically designed to harvest credentials by imitating legitimate login pages. For MSPs managing credential hygiene across SMB clients, a control that operates at the human layer rather than the network layer is worth understanding. The weakest link hasn’t changed – this just puts a check on it at the moment it matters most. Automation platform provider Pia has announced the launch of Pia Chat, a new application built directly into Microsoft Teams that aims to significantly reduce the time required to resolve client issues. The platform uses an AI Resolution Assist feature to handle incoming requests and guides users to specific SmartForms. Pia is positioning the tool as a way to enable zero-touch resolution, allowing service desks to close routine tickets in a matter of seconds without requiring human intervention. For requests that do require deeper technical expertise, the platform escalates the ticket to a technician with the full context already attached, eliminating the need for repetitive back-and-forth communication. The integration addresses a common source of operational drag for MSPs: the constant context switching between communication channels and professional services automation tools. By keeping the entire interaction lifecycle within Teams, the platform aims to cut down on human error, reduce bloated ticket queues, and free up technician time for higher-value, billable work. Later today on In The Channel, we’re talking about why networking is not sexy until it doesn’t work. Doug Houghton, director of global channels at Alkira, joins the show to discuss Network Infrastructure as a Service and why legacy networks simply weren’t designed for the elasticity demanded by today’s AI workloads. And if you haven’t heard it yet, yesterday’s episode features a look at the GTIA Innovate Awards with Carolyn April. We dig into why the channel needs to move beyond AI tinkering and proof-of-concepts toward strategic, revenue-generating deployments. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Carolyn April, GTIA’s vice president of research and market intelligence When GTIA launched its inaugural Innovate Awards program earlier this year, it made a deliberate point of specifying what it was looking for: AI solutions “deployed and in production.” Not a pitch. Not a pilot. Not a Copilot rollout. That qualifier says a lot about where the IT channel actually stands with AI right now. GTIA’s own 2026 State of the Channel research finds that 98% of IT service providers say they’re using AI in some form. But when you look at how, you find a channel that’s mostly tinkering – individual employees experimenting with ChatGPT, engineers using Copilot for coding, no governance, nobody formally in charge. “We need to move from experimentation and informal usage to strategic usage, and then to revenue-generating usage,” said Carolyn April, GTIA’s vice president of research and market intelligence. “The folks we’ll showcase through the Innovate Awards are those that have already made those steps.” The awards span two categories: Best Internal AI Solution and Best Customer-Facing AI Solution. The internal category, April noted, is where the more mature work is happening right now – and for good reason. MSPs who haven’t yet made AI work inside their own operations have no business selling it to customers. That’s not a philosophy, it’s just basic risk management. Applications have now closed, and finalists will present their results – and defend them in front of expert judges and peers – at ChannelCon 2026 in San Diego this August. Watch for those finalists. In a channel still searching for its real AI proof points, they’ll be worth studying. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. The IT channel has spent a couple of years now convincing itself it’s an AI industry. The data from GTIA’s own research tells a more complicated story. 98% of IT service providers say they’re using AI in some form, but when you drill down on that, you find a channel that’s mostly tinkering. Individual employees experimenting with ChatGPT, engineers using Copilot for coding. No formal strategy, no governance, nobody in charge. Real AI maturity is still the exception, not the rule. The Global Technology Industry Association is responding to that gap with a new program, the Innovate Awards – and the framing is deliberate: deployed, in production, with measurable results. Not a concept, not a pilot, not a Copilot rollout. A real AI solution that’s generating real revenue or saving real money today. Applications for these awards are now closed, and the finalists are heading to ChannelCon in San Diego in August, where they’ll have to stand in front of expert judges and defend their results. As my guest put it: it’s a shark tank, except you’re pitching the end result, not the idea. My guest today is Carolyn April, vice president of research and market intelligence at GTIA, and the person behind the State of the Channel research – with the best view in the industry of where the channel’s AI maturity actually stands. Let’s get right into it, my chat with Carolyn April. Carolyn, thanks for taking the time, I appreciate it. Carolyn April: Happy to be here. Robert Dutt: Before we get into the program details of the Innovate Awards, I want to understand what you’re actually responding to here. When you look at where IT solution providers are with AI right now, what’s the problem or the gap that the Innovate Awards are designed to address? Carolyn April: I think what we’re trying to do with the Innovate Awards is to show the average ITSP out there – the general population – what is currently happening on the cutting edge with AI. Right now, I think I can safely say that AI is still in its infancy in terms of real, monetized, revenue-generating solutions for the average ITSP. But there are those on the leading edge who are doing innovative things that are generating revenue for their companies. So it’s a way to sort of dangle in front of them – see that you can get there. This is happening. We like to showcase the folks who have gotten ahead of the game with AI, which is where the channel needs to go. It’s not a negotiable direction for many in the channel today. They need to be taking this seriously. It is a thing, and it’s not going away. So let’s showcase the folks who have gotten ahead of it and be a window into what is possible. Robert Dutt: And I think it’s meaningful that the focus is on – and I think the language used is “deployed and in production” as opposed to “conceptual” or “experimental.” It feels like a pointed statement that the goal is to find what’s actually making or saving money today. Carolyn April: Yes, that’s absolutely true. And we can look at our data here. When you ask ITSPs “Are you using AI?” – 98%, so pretty much universal, say yes. When you drill down a little more and ask how they’re using it, you can clearly see it isn’t in any strategic way. They’re using it internally, but most of the use is among individual users. People are experimenting with ChatGPT, experimenting with Copilot. Some engineers are coding with it. But there’s no formalization around that AI. There’s nobody in charge of AI within their organizations. They don’t have process, policy, or any of the governance things that really need to be in place for you to take something you’re doing internally and externalize it – start to sell it as a product or a service. So we’re really in that phase right now where we need to move from experimentation and informal usage to strategic usage, and then to revenue-generating usage. The folks we’ll showcase through the Innovate Awards are those that have already made those steps. Robert Dutt: You’ve got two categories – an internal AI solution and a customer-facing AI solution. As you’ve been talking to people and deploying this program, where are you seeing more genuine, production-grade work happening right now? Are MSPs building this internally in their own operations, or delivering it to customers first? Carolyn April: MSPs are definitely going the route of internal first. And they should be. It’s not a wise idea – and this is true of cybersecurity as well – to go to market as the expert in either of those disciplines without having your own house in order. You need to have deployed AI internally to do automation and create cost and process efficiencies within your own business. You don’t want to get in a situation where you’ve overpromised, or worse, delivered poorly, and lost the customer. So most of the work today among MSPs is internal. In moving to external manifestations of that, it would be taking some of those lessons learned from internal automation and applying them to how customers can also automate services and processes. There’s a lot of work being done around the stack. If you’ve got customers on Office 365, you’re talking Copilot rollouts – that’s one of the very low-hanging-fruit beginning stages. And then there’s vendors infusing AI into existing products, so MSPs are continuing to work with the same products they already sold, only now they have an AI component. A lot of this can all be wrapped around consulting. Customers today are saying: “I’ve heard about AI, I can’t avoid hearing about AI, but do I need it in my company? How do I use it? Please help.” They’re throwing up their hands. It’s a huge opportunity for smart MSPs to go in, be that expert, and hold their hand through it. The old saying about the channel – “where there’s mystery, there’s margin” – and there certainly is a great deal of mystery around AI, and there will continue to be for some time. Robert Dutt: Can you give me a sense of what kinds of use cases you’re hoping to see come through with the awards? Not to telegraph the judging, but just to help MSPs understand what award-worthy looks like in practice today. Carolyn April: There’s a lot of interpretation there, obviously, because we’re dealing with a new technology. Something that may not seem completely off the charts in terms of innovation might actually be very innovative and generate a lot of revenue and profit. In terms of solutions – anything that elevates AI to a specific use case of the customer would be something I’d deem award-worthy. We talk a lot about vertical industries and vertical focus. An MSP or ITSP that can apply an AI technology solution specifically to the vertical their customer lives in – whether that’s healthcare, retail, or manufacturing, customizing that – there’s a unique aspect there that our judges would be very interested in. Anything to do with cybersecurity is going to be a giant area. AI is both friend and foe when it comes to cyber – it’s a great new defensive tool, but the bad guys have those same tools at their disposal. Anyone who has figured out a good way to use AI within the cybersecurity defenses they’re setting up for customers would be a strong use case example. And then there’s application development. AppDev has never been a big area for a lot of channel companies – they don’t typically have software engineers on staff. But with AI, it’s made it a lot easier for them to do coding themselves, so they can create their own intellectual property, their own applications. Customers can say: “We need something very specific to our company and the way we do things – how can we spin up an application quickly without a six-month software project?” ITSPs that have started to use AI in a coding context might be another standout. Those are just three examples – there are probably a lot more. Robert Dutt: The flip side of that – what do you see as not qualifying? What’s the line between genuine innovation that’s meeting the mark for customers and something that’s still in the proof-of-concept, dipping-your-toe-in-the-water kind of phase? Carolyn April: We’re really looking for solutions that have been deployed and are earning – generating revenue right now – and where you can measure the results. The big measuring stick is that this solution needs to be truly operational. That’s the important thing. Proof-of-concept, pilot projects – all important, because operational solutions all started there. But those are going to be less interesting to the judges who are really looking for things that are in the field right now. And there are solutions being adopted more widely already – like helping customers AI-ify their productivity tools – that are going to be probably less exciting to the judges because they’re being done more universally. Now, if they’re customizing that in some way to create a vertical solution or an integration on top of Copilot – now that could get the interest of the judges. That’s taking it to the next level we’re talking about. Robert Dutt: So rolling out Copilot – not so much. Doing something new, innovative, business-changing on top of it – yes. Carolyn April: Absolutely. Robert Dutt: A lot of MSPs and ITSPs are smaller shops. Is there a scale dimension to this? Or are we still early enough in the game that a genuinely impactful deployment from a 10-person MSP can compete on the same footing as something from a much larger player? Carolyn April: They can compete, but right now we are seeing a gap. And it’s not necessarily because of the size of that ITSP. Just because you’re a small company doesn’t mean you can’t blow it out of the water with AI. But one of the things that’s a hindrance to companies of that size right now is not having the resources and capacity to look at AI in a strategic way. It’s a side project for a lot of these small companies. What larger companies that are doing this well are able to do is devote the resources to formalization – assigning somebody internally, whether full-time or part-time, to be the AI maven of their organization. The one that’s really in charge of creating the AI structure, determining what the process and policies are going to be, and building governance. Until you can create governance within your company, AI will remain a side project. And as long as it remains a side project, you’ll see that gap between larger and smaller companies. When smaller companies are able to make that strategic shift, the sky’s the limit in terms of margin and revenue. But it’s really about having the resources to get there right now. One example: pricing models. AI is going to upend current pricing models – especially for MSPs, it’s going to change the way everybody figures out how to price things. And delivery models too. Until those things are figured out, AI will remain a side project for a lot of smaller companies, because they’re not going to be able to go to market until they’ve sorted out those bigger-picture questions. And you don’t sort those out until you have a process, a policy, and governance – and somebody strategic inside the company who’s driving that. Robert Dutt: And there’s a real challenge too for the folks deploying – whether it’s a pure-play AI tool or baking AI into what they’re already doing – around what their economics look like. So the partner economics model kind of has to wait and react to how that shapes out. Carolyn April: Always. That’s 100% true. And I’ll speak a little on that, because we are actually seeing in our State of the Channel research this year a decline in vendor satisfaction. It’s been very steady and very high for years – it’s still high, in the 70% range overall. But the percentage of partners who are “very satisfied” – that most superlative category – went down significantly this year. A big, double-digit decline. And the reason really has to do with some of these AI questions. As vendors are trying to figure out their own partner programs and pricing models, and until that alignment takes place between what vendors have figured out and how partners are going to react to and consume it – a lot of the partner community right now is a little bit on the fence. They’re looking around, trying to see who’s doing it best, who’s figured it out first, or whether they should move from their tried-and-true vendors and start looking at some of the newer AI vendors. There’s a huge amount of uncertainty in the vendor-to-partner relationship right now. Robert Dutt: Can you walk me through how the judging process actually works? You’ve got both the expert evaluation and then peer voting at ChannelCon. Why that combination, and what does it do for the credibility of the outcome? Carolyn April: I’m not in charge of the Innovate Awards itself, but I’ve sat in on meetings with the people who are, and they’re selecting very good experts from across the channel – a range from vendors to distributors, different representation – to make sure that this is a serious program that we’d like to gain traction with and do annually. These experts have a lot of experience with AI. Their companies are doing a lot with it. They’re going to be looking critically at what these ITSPs put in front of them and making sure that it’s measurable. It’s not just about a good idea – it’s about whether your good idea translated into something we can actually look at from a revenue and profitability standpoint. That’s what’s going to give it credibility. In this first year of the awards, the goal is to have a serious critique of what’s happening among some of the more cutting-edge ITSPs doing AI, and to make sure we’re awarding those awards to those who are creating measurable solutions. The experts are going to be taking a really sharp look at what’s put in front of them. And the good thing is they get to showcase those solutions at ChannelCon – a good forum for anyone who wants to throw their hat in the ring. Robert Dutt: It’s an interesting measuring stick, isn’t it? I think there’s a way to use the application criteria as a practical tool for MSPs who aren’t necessarily going to apply themselves – to look at those questions, look at the winners, and see what they themselves couldn’t answer confidently. If you can’t point to measurable outcomes, if you can’t describe the business impact, what does that tell you about where you actually are on your AI journey? Carolyn April: Yes – those applying are going to have to validate and defend their solutions. They’re going to have to shark tank it as best they can. But they’re not pitching a new idea – they’re actually pitching an end result. So I’m eager to see the types of solutions that get put in front of these judges, because we are so early on right now, and I haven’t come across a huge wealth of demonstrable business cases from the channel community that are generating a lot of revenue and profit. So I’m very eager to see what these folks show up with. Robert Dutt: For an ITSP who’s sitting on something genuinely strong – with real deployments and real results – what’s the case and the benefit for going through the effort of the application beyond the chance to hold up their hands in victory at the end? Carolyn April: You get the victory lap, obviously, but it’s really about exposure and validation. One of the biggest knocks on channel companies since I’ve been in this business is poor marketing. They’re often not great at it. They don’t typically have a full-time, devoted marketing person on staff. Great at technical stuff, learned sales on the go – but marketing can be a weak spot. So winning an award is a key opportunity to gain exposure and promotion for your company. It’s also an opportunity to become part of GTIA – a way for channel firms who haven’t worked within the association before to become part of a community that’s valuable in so many ways. Not just as an award giver, but as a way to meet your peers, exchange ideas, meet vendors and other members who can help elevate your business, and get access to research. You come to ChannelCon and showcase your innovation in front of companies and people you may not have known before. It’s a win-win, especially for smaller companies that don’t often get an opportunity to be in that kind of forum. Robert Dutt: With GTIA’s global footprint – it’s right there in the name – and especially with your lens on research, what are you seeing in the North American MSP and ITSP community when it comes to AI adoption that shapes what you’re expecting to see in the submissions? Carolyn April: I don’t think North America is really any different from some of the other things going on globally. We just had our big communities and councils forum – our event that brings together our most engaged members under the umbrella of their various global, regional, and discipline communities. And all the talk at that event really centered around AI. These are very focused, engaged companies, and they know this is an area they cannot ignore. A lot of these companies have dug in. They are the leaders in their space. If you’re not yet involved at that level, the North American community is a great place to start, because these firms are very much pushing the envelope when it comes to AI – getting involved in understanding how cybersecurity and AI are going to relate to one another, and the consulting part of AI. That to me is really the initial big opportunity for many in the channel: to become that expert for customers who are a little at sea right now figuring out what AI means and how to apply it to their company. Robert Dutt: My last question – as you’re thinking about the evolution of these awards over time, what does success look like for the inaugural year? What would tell you the Innovate Awards did what you hoped? Carolyn April: Getting a good number of submissions would be number one – since it’s a new program, getting awareness out there and attracting submissions that make this a valid assessment of what’s going on. That’s always the first hurdle. And then the quality of the solutions, the quality of the companies presenting them, and the quality of the judges we can attract to sit there and determine whether a solution is truly innovative. And then how much buzz we receive after the fact. If the people who win these awards go on to gain some cachet – that should promote it again next year. “I want to submit our solution because look what happened to Company X last year – they took off.” If it ends up being a springboard for some of these companies, that’s great for everybody involved. Those are kind of the markers of success. Robert Dutt: It’s certainly an interesting concept for an awards program – and one that’s well-timed. As you say, it’s still nascent, but we are at the point where there are starting to be those real wins, those real material stories that can be told. I’m looking forward to seeing what stories emerge when the awards are announced at ChannelCon. Carolyn, thanks for taking the time. Carolyn April: I had a great time. Thank you so much. Robert Dutt: There you have it – Carolyn April from GTIA. I’d like to thank Carolyn for her time. Links to the Innovate Awards program and the State of the Channel 2026 research are in the show notes. A few things stayed with me from this conversation. The “deployed and in production” standard sounds obvious – but Carolyn was candid that we’re early enough in this that there isn’t yet a wealth of demonstrable business cases from the channel actually generating revenue from AI. These awards exist partly because GTIA needs to find those stories – not just to hand out trophies, but to hold them up to the rest of the industry to show what’s actually possible. The internal-first point also landed hard. The same discipline that good cybersecurity practice demands – don’t go sell something if your own house isn’t in order – applies directly to AI. Overpromise, underdeliver, you lose the customer. Get your own operations working with AI first, then take it to market. That’s the sequence. And as I said during the conversation: where there’s mystery, there’s margin. There’s a lot of mystery around AI right now. The question is who’s building something real with it. Watch for the finalists when they’re announced – those case studies are worth your attention. If you’re enjoying the ChannelBuzz.ca podcast, please follow or subscribe. You can find us on Apple Podcasts, Spotify, YouTube, and most of the directories. And if you feel like it, ratings and reviews are greatly appreciated. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: Canadian cyberattacks surge. Canadian enterprise cyberattacks jumped 80 percent over the past year, with the average organization hit by 342 incidents – up from 191 the previous year – and 52 percent reporting an actual breach, according to new research from CDW Canada and IDC. Cloud infection rates hit a record 53 percent, up from 41 percent the year before. Security spending is at a five-year high at an average 20 percent of IT budgets, yet breaches continue to climb – what CDW Canada’s CTO calls a “security maturity paradox.” Microsoft’s AI bundle overhaul lands Friday. Microsoft is launching two new products on May 1: Microsoft 365 E7, a new enterprise bundle above E5 that includes agentic AI capabilities, and Microsoft Agent 365, a packaged AI agent offering for business customers. Microsoft is also updating its Frontier Badge and Frontier Distributor partner designations to align with the new agentic AI-focused lineup. OpenAI goes channel. OpenAI has hired Colleen Kapase, a veteran channel executive with senior roles at Google Cloud, Snowflake, VMware, and Citrix, as VP of Strategic Global Partnerships. Her mandate is to build out OpenAI’s partner and reseller program, focused on its Codex AI coding agent and broader channel go-to-market models. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Monday, April 28, 2026, and here’s what’s happening in the channel today. Up first, A new report should be required reading for anyone in the Canadian IT channel selling security services. CDW Canada, in partnership with IDC, surveyed more than 700 Canadian IT and security professionals, and the numbers are stark. Cyberattacks on Canadian enterprises surged 80 percent in the past year, with the average organization recording 342 incidents – up from 191 the year before. More than half of respondents – 52 percent – reported an actual breach. Where the attacks are landing is the important detail for solution providers. Cloud infection rates hit a record 53 percent, up from 41 percent the previous year. Organizations are moving workloads to the cloud without necessarily securing them properly, and attackers have noticed. The uncomfortable wrinkle in the data: security budgets are at a five-year high, averaging 20 percent of total IT spend. More money going in, more breaches coming out. CDW Canada’s CTO describes it as a “security maturity paradox” – organizations are buying tools, but not necessarily deploying or managing them effectively. For MSPs and solution providers, that gap between investment and outcome is exactly the conversation your customers need to be having – and now there’s Canadian data to back it up. Second, If you’re a Microsoft partner, you’ve got roughly three days to get your head around some significant changes to the 365 product lineup – because new bundles are landing this Thursday, May 1st. Two things to know: Microsoft 365 E7, and Microsoft Agent 365. E7 is a new top-tier enterprise bundle that consolidates advanced security, compliance, and agentic AI capabilities into a single license tier above the existing E5. Microsoft Agent 365 is the company’s packaged answer to selling AI agents to business customers. There’s a structural channel piece attached to this as well. Microsoft is updating its Frontier Badge and Frontier Distributor designations to align with these new agentic AI products – so if you’re holding or working toward a Frontier badge, the criteria are shifting along with the launch. The practical reality: your customers are going to hear about this from Microsoft’s marketing engine very shortly, if they haven’t already, and they are going to ask you what it means for them and what it means for their bills. Thursday doesn’t leave a lot of runway, so the time to do your homework on these new SKUs is right now. And finally, One hire can tell you a lot about where a company is headed. OpenAI has brought on Colleen Kapase as Vice President of Strategic Global Partnerships, and if you’ve been in the IT channel for any length of time, that name is going to ring a bell. Kapase spent years in senior channel leadership roles at Google Cloud, Snowflake, VMware, and Citrix – consistently building partner ecosystems and go-to-market models that work through resellers and solution providers rather than around them. Her mandate at OpenAI is to build the company’s partner and channel operation, with a focus on Codex – OpenAI’s AI coding agent – and on creating what the company is calling an “epic” go-to-market model with partners. This matters because OpenAI has historically moved to market through hyperscaler partnerships and direct enterprise relationships. Bringing in someone with Kapase’s background signals a deliberate shift toward a real channel program – the kind that resellers and MSPs can actually participate in and build practices around. Whether that ultimately includes meaningful opportunities for Canadian partners remains to be seen – but the direction of travel is worth paying attention to. Later today on In The Channel, we take a look on the value of the GTIA's new Innovate Awards as a measuring stick for real, meaningful AI projects in the channel. And if you missed it on Friday, check out my interview with Erin Gertner on how the company's big Cisco 360 program update is landing one quarter after its debut. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening.
Erin Gertner, vice president of the Partner Organization and SMB sales at Cisco Canada The Cisco 360 Partner Program launched in January after roughly eighteen months of co-development with the partner community. It represents one of the most significant overhauls to Cisco’s channel model in more than two decades – replacing the Gold/Silver tier structure with architecture-specific “Preferred” designations, consolidating multiple incentive programs into the new Cisco Partner Incentive, and fundamentally shifting how partner value is measured, from transaction volume toward capability depth and lifecycle engagement. Three months in, Erin Gertner, vice president of the Partner Organization and SMB Sales for Cisco Canada, says the Canadian response has exceeded internal expectations – including on metrics Cisco had set internal targets around, like the percentage of partners achieving Preferred status. The surprise wasn’t just the numbers. Partners, she says, have been telling Cisco they appreciate the accountability around technical certifications. The Partner Value Index requirement to maintain certification levels gave partner leadership internal cover to prioritize training investments they already knew they needed to make. On the end of Gold: Gertner acknowledges the market education challenge, but argues Preferred is actually a more accurate signal than Gold ever was – since Gold could historically be earned through volume in a single area, while Preferred reflects genuine architectural depth. On the incentive shift: the current structure remains 90% weighted toward the “land” motion, with 5% each for adopt and renew. The rebalancing is coming, the timeline isn’t confirmed, and Gertner’s advice to partners is consistent: start building adoption and managed services practices now, because it takes years, and waiting for the incentives to change is waiting too long. Read Full Transcript Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always, your host for the show. Cisco’s 360 Partner Program was a long time coming. Eighteen months of co-development with partners, significant changes to how Cisco recognizes, rewards, and incentivizes its channel, including the end of the Gold designation that partners have built their brands around for more than two decades. The program launched in January and we’re now at roughly the three-month mark, which means it’s a good time to ask: how’s it actually going? Erin Gertner is vice president of the Partner Organization and SMB Sales for Cisco Canada, and she was closely involved in rolling 360 out to the Canadian market. We get into what surprised her most about how Canadian partners have responded – and some of the feedback wasn’t what she expected. We talk about what the end of Gold actually means for partners who built their reputation around it, where the incentive math is landing, and what the shift towards rewarding capability depth and lifecycle engagement looks like in practice for partners of all sizes. There’s also a practical question at the heart of this. If you’re a Canadian partner who’s still figuring out how to position yourself in the new program, what should you be doing right now? Let’s get right into it. My chat with Erin Gertner. ROBERT DUTT: Erin, thanks for taking the time. I appreciate it. ERIN GERTNER: Thank you for having me. ROBERT DUTT: 360, the partner program – long awaited, rolled out I’m going to say eighteen months or so ago, but has been live now for a quarter. How’s it going? What surprised you on the upside, and what’s been harder in getting the program out there than you expected? ERIN GERTNER: Yeah, it was a long eighteen months, but I’m glad we did it that way. I was telling somebody yesterday, I think we very intentionally took the hard road on evolving our partner program. As you’re well aware, our previous partner program had been in place for over twenty years, and was very beloved by our partners. And candidly, it was wildly profitable for many of them. So I think there was a lot of angst in the machine around changes, but there came a time where we really did have to go out and evolve our program as the market has changed. So we intentionally took the harder road, which was to co-innovate the program with our partners, versus us creating a program and pushing it out to the partner community. Early days, we got a ton of feedback from partners. We certainly made a few mistakes, but I really do think we did a great job listening to feedback from the partners and making adjustments where necessary. Obviously, the Canadian market is quite different from my peers in the US, as an example – same thing as EMEA and APJC. And it’s hard to make a program that fits for everybody. But I do think we’ve done a good job of creating a model, and having the ability to adjust a model that takes care of the majority of our partners. What surprised me the most was: we tried to take a really strategic approach in Canada. As I said to my team, my biggest fear at the end of this is that we have partners who say “I wasn’t ready” or “I didn’t know.” And we really operated with that in mind. So our goal was to have the majority of our partner community as ready as they possibly could be, earning either the same, if not more, with us. We did workshops with all of our partners. We enabled our distributors. We spent a really long time sitting in front of our partner community, helping them understand what investments they would need to make to be successful, as well as what would be the payoff on those investments. Some of the asks around training and other elements of the program did require investment from the partners. So we wanted to make sure we could demonstrate to them that there was a strong outcome – that there was profit to be made should they make those investments alongside us. The thing that actually surprised me the most is that our partner community in Canada is in very good shape in terms of being able to earn with us in the future. We had some metrics and some targets that we aspired to – a certain percentage of our partners achieving Preferred, for example – and we were able to exceed those metrics. But actually, the thing that surprised me the most is that a lot of our partners came back to us and said, “I like the accountability you have around our technical capabilities, because a lot of this does center around getting Black Belts, as an example.” And one individual said to us, “Behind the curtains, I don’t know if our team was spending as much time as they needed to on training and maintaining our certification levels. And this has really compelled our team to ensure that they are certified in all the right technologies, and we’re having better conversations with customers.” So I thought there would be a little more noise in the machine, and there certainly was at different points – we made those adjustments along the way – but the feedback has been overwhelmingly positive from the Canadian community. I think the team did a really good job of making sure we were hand-in-hand with our partners, because their success is so critical to us. We know if they’re not making money with us, they have choices in the market and they won’t continue to lead with Cisco. ROBERT DUTT: So to that point – CRN in the States surveyed partners heading into the launch and found about 40% were positive, about the same number were in the wait-and-see camp, and very few – I think it was about 7% – were actively unhappy with the way things were looking going into 360. Now that the program’s live and partners have actually had a chance to see their PVI and the incentives and how it all looks to them, have you seen the mood trend in Canada? Have you started to see those wait-and-sees move toward the positive camp, or what are you seeing in terms of that momentum? ERIN GERTNER: I mean, I think our big partners were sort of a no-brainer. A lot of them had a lot of the skills, depth, and capability that were going to be required to get them into Preferred in all the categories. So a few of them grumbled early on because they had to do a little bit more training and enablement, but they quickly hit the thresholds and they’re all in good shape. What we’ve actually seen is our distributors took a really strategic approach to our two-tier partners, and they’ve been running a lot of workshops and working hand-in-hand with some of our smaller partners. And we’ve actually seen quite a few new partners come on board because they have the ability to be specialized in certain architectures. For example, we’ve been recruiting more security partners, and the distis have done a great job of working alongside those security partners to help get them up and running. Because a piece of feedback we used to hear in our old program was: “It’s really hard to earn with you because we don’t want to be a network reseller. That’s not interesting for us. We’re a pure-play security partner and we’d like to continue to be a pure-play security partner. And just because it fits for you, it doesn’t fit for me.” I think this evolution of the program has allowed partners who are pure-play security partners, or great data centre partners, to come on board and start earning rebate pretty quickly, as well as get the designation so customers know that they are deeply skilled and deeply qualified in that particular architecture. ROBERT DUTT: From your comments a bit earlier, it sounds like partners who you expected to be hitting Preferred are hitting Preferred, and in some cases folks who you maybe weren’t expecting to hit Preferred are hitting Preferred – which is a nice little bonus. But as PVI becomes the engine of the new model, do you find that Canadian partners are generally landing where they expected? ERIN GERTNER: Yeah, for the most part. We do have a few partners who do a lot of business with us but are smaller – just have a few employees – and they’re very critical to our business because they serve some small subsegment of the public sector, for example. Those are the corner cases that we’ve been taking back to our global team, and they’ve provided some flexibility in how we treat those partners. Because again, when we looked at our partner landscape, we wanted to make sure everybody who plays a critical role in how we deliver our business for Cisco Canada was taken care of. For the most part, the program has fit the good majority of our partners in the Canadian landscape. For the ones where there are exceptions, or where the program doesn’t make full sense, we’ve been working with them in the background to try to figure out: can we help make an investment, or can we look at treating some of those partners in a bit of a different way to make sure they’re going to be successful with Cisco and continue to earn with Cisco? So some of that is still underway, even though the program has already launched. We’re still continuing to tweak it and take feedback. ROBERT DUTT: VIP was for so long the thing that partners watched most closely – the best indicator of where Cisco thinks we should be pointed. How is CPI, the Cisco Partner Incentive, actually landing now that it’s out there? Before launch, I think anytime you switch something like that, there’s always going to be the “what if we used to get X millions in rebates and now we get half of that?” Now that it’s live, how’s the math working out? And do you find partners are generally at least at parity with where they were with VIP? ERIN GERTNER: We haven’t gotten to a point where we’ve given anybody a check yet, because we’re still in the infancy of the program. But all the feedback I’ve heard from partners so far – and we have a few partners who sit on our advisory board, so they were early in testing out those calculators and have a really good sense of where they’re going to land – the majority of those partners have said they’re tracking to the same or better from a profitability perspective. Again, to your point around VIP, it’s always very clear where we’re leaning in and where we’re trying to go as a company based on the back-end rebates and the accelerators that follow alongside that. So I think our partners do have a good understanding of where they need to focus and what the outcome will be of that focus. So far the feedback has been very positive from the calculator, but I guess we shall see in a few months from now. ROBERT DUTT: Let’s talk about the end of Gold. It was such a standard for such a long time. It was well understood by partners and I think it was well understood by customers. Longview was one of the first Canadian partners to achieve Preferred in all five of the architectures, but they still flagged some concern with the fact that there’s not an easy way to signal that multi-architecture depth the same way that Gold used to in one easy packaging. For a Canadian partner that’s kind of built their brand around Gold or included that in their messaging, what’s the practical guidance in positioning their expertise to their customers now, especially looking across architectures? ERIN GERTNER: I think you said part of it in the question, right? The fact that they are the first, and that they are Preferred in all the categories, is actually better than Gold. I was talking about this to somebody yesterday. What is interesting about Gold – and I was actually on the sales side of our business for the majority of my career – there was always this perception that if you were a Gold partner, you were great at everything. And that was a market perception for a really long time. When in fact, when you pulled back the covers, you could be a Gold partner just by selling a lot of one thing. So we’ve actually embarked on a marketing campaign that’s been live for a few months now – I think you probably heard about it at Partner Summit – talking about some of the change in our branding. Now when customers are evaluating our partners, or when our account teams are evaluating when to bring in partners, the fact that it’s very clear which partners have the right expertise, the ones who have made the right investments and who’ve got really deep technical depth – that’s now very clear with Preferred status versus what used to be Gold. I think we still have some market education to do around what it means to be Preferred and the amount of investment that partners need to make to get into Preferred status in each of those architectures. There was quite a bit of chatter at some of the advisory boards about Gold going away and what they felt that meant to their business and their market. But I actually like where this program has gone because their expertise is very clear now, which wasn’t the case with Gold. ROBERT DUTT: Gold did have this great market perception of being good at everything. It was easy to capture in kind of one word, one concept. But your point there then is that it’s easier with Preferred to express where you’re good and the breadth of that. That’s an interesting takeaway for partners. The philosophy in the program has shifted even more so than in the previous shift – away from rewarding transaction volume, towards rewarding capability depth and lifecycle engagement. Sounds great conceptually, and I understand why it’s important, but for a partner whose business model has been built around those big infrastructure deals and landing them, what does that transition look like in practice? Is there a smooth ramp to getting that worked into the business, or is there potentially a cliff here?ERIN GERTNER: So it’s a multi-year journey to getting to a true place where our incentive programs are going to be aligned to full lifecycle. The intent of the program is to work with partners to build those skills and capabilities around lifecycle, adoption, managed services, and all the other things we’re asking them to build. But we know for some partners that is a multi-year journey, and that’s okay. When we look at our back-end rebate structure, we are taking a slower approach. On the surface, we’re asking partners to do all these things with us and come along for the ride – but we are still incenting them very heavily on hardware resale in the near term. We want to make sure they have a very clear path and that they do understand that we’re evolving the business and we’re evolving the way we incent for good reasons. We need to do that. Adoption – especially as software continues to be a larger portion of our overall business – and lifecycle becomes even more critical over time, as well as the renewal business. But we aren’t just flipping a switch. The intent of this program was never to punish, and it was never meant to save Cisco money. We talked a lot about how partners are so critical to our success – we want to make sure they are continuing to be very profitable with us. So we’re trying to take them on a longer-term journey and we’re not trying to make it hurt. ROBERT DUTT: The engagement metrics right now are sitting at 90% land and 5% each to adopt and renew. I think Tim Coogan has said that that will shift over time as the market dictates, but how fast do you see that coming? Should partners be building those adopt-and-renew muscles now in anticipation of the bigger shift, or is there still some runway there? ERIN GERTNER: I would say we need to get started now. Some of those certifications take a year or two, and building those practices – for partners who have historically sold hardware, building out an adoption practice – I mean, we did it, and it took us a couple of years to get that up and running. So building out those practices is really critical for partners. What’s interesting about this program is that we had partners asking us to shift away from paying solely on hardware, because they were saying, “You’re asking us to go out and do all this extra work with customers to help them deliver the outcomes they’re looking for. We should be incentivized around that as well.” So I would say: get started now. I don’t think I can speak to when our back-end programs are going to shift more to adoption and renew, because nobody has shared that with me. I’m not sure we even know – I think we want to see where our partners are on the journey. But I would say get started now. Get yourself in a place where that makes sense. And candidly, you’re going to yield better outcomes from your customers and better renewal rates if you’ve got a great practice around that. I was talking to a partner a few weeks ago who said, “We love the whole adoption motion. It has us having conversations we’ve never had with customers, and we’re much closer to the executives at our customer base because we’re talking about use cases and talking about whether we’re seeing success or whether we need to pivot. We’re having quarterly touchpoints and QBRs talking about whether or not what we sold them is working and they’re seeing value from it.” So I think it’s a good motion for partners to build regardless. It will drive a different level of engagement and conversation with their customers. When we’re going to fully incentivize around it, I’m not entirely sure – but I know it’s coming. Be ready, start building that expertise now. There’s hopefully limited downside to doing so. ROBERT DUTT: One of the things that analysts have noted about the program change is that it’s really a bet on skills first – that partner value is measured by what you can do, not how much you sell. That’s a big cultural shift, not just a programmatic one. Acknowledging that there are going to be some partners who are maybe a little bit behind the curve, and some who are ahead of you saying “what took you so long?” – how far along are Canadian partners in making that mental shift themselves? ERIN GERTNER: I can feel [they’re] pretty far along. I think it was a bit of a shock early on because we never had any accountability in our programs around maintaining certification levels and technical depth. But our best partners have great technical expertise and a really strong understanding of our solutions and what they can deliver to customers. And as I said earlier, some of the feedback we’re getting from partners is, “I’m glad you’re doing this – it’s holding us accountable to making sure we’re staying on top of the solutions.” Our portfolio has moved so quickly over the last couple of years. Our best partners are the ones who have great understanding of the technology and what it can deliver. So I think early on there was a little hesitation from some partners around that, but the feedback has been overwhelmingly positive in the last little while. ROBERT DUTT: Let’s talk about SMB. The Canadian channel in market skews toward small and mid-size, and this happens to roll into your line of work as well. I’m seeing two different takes on what 360 means for smaller partners. Tiffani Bova from Futurum warned that smaller or resource-constrained partners may be sort of specialized out of the ecosystem. But Cisco’s analysis with Techaisle argues that 360 dismantles the bias toward big partners. Those are two very different reads. I’m curious what you’re seeing in the market in Canada and what’s closer to the truth in practice. ERIN GERTNER: It’s so funny when you ask – we were joking about this yesterday on a call. When you ask one set of partners, they’ll say 360 was created for the big partners. And then you ask another set of partners, they’ll say 360 was created for the small partners. So it was really created for everybody. I think the distis have done a really good job of leaning in with some of our SMB partners and helping them figure out where they want to play and what they need to do to be successful. They also have a lot that they can bring to bear to some of the smaller partners – for example, they’ve got a really good EA practice, and they can help augment some of those skill sets that are required for the SMB partner. So if there is an SMB partner out there that wants to work with us, distis are really well equipped to help them get on board. And we’ve also got some incentives, programs, and specializations that are offered specifically for the SMB market. Still, a good majority of our business happens with our big partners, but also through that two-tier channel and distribution. And we need those partners to be successful alongside us. We’ve made a lot of investments to ensure that’s the case. Is it going to be perfect for everybody? Maybe, maybe not. But we certainly did craft the program to make sure that SMB would have an equal chance at success. ROBERT DUTT: One of the big promises of 360 is that managed services is now treated as a standard earning motion rather than kind of an exception to the rules. How’s that landing? Are you seeing Canadian MSPs that have their operational maturity and lifecycle engagement reflected in PVI, or is there still friction to be resolved there? ERIN GERTNER: I think it looks a little bit different, but we actually are seeing a lot of our partners go out and build Cisco Partner-Powered managed services, which I love. Due to the shift in 360, I was working with a partner a few weeks ago who’s building out a managed Meraki practice, and we’re also seeing a lot of partners starting to build up managed security with us as well. Going through the certifications can be a little bit cumbersome, but we’ve also made quite a few investments in our partners to help ease some of that transition – especially partners who are building really great, highly relevant managed services for SMBs or for any customer base. We’re trying to offset the cost or do what we can to help them through that journey, because I know in some instances it is a heavy lift. But the focus around managed services has actually been really good. Partners are getting thoughtful around where they can deliver value to their customer base, where there’s opportunity, and they’re coming to us proactively to build, which I love. ROBERT DUTT: One of the neat things about the program is the fact that Meraki CMNA and CMSS certifications now actually count towards Black Belt, and that’s an important part of the program. CMNA, CMSS – it feels like a big deal for SMB-focused partners. Are you seeing Canadian partners taking advantage of that pathway and getting represented better because they have those certifications? ERIN GERTNER: Again, everybody’s path looks a little bit different. I was just working with a small partner who’s going out and getting his CCNA and getting himself certified so he can improve his PVI score. And that’s been awesome. Having more technical people at our partners who know a lot about Cisco has been an interesting journey for them. He was sort of grumbling a little bit at the beginning doing it, and then he said [it was rewarding [? – unclear in audio**]], being able to have a little more depth to conversations when he’s sitting in front of a customer. So we’re seeing partners take all different types of paths to get to where they need to be from a certification perspective. But again, it is certainly holding them accountable and encouraging them to get more technical depth and capability into their organization, which ultimately will serve the customer better over time. ROBERT DUTT: The Secure AI Infrastructure specialization drove three times the enrollment of any previous specialization, from what I’ve read. What does that tell you about where partner investment is heading? Is there a risk that everyone rushes toward AI and neglects the bread-and-butter networking and security competencies? Or are we pretty much so well entrenched there that there’s the opportunity to build into the next thing and still defend the home base? ERIN GERTNER: I keep saying to partners: there’s no AI without a network. And when we left Partner Summit, I had three partners come up and say to me, “That was my biggest aha moment of this whole thing.” Even if you’re not selling Cisco servers – which we encourage them all to do – whatever you’re doing is built on the foundation of a secure network. So I love that people are gravitating more toward AI, because it does pull through. If I go back to the days of IP telephony, we used to joke when I was in the field, if somebody bought a phone, it pulled through PoE ports – I think AI is going to be the same opportunity for a lot of our partners. It’s going to pull through observability, it’s going to pull through security, it’s going to pull through networking. So I almost think those things very much go hand in hand together, versus standing on their own and being autonomous. ROBERT DUTT: Finally, if you’re a Canadian partner listening to this and you’ve been in the program and getting used to it for coming up on a quarter now – what’s the one thing you should be doing right now to position yourself as the program matures? What’s the one thing you can differentiate yourself by year end? ERIN GERTNER: That’s a great question. I think it’s going to end up being a few things. One: make sure you have a good understanding of the program and how it works. Because again, it was intended to make sure our partners are making money working with Cisco. Profitability is number one for us in the channel. We value our partners so much. I have a partner who always jokes, “The thing I love about working with Cisco is you guys always ask us about our profitability” – and we really do care deeply and immensely about the profitability of our partners. So to your point around VIP, you can always sort of tell where Cisco is going. I hope all of our partners have a pretty good understanding of where we are going – and if you don’t, reach out to us directly or to our distributors. If you follow the bouncing ball on that one, make sure you are leading with a secure networking conversation, and make sure whoever you’re working with has a lot of depth and knowledge in how to leverage the program and how to work within the confines of it. Go out there and be loud and proud of where you are with your PVI score and where you are focusing from an architecture perspective. We love that there’s a really large breadth of partners who are good at many things, or really good at one or two things – and that works for us. Again, if you need help to be successful, reach out to our teams, because we love working with our channel partners. ROBERT DUTT: All right. Erin, thanks for taking the time, and congratulations on getting the program out there, getting it launched, getting it established. Good luck on quarter two and beyond. ERIN GERTNER: Thank you. Thank you for the conversation. I really enjoyed that. ROBERT DUTT:There you have it – Erin Gertner from Cisco Canada. I’d like to thank Erin for her time on this one. A few things worth sitting with. The feedback from the Canadian partner community has apparently been more positive than even Cisco expected – including partners who said they actually appreciated being held accountable to their certification levels because it gave them internal cover to make the training investments they knew they should have been making anyway. That’s a more honest answer than most vendor channel chiefs would volunteer. The other thing I’d keep in mind: the incentive structure is still heavily weighted toward hardware resale in the near term – 90% land, 5% adopt, 5% renew. But Erin was pretty clear that the shift towards adoption and managed services is coming. The timeline just isn’t set. Her advice was simple: start building those muscles now, because it takes a couple of years to get an adoption practice up and running. Don’t wait till the incentives force your hand. If you’re enjoying the In The Channel podcast, you can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. Follow, subscribe, leave a rating and review if you’re feeling generous – it all helps. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: Acronis launches GenAI Protection for MSPs. Acronis GenAI Protection went generally available April 22nd, giving MSPs a purpose-built tool to discover shadow AI usage across client environments, prevent sensitive data from flowing into unsanctioned AI tools, block prompt injection attacks, and enforce per-client AI usage policies – all from within the existing Acronis Cyber Protect Cloud console. Acronis president Gaidar Magdanurov is framing it as a direct MSP revenue opportunity: turning an invisible and largely ungoverned risk into a billable managed service. Omdia analyst Matthew Ball puts SMB AI adoption at over 50 percent regardless of IT sanction, which tells you exactly how large that ungoverned footprint already is. This is the first release in Acronis’s broader Cyber Workspace initiative, with additional AI-native security capabilities on the roadmap. Everpure CEO publishes open letter on RAMageddon pricing. Everpure (formerly Pure Storage) CEO Charles Giancarlo published a frank letter to customers today warning of roughly 70 percent average price increases since January 2026 – driven by AI infrastructure buildout pulling semiconductor supply away from conventional components. Everpure’s own input costs for CPUs, DRAM, and flash storage have risen between 300 and 900 percent since mid-2025, with costs doubling December to January and doubling or tripling again through March. Giancarlo says the company is absorbing a significant share of the increase rather than passing it through, and commits not to profiteer – but the channel impact is real. Quote validity windows are now 30 days, down from 60 to 90. Giancarlo warns the disruption could persist for years. CRN’s coverage of Everpure’s recent earnings provides useful context on the company’s supply chain posture. If you have hardware-heavy proposals in flight, review your numbers and start the proactive conversation with clients now. Cisco unveils working prototype of a Universal Quantum Switch. Cisco’s Universal Quantum Switch, announced today, is a research prototype that solves a foundational barrier to quantum networking: different quantum systems encode information in incompatible ways, and connecting them has previously meant destroying the quantum information in the process. Cisco’s patented conversion engine routes and translates between all major encoding modalities at room temperature on standard telecom fiber, with less than four percent quantum information degradation and sub-nanosecond switching at under one milliwatt of power. This is research, not a shippable product – but Cisco is drawing an explicit parallel to how classical switches made the internet scalable, and has collaboration agreements with IBM, Qunnect, and Atom Computing working toward a full quantum network stack. For channel partners with public sector, defence, or financial services accounts where quantum security is beginning to surface, the practical timeline on distributed quantum infrastructure is moving faster than most of the channel has been tracking. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Friday, April 24, 2026, and here’s what’s happening in the channel today. First up: Acronis has launched Acronis GenAI Protection, a new managed service offering aimed squarely at MSPs. What it does is give service providers centralized visibility and control over generative AI usage across client environments. That means shadow AI discovery – finding out which AI tools employees are actually using, sanctioned or not. It means prompt injection blocking, so bad actors can’t use AI tools to manipulate systems or exfiltrate data through a chat interface. And it means sensitive data protection: preventing PII, PHI, and confidential business information from getting fed into tools that were never cleared to receive it. MSPs can set and enforce AI usage policies on a per-client basis, all from inside the existing Acronis Cyber Protect Cloud console – no separate point solution to manage or sell. Acronis president Gaidar Magdanurov is positioning this explicitly as a revenue expansion opportunity – the idea being that MSPs can convert an invisible risk their clients already have into a billable managed service line. The market backdrop supports that framing: Omdia analyst Matthew Ball estimates that more than half of SMBs are already using AI tools regardless of IT approval, and for the most part there is no governance layer in place to manage that usage. This is the first release under Acronis’s broader Cyber Workspace initiative, with more capabilities – AI-native threat detection, deeper workspace monitoring – described as coming. Worth evaluating now. For most MSP client bases, the shadow AI governance conversation is already overdue. Second: Everpure – the company formerly known as Pure Storage – CEO Charles Giancarlo published an open letter to customers and partners today that anyone selling or speccing hardware needs to read carefully. The headline number is a 70 percent average price increase since the beginning of 2026 – and Giancarlo’s message is that this may not normalize for years, not quarters. The underlying cause is AI infrastructure buildout consuming semiconductor supply at a pace that’s starving conventional storage and compute components. Everpure’s own input costs – CPUs, DRAM, and flash storage – have surged between 300 and 900 percent from mid-2025 baseline levels. Costs roughly doubled between December and January alone, then doubled or tripled again through February and March. Giancarlo is explicit that the company is absorbing a significant share of those increases rather than passing them straight through – it’s operating at the low end of its 65 to 70 percent gross margin range as a result – and the letter commits explicitly to not treating the supply crisis as a margin opportunity. That’s worth acknowledging. But absorbing part of a 300-to-900 percent input cost spike still leaves a 70 percent average increase landing on customers. The channel-specific implications are concrete. Quote validity has been cut from 60 to 90 days down to 30, because costs are moving too fast for longer windows to hold. And Giancarlo’s warning about multi-year disruption applies broadly – the underlying DRAM and flash component dynamics affect the whole hardware market, not just Everpure’s product line. If you have proposals in flight with any significant storage or compute components, pressure-test those numbers now and get ahead of the conversation with your clients before they come to you. And third, something from the longer end of the technology horizon: Cisco has announced a Universal Quantum Switch – a working research prototype that addresses one of the foundational barriers to practical quantum networking. Here’s the core problem it solves. Quantum computers from different vendors encode information in fundamentally different ways – polarization, time-bin, frequency-bin, path encoding – and until now, connecting them has meant destroying the quantum information in the process. There’s been no equivalent of a network switch for quantum systems. Cisco’s prototype changes that with a patented conversion engine that can route and translate between all of those encoding types simultaneously, preserving the quantum state across the translation. It operates at room temperature on standard telecom fiber – no exotic cryogenic infrastructure required. In testing, it achieved less than four percent quantum information degradation, with sub-nanosecond switching at under one milliwatt of power. The analogy Cisco uses is instructive: classical networking switches made the internet possible by connecting incompatible endpoints through a common network fabric. This is the same concept applied to quantum systems. The company is working with IBM, Qunnect, and Atom Computing toward a fuller quantum network stack. To be direct about where this fits for the channel: it’s a research prototype and it won’t appear on a quote sheet this year or next. But for those with public sector, defence, or financial services accounts where quantum is starting to surface in security and infrastructure conversations, the practical timeline on distributed quantum networking is compressing faster than the industry has generally been tracking. This is meaningful progress, and it’s worth knowing about. Later today on In The Channel, we’ll be discussing Cisco 360, three months in with Cisco Canada channel chief Erin Gertner, and looking at why Canadian partners are responding better than expected to the program’s rollout. And if you haven’t heard it yet, yesterday’s episode features Dell Technologies vice president of global partner marketing Eric Arcese discussing the AI Factory and why the gaps around it are the real opportunity for the channel. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day, and an even better weekend.
Eric Arcese, vice president of global partner marketing at Dell Technologies Dell Technologies vice president of global partner marketing Eric Arcese joins In The Channel ahead of Dell Technologies World, and his central message for Canadian partners is worth sitting with: the AI Factory is Dell’s story, but the seams around it belong to the channel. Arcese describes looking at the Dell AI Factory with NVIDIA topology slide at a recent Dell Tech World and seeing the “gaps, the seams” – the services, the data work, the outcome-level integration – as the real opportunity for partners. As enterprise AI adoption moves beyond hyperscaler buildouts into mid-market and commercial customers, those gaps are where Canadian MSPs and VARs have natural advantages: proximity to the customer, industry intimacy, and the ability to make the technology real. On the VxRail-to-Dell Private Cloud transition, Arcese frames the shift around the economics of AI – disaggregated infrastructure lets customers independently scale GPUs, storage, and networking for specific workloads. Hypervisor choice is preserved across Red Hat, Microsoft, VMware, and others, and partners building Dell Private Cloud practices can access up to 10% incremental incentives. The AI PC conversation moves past the usual productivity pitch. With over 500 million PCs still running Windows 10 and enterprise fleets averaging three to five years old, the refresh is as much a security imperative as a performance one – a stronger entry point for MSPs already in the endpoint security conversation with their customers. The episode closes with a preview of the Global Partner Summit at Dell Technologies World, May 18-21 in Las Vegas. Demand signals replacing traditional leads, AI-assisted quoting and deal registration, a “modern partner-centric transaction ecosystem” – the “simple, predictable, profitable” mantra is getting operational substance. The details come in May. Read Full Transcript Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. Dell Technologies World is coming up in May, and for the Dell partner community, it’s the biggest event on the calendar – the place where the direction for the partner program gets set for the year ahead. As we head toward that, there’s a lot for Canadian resellers and MSPs to be thinking about. The partner program has been evolving. The shift from VxRail to Dell Private Cloud is still very much unfolding. The AI infrastructure opportunity is reshaping what customers expect and what partners are expected to deliver. The question of where a Canadian MSP or VAR actually fits into all of that – that’s a real and pressing one. To help me make sense of it, I sat down with Eric Arcese, Vice President of Global Partner Marketing at Dell Technologies. Eric’s been in the industry for over 25 years, with roots going back to the EMC era, so he’s been watching and shaping how the Dell partner ecosystem operates for a long time. We talked about where partners fit in the AI story, the VxRail transition, the AI PC refresh, and what you can expect from the Global Partner Summit in May. Let’s get right into it, my chat with Eric Arcese. Robert Dutt: Eric, thanks for taking the time. I appreciate it. Eric Arcese: Thanks, Robert, for having me. Robert Dutt: You’re the Vice President of Global Partner Marketing at Dell. Can you give me a sense of what that actually means day-to-day? What are you responsible for, and what does the Dell partner community look like from where you’re sitting? Eric Arcese: Well, the partner community has been a tremendous growth engine and a critical and existential part of our go-to-market in everything that we do. We have partners around the world, we have some of our very best in Canada, and our partners really bring our technology to life with our shared customers around the world. We can’t do what we do in the market without the phenomenal partners that we have. In my role leading global partner marketing, that is to make sure that our story resonates, that we’re bringing that value proposition to life for our partners. They have choices, just like customers do, each and every day – who they’re going to invest in, who they’re going to work with, what they’re going to focus on learning, how they’re going to enable their sellers, their pre-sales folks. And we want to make sure that our partners feel really good about working with us, building businesses with us, developing practices with us, and ultimately growing with us in the markets that they serve for the customers that we collectively support. I love what I do. I’ve been in tech for over 25 years, here at Dell for over 25 years as well, and I could not think of a place I would rather be. Supporting our very best partners in Canada and around the world, and all that we do – that’s a little bit about what I do. I work very closely with my team around the world, and with our regional marketing folks as well, to make sure that that last mile of what we deliver for partners is well-aligned and adds value to partners in the ecosystem. So that’s a little bit about what I do, Robert. Robert Dutt: I feel like 2026 is a bit of an inflection point for the partner community writ large, and the definition of a Dell partner seems broader than it’s ever been. You’ve talked about partners moving beyond reselling into being architects, advisors, ecosystem builders – all that kind of good stuff. What do you see as the state of the Dell partner community right now, and how have you seen that picture change over recent months, and I guess the last year or two? Eric Arcese: Robert, you and I have both been in tech for the last couple of decades, and there have been different chapters, different inflection points. What we’re seeing now is a moment like we’ve never seen before. This is obviously all driven by AI, but it puts infrastructure, solutions, integrations, and outcomes at the forefront of everything that our partners deliver and everything our customers are demanding. So we’re in this moment that’s existential in tech and everything that we do, where we need to accelerate time to value with infrastructure. And when it really dawned on me, Robert – it was a couple of years ago, at a Dell Technologies World; you might have been there too. We had this announcement, and we called it the AI Factory with NVIDIA. And we had a picture on a slide – like so many of you have seen, with a chevron – data coming in on one side, use cases and business outcomes on the other, but layered through all of that, you had services, AI, software, infrastructure. And there were gaps when I saw this slide, and I was thinking to myself: the gaps, the seams, that’s where the opportunity lies for our partners around the world. Dell is the infrastructure provider of choice. We are the leader in everything that we provide – right from commercial PCs, to storage, to servers, AI servers – and stitching it all together through the topology upon which we develop those outcomes creates a huge opportunity for our partners. So that’s what gets me really excited about the moment. We’re meeting the moment. Our technology is meeting the moment, our partners are meeting the moment, and we’re working each and every day with those partners to deliver real AI-driven outcomes around the world. And some customers get it – and those that don’t, won’t be here very long. So there is this urgency, and we see that in our demand across the board. And I won’t go into earnings from last year, but you’ve probably seen that the year that we just posted, we’re seeing that come to life in every market. We’re seeing that in Canada, no doubt about it as well. It’s hard not to get excited about it. This is a very special time indeed. Robert Dutt: So the AI Factory – definitely been a centrepiece of the story for the last couple of years, as you point out. When I look at it from the perspective of my audience – from the MSP or the VAR serving mid-market and SMB customers – the massive GPU cluster buildouts feel like they’re kind of happening somewhere else. Can you help me fill in the story for the regional partner who isn’t doing hyperscale deployments and where they fit into the AI infrastructure story at this point? Eric Arcese: It’s a great question. I think that’s a little bit of the elephant in the room, right? The first couple of years, it’s like – yeah, you’re reading about these multi-billion-dollar deals, but where are they happening? And those deals were happening at the hyperscale level. The next question is: when is there enterprise AI adoption? When does a traditional enterprise customer really start embracing AI at every level? And you know what? We’re seeing that now. The trajectory of that growth is accelerating, and it’s terrific to see. To your point, Robert, those first couple of quarters, first year or two – the question was: what about enterprise adoption? And that’s where our partners are incredibly well positioned to make it real. What are the outcomes? What are the use cases? What are the business processes we’re going to focus on to bring that infrastructure to a place where it’s adding real value? The people in that workflow who make that real – that’s our partners. Dell’s partners. Because our partners in Canada are incredibly intimate with the industry, the customer, the use cases, the business priorities – whether it’s in the public or private sector. We’re providing that infrastructure at Dell Technologies, but our partners are making it real because they have that intimacy. They’re pressing the flesh, they’re working with customers each and every day, they know what those priorities are, and they can reconcile where those investments need to be made to help accelerate time to value. So with all of that comes a massive services and consulting opportunity. It’s not just the infrastructure – it’s the value-added services that our partners are building upon that infrastructure. And we’re seeing some terrific practices getting built with our partners around the world. When we work together, we win together, and we’re seeing that each and every day. Robert Dutt: Can you make that just a little bit more concrete for me? What are the consulting-type services you see partners bringing to bear right now – especially for that partner serving, let’s say, a 500-person financial services firm? Just to set an example of a mid-market-type opportunity where there may be an AI Factory angle, but it’s not the hyperscale wheelhouse. Eric Arcese: You know, if you think about it – four or five years ago, you and I would be having this conversation and it would be about a cloud-first model, and then we’d probably evolve into hybrid cloud, using public or private cloud based on the right workload. Now the way we think about it, it’s not a cloud-first model. It’s more around data. It’s the data model. Making sure we have the right data on the right workload, because if you plug an LLM or any AI-driven workload or a GPU behind suboptimal data, you’re going to get suboptimal outcomes. So when we think about where a partner is going to focus – irrespective of the industry, whether it’s public sector, banking, telco, manufacturing – I think starting with a real inventory of what that data topology looks like, and what the business outcome is that we’re looking to achieve. And no matter what industry the customer is from, one quickly realizes they’re all in the data business. Our partners can, number one, do a great assessment of where that critical data is and where it’s living. And number two, marry that data to the right business outcome in terms of what they’re trying to deploy. So I think it really starts with the data, and building practices that understand the workload, the industry, the vertical, and the data – that is key. And that creates a lot of opportunity. We talk about servers, storage, client, PCs, and networking all the time, but that is where that data is going to live, and we’re going to build that AI practice off of it. That initial assessment – where an AI practice starts – all begins with data, Robert. It’s really having that data-informed conversation. And then a lot of this is a change in mindset, in terms of what you’re doing with that data and what the expectations are. Robert Dutt: All right. From one reference architecture to another – talk about the transition from VxRail to Dell Private Cloud. Michael Dell’s been pretty direct about the direction. And I know you have roots going back to EMC, so it might be a bit personal. But for a partner who’s built a real practice, a real business, around VxRail over the last decade – what does that transition actually look like, and where do you see the services opportunity opening up as customers make that move? Eric Arcese: Robert, it’s such a great question. Because for years we talked about converged infrastructure, hyperconverged infrastructure – packaging, which made a lot of sense. You package a pre-architected and engineered system and you deliver it, to drive an accelerated business outcome. Time to value of infrastructure. The industry, with our partners, built a multi-billion-dollar business and a new market that was very well received. Then you wake up a couple of years later and now we’re talking about disaggregated infrastructure with Dell Private Cloud. And one may wonder: wait a second – we thought it was all about putting it all together and delivering it with speed. What’s changed? And I had to ask myself the same question, Robert. What’s changed? Well, the economics of AI have changed. The centre of gravity in terms of what is needed for these AI outcomes has been driven by a huge development – and that development is the GPU. The GPU is the accelerator of all the processing. And sometimes you need more GPU investment than you would need in storage, than you would need in client. You still need them across the board. So when you think about that economic backdrop of AI, the economics lend themselves to a more disaggregated infrastructure where you can dial up storage, server, networking, depending on what is needed for that specific workload, LLM, or AI platform that you’re rolling out. Also – customers want choice. They don’t want to be locked into one hypervisor. Maybe they want to work with Red Hat. Maybe they want to work with Microsoft. Maybe they want to work with VMware – they’re a VMware shop. Maybe they want to work with Nutanix. Allowing customers to have that choice empowers them, but it also creates opportunity for our partners, to your point, Robert. Because our partners are ultimately going to help our shared customers navigate those choices and reconcile those priorities from a hypervisor perspective, to optimize whatever application they’re rolling out. So it’s really about customer choice. And for me, the coolest thing to see is how quickly this has evolved. We’re doubling down on customer choice. Partners earn up to 10% incremental incentives. We’ve really built a program to drive profitable practices around Dell Private Cloud and strengthen and deepen those relationships. So we’re seeing this real shift from pre-packaged hyperconverged infrastructure to disaggregated infrastructure that’s truly optimized and tailored to Dell Private Cloud. Very exciting to see, Robert. Robert Dutt: Pivoting to the device side of things – the AI PC refresh is a significant cycle for the channel right now. For the Canadian VAR or even an MSP selling into the commercial market, what’s the marketing story that you’re giving them to make that conversation land? Especially with customers who are already stretched on IT budgets and might be looking at that three-year-old PC and saying, “good enough to get me through another year.” Eric Arcese: It might be. But it probably isn’t. And it’s not just the productivity benefits you’re going to see with an AI PC – it’s the security requirements that we’re all going to need. Because AI is terrific for the good, but it has also empowered the bad actors to get to where we work every day. Last year was all about the tech refresh from Windows 10 to Windows 11. We still have over 500 million PCs running Windows 10, and enterprise fleets averaging three to five years of age. So customers definitely need to act on that – to bring that AI capability to the edge, but also to meet the security requirements we need to protect that edge from reaching into the core. We started naturally in the data centre in our conversation today, Robert, but that edge – where are you working every day? What are you touching every day? It’s your PC. That’s your workforce. That’s what’s in front of you, whether at work or at home. And there’s just a tremendous opportunity there for our partners. We’re the number one commercial PC provider in the world, and it starts with what’s in front of you each and every day. We’re excited about that opportunity. That hasn’t gone away. We had a terrific CES, and there’s just more greenfield opportunity for our partners in Canada to win with Dell’s PC portfolio. Robert Dutt: Bouncing around a little bit from topic to topic here – you guys made some program changes for 2026, as most vendors are wont to do from time to time. The Titanium incentives probably being the most visible of them, but there’s also this broader “simplified, predictable, profitable” philosophy underneath it. From a marketing standpoint, what’s the message you most want partners to internalize about what Dell is committing to this year? Eric Arcese: One of the things I love about partner marketing, Robert, is the work is never over. And you can appreciate that – you’ve been in the channel just as long as I have. The work of creating a simple, predictable, profitable motion for our partners really never ends, because everything we talked about just keeps evolving. We want to make sure we have a simplified motion – taking friction out of the system. We want to make sure it’s predictable: you know what you’re going to get, you know how we’re going to engage with you. And it’s profitable: you want to make sure that you’re making money working with Dell Technologies in Canada. So we’re doing a lot around demand signals – how do we accelerate what used to be a lead, which is now a demand signal, the outcome of many different predictive analytics and data points on the markets that we serve with our partners. We want to make sure we’re simplifying that lead management and fostering seamless collaboration in that motion. We also want to make sure that from a deal reg perspective, we are managing opportunities together and protecting where our Canadian partners have invested. We want to do all of that to accelerate engagement, simplify processes, and empower our Dell sellers with a smarter and streamlined motion. And then quoting and buying – we want to make sure we are priced to win across the board, and we’re building a modern, partner-centric transaction ecosystem that connects product discovery to order management in one end-to-end platform. You’re going to be hearing more and more about that in the months to come. I think you’ll be at Dell Technologies World with us, so I’m excited to share more there. That mantra of simple, predictable, profitable – that work never ends. We’re seeing the fruits of our labour here and the success we’ve had in Canada over the last couple of years. And we’re really proud of the work that we’ve done. We’re very grateful and humbled by so many amazing partners in Canada that have really doubled down on Dell across the board, across the portfolio. Because when you have a great program that rewards the right investment, and you have wonderful people – I love the alliteration of portfolio, program, people – there’s nothing you can’t do. When we work together, we truly are winning together in Canada. Robert Dutt: To your point that it never ends – it just keeps evolving. You rightly pointed out we’re not too far away from Dell Technologies World, and the Global Partner Summit is a big part of that. There’s been some preview of a new integrated partner experience that sounds like it goes beyond a typical program update. Without asking you to scoop your own announcements – although if you want to, please feel free. Eric Arcese: Ha – I’ll be good. I’ll do my best. Robert Dutt: What’s the problem you’re aiming to solve for partners with this platform approach? What’s the philosophy behind what we’re likely to see roll out in the near future? Eric Arcese: What we talked about – meeting the moment – it is a truly special time. And we want to make sure our partners have the speed to deliver what we collectively need to for our shared customers, and the scale to do it across every market, across every part of our portfolio, across every partner type. What you’ll see at Dell Technologies World – as you always do – is the product of investments we’ve made over not just the year, but over years. From a portfolio perspective, programmatically, you’re going to see how when partners invest and build their practices and businesses on Dell, they will be rewarded. And then you get to spend time with our people who support our partners in Canada and around the world. Not to mention, we have a great time in Vegas, as one always does. So it’s the place to be. We’re a couple of weeks out and we’re seeing the excitement and anticipation building. We have a lot to share at our Global Partner Summit at Dell Technologies World. Robert, I believe you’re planning on being there – we’re looking forward to seeing you and spending time with you as well. And we’re going to have a great representation not just of Canadian partners but the Canadian customers we work so hard serving each and every day. It’s going to be a blast, as it always is. Robert Dutt: You touched a while back on some of the day-to-day operational things that partners tell me they feel the most friction on – not specific to Dell, but across the industry. Deal reg, quoting, lead sharing, the need to do all of that faster at higher scale. Is the vision here to make those kinds of operational experiences meaningfully more autonomous and self-serve? Is AI in the partner platform something partners will feel starting in May, or is that still on the horizon? Eric Arcese: Well, I prefer drinking your own champagne to eating your own dog food – so I’ll go with the bubbly analogy there. But we have very much been, for years now, investing in a very big way in our partner business and the platforms that support those partners. We want to make sure that we’re using an AI-first approach across the board in everything that we do – to take friction out of the system, and to have an AI-first mantra in all we do when it comes to empowering our people and our partners. I look at the AI that we’re investing in to support our partners as a real force multiplier. How do you get the power of the portfolio to our customers? How do you enable our partners to know that portfolio? How do you make sure that when you’re quoting and ordering, you’re doing that in the most efficient way – so that customers aren’t waiting, they’re getting the right configuration at the right time, for the right workload, at the price that makes the most sense, and we’re delivering value? We want partners to be able to deliver that value, because when they do, they grow – and when they grow, it’s good for our partners, it’s good for Dell, and ultimately we’re driving more outcomes for the customers we serve. So you’ll see a lot of that AI in what we deliver from a product perspective, but definitely in how AI supports things like syndicated content, quoting and buying, and all of the programmatic platform upon which our partnerships are built. Robert Dutt: My last question – you touched on 25 or more years in this industry, through the EMC years, through the Dell-EMC merger, and now we’re into the AI chapter. For a partner who’s navigating all of this right now – the infrastructure shifts, the AI opportunity, the evolution of the program – what’s your read on the best opportunity over the next 12 months? Where would you be pointing partners in terms of where to focus? Eric Arcese: Well, if you’re a partner thinking about which relationships you’re going to invest in – with Dell, you have a leader in commercial PCs, a leader in storage, a leader in services. You have the industry heavyweight in infrastructure. And not only that – in a world where we’re seeing some very complicated supply chain dynamics globally, you have the world’s best supply chain supporting you. You have a proven leader that’s committed to partnering in all that we do. And you have tremendous people in Canada there to support you each and every day. So I always think of it this way: if you’re building a business, who are those partnerships you want to create? You want one hand to shake that’s accountable to you, that’s invested in you, that’s committed to you – so that you can deliver on what you’ve promised your customer. With Dell, you have that. And we’re really proud of where we are in the market. This AI moment that we’ve all been afforded is going to create tremendous opportunity – and I couldn’t be more excited about it. Not just for the partner businesses we support, but for the outcomes and problem statements that we’re going to be able to address that we haven’t even fathomed yet. Transformative outcomes across every industry we serve, both public and private. So I’m really excited, Robert. And if I’m a partner, those are the types of things I’m thinking about and why working with Dell is a great bet. And hopefully we’ll all be making that bet in Vegas in May at Dell Technologies World – because that’s what you do in Vegas. You make bets. But it’s an easy one to make with Dell Technologies every day. Robert Dutt: Great point to leave it on. I look forward to catching up at Dell Technologies World and hearing more of the story there. Eric, thanks so much. Eric Arcese: Thanks so much, Robert. I really enjoyed our time together. Much appreciated. There you have it – Eric Arcese from Dell Technologies. I’d like to thank Eric for his time, and of course, thank you for listening today. If I had to pull three things out of the conversation for the Canadian partner to sit with, here’s what I’m thinking. First – the AI Factory framing. Eric described looking at the AI Factory topology slide and seeing the gaps, the seams between the components, as the partner opportunity. The hardware is Dell’s story. The services layer, the data work, the integration, the outcomes – that’s where partners play. If you’re trying to figure out what the AI infrastructure wave actually means to your practice, that’s a useful lens. Second – the VxRail transition. If you’ve built a practice around VxRail, Dell’s message is: the path forward is clear. The hypervisor choice you’ve made is preserved. The economics of the new platform make sense, and there are meaningful incentives to help you build out a Dell Private Cloud practice. The transition is underway and getting ahead of it matters. Third – the AI PC refresh is a security story as much as a productivity story. There are still around 500 million PCs running Windows 10, many of them three to five years old, sitting at the edge of the network while AI is making the threat landscape more sophisticated. For MSPs already in the endpoint security conversation with their customers, that’s a more powerful entry point than “it’s a faster laptop.” And of course – Dell Technologies World, May 18th to 21st in Las Vegas. The Global Partner Summit is the anchor event for partners, and based on what Eric was hinting at around the integrated partner experience and changes to quoting and deal registration, it’s worth watching closely whether you’re going or not. If you found this useful, follow or subscribe to the In The Channel podcast wherever you get your podcasts – we’re on Apple Podcasts, Spotify, YouTube, and most major directories. A rating or review is always appreciated if you’ve got a minute – it genuinely helps. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: Hewlett Packard Enterprise expands software channel push: Hewlett Packard Enterprise is doubling its dedicated sales team to drive its Hybrid CloudOps software portfolio through the channel. According to CRN, Rocco Lavista, vice president and general manager of worldwide Hybrid CloudOps software sales at HPE, noted that rising global memory prices and the resulting hardware cost pressures are actively driving demand for virtualization alternatives like VM Essentials. For Canadian MSPs and VARs grappling with supply chain volatility and tightening server margins, the vendor’s expanded software push offers a potential pivot point to maintain profitability through higher-margin recurring revenue streams. AvePoint and Omdia research highlights AI governance gap: AvePoint and Omdia have released new global research indicating that governance and compliance, rather than technical capability, represent the primary barrier to AI monetization. Based on a survey of over 300 MSPs, 51 percent cited governance as the main obstacle to customer AI adoption. The report highlights a significant execution gap: while 94 percent of respondents are committed to AI readiness, only 43 percent report high maturity in their service delivery. As Canadian solution providers face increasing data sovereignty requirements, the research suggests that packaging AI governance as a standalone service is a viable path to capturing a share of a market Omdia projects will reach $276 billion by 2030. ESET tracks cyber insurance influence on the channel: Security vendor ESET has published its 2026 SMB Cyber Readiness Index, highlighting the growing influence of cyber insurance underwriters on the managed services landscape. The report found that 78 percent of Canadian small and medium-sized businesses now carry cyber insurance, with insurers increasingly mandating specific security controls. Among Canadian SMBs that outsource their security, 27 percent are now bypassing traditional providers to use a cyber insurer offering Managed Detection and Response (MDR) services. For the Canadian channel, the data underscores a critical shift: insurers are setting the baseline, and MSPs must integrate advanced monitoring capabilities to prevent clients from migrating to insurer-provided solutions. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Thursday, April 23, 2026, and here’s what’s happening in the channel today. Hewlett Packard Enterprise is doubling its dedicated sales team to drive its Hybrid CloudOps software portfolio through the channel. According to Rocco Lavista, vice president and general manager of worldwide Hybrid CloudOps software sales at HPE, the vendor is actively working to accelerate partner attach rates for its software suite. Lavista recently noted that rising global memory prices and the resulting hardware cost pressures are actively driving demand for virtualization alternatives like VM Essentials. For Canadian MSPs and VARs grappling with supply chain volatility and tightening server margins, the vendor’s expanded software push offers a potential pivot point to maintain profitability through higher-margin recurring revenue streams. AvePoint and Omdia have released new global research indicating that governance and compliance, rather than technical capability, represent the primary barrier to AI monetization for managed service providers. Based on a survey of over three hundred MSPs, fifty-one percent cited governance as the main obstacle to customer AI adoption. The report highlights a significant execution gap: while ninety-four percent of respondents are committed to AI readiness, only forty-three percent report high maturity in their actual service delivery. As Canadian solution providers face increasing data sovereignty and privacy requirements, the research suggests that packaging AI governance as a distinct, standalone service may be the most viable path to capturing a share of a market Omdia projects will reach two hundred and seventy-six billion dollars by 2030. Security vendor ESET has published its 2026 SMB Cyber Readiness Index, highlighting the growing influence of cyber insurance underwriters on the managed services landscape. The report found that seventy-eight percent of Canadian small and medium-sized businesses now carry cyber insurance, with underwriters increasingly mandating specific security controls as a condition of coverage. Among Canadian SMBs that outsource their security, twenty-seven percent are now bypassing traditional providers to use a cyber insurer offering Managed Detection and Response services, while thirty-eight percent remain with a traditional MSP. For the Canadian channel, the data underscores a critical shift: insurers are actively setting the security baseline, and MSPs must integrate advanced monitoring capabilities to prevent clients from migrating to insurer-provided solutions. Later today on In The Channel, my conversation with Eric Arcese, vice president of global partner marketing at Dell Technologies, discussing the AI Factory, VxRail’s evolution, and what’s ahead. And if you haven’t heard it yet, be sure to check out yesterday’s chat with Rewst founder Aharon Chernin on building the automated MSP. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening.
Aharon Chernin, founder and CEO of Rewst Aharon Chernin has been building technology specifically for MSPs for more than twenty-five years – including founding Perch Security, which ConnectWise acquired in 2020. His next venture was Rewst, a workflow automation platform purpose-built for managed service providers, now serving over 1,500 MSPs. The founding insight: automation was the foundational promise of managed services, and the tools had never lived up to it. In this conversation, Chernin draws the distinction that frames everything else: there’s a difference between an MSP that does automation and an automated MSP. One is a project. The other is a culture. Success, he argues, is one hundred percent cultural – the person who writes the cheque and the engineer who builds the workflows both have to want it, or it stalls every time. We dig into where AI fits in the MSP operational stack, and why treating AI and automation as interchangeable leads to bad decisions. The Chernin framing: AI thinks, automation acts. Without a connected execution layer like Rewst’s RoboRewsty AI Workflow Builder, AI can only advise. We also get into the governance model – approval gates, trust levels, and the balance between cyber risk and business risk – and the MCP Server architecture enabling genuinely agent-driven MSP operations. Chernin shares numbers from three Canadian MSPs on the platform – Resolved IT, Ideological Systems, and Yardstick – and walks through how to calculate the real economics of automation investment beyond simple time savings. He closes with a practical roadmap for any MSP owner who wants to get serious in the next six months: get out of firefighting mode, find your automation champion, start small, and do not wait for perfection. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. If you’ve been following the conversation around AI and MSPs over the last year or two, you’ve probably noticed that a lot of it is pretty fuzzy. AI is going to transform your business. AI is the future of service delivery. AI this, AI that – but not a lot of specificity about what it actually means for the way an MSP runs its operations day to day. My guest today has been building technology specifically for MSPs for more than twenty-five years. He founded Perch Security, which was acquired by ConnectWise back in 2020, and then turned around and founded Rewst, a workflow automation platform built from the ground up for managed service providers. Rewst now has over 1,500 MSPs on the platform, which means he has a pretty clear view of where the channel actually stands on automation – not where vendors wish it stood, but where it actually is. We talk about the difference between an MSP that does automation and an automated MSP, and why that distinction matters more than any specific tool. We get into why AI and automation are not the same thing, and why confusing them leads MSPs to make bad decisions. And we look at what the operational stack of an MSP actually starts to look like as AI moves from advising on workflows to generating and executing them. Aharon Chernin is the founder and CEO of Rewst, and he’s been thinking about this a lot longer than most. Let’s get right into it. My chat with Aharon Chernin. Aharon, thanks for taking the time. I appreciate it. Aharon Chernin: Nice being here. Robert Dutt: Rewst isn’t your first time building specifically for the MSP market. You come out of Perch Security, acquired by ConnectWise. What did your time inside ConnectWise’s world teach you, and was Rewst a direct response to something specific you saw from there, or from the community there? Aharon Chernin: I was actually only at ConnectWise a couple of months. Really, the Rewst idea came from working with MSPs for years while I was doing Perch. I was learning more and more about how MSPs operated. I saw the tools they were using, the problems they were having. And, mind you, this is the era circa 2017-18, and they’re using tools called PSAs – professional services automation – that didn’t really automate anything. It had me scratching my head: what’s going on here? But then I just continued moving forward because I had security stuff going on. And then there were RMM tools called Automate, and I was trying to figure out what these things actually automated. It was just endpoint stuff, right? But there’s so much more than just an endpoint. And then I saw a bunch of single-point solutions – software products out there doing a single automation, not even calling it an automation, just calling it a software product. So once I had the opportunity after Perch, I went and started investigating what were these quirks in the market I was seeing, because automation is much, much bigger than what the market actually thought it was. Robert Dutt: Well, and it’s for so long been one of the key premises of managed services – the idea of automate everything you can towards success. So it’s interesting to hear those observations. You’ve got the platform now with 1,500 or more MSPs on it – you probably have a better view of the real state of automation adoption in the channel than almost anyone out there. How would you honestly characterize it today? Is this a story of meaningful progress from the scenario you saw back in your Perch days, or is it still pretty early for many MSPs? Aharon Chernin: It’s still the beginning. We only have 1,500 MSPs. And how many MSPs are there – depending on who you talk to, 60, 80,000. We only have 1,500 of them. So in my mind, these are all early adopters in automation. But when it comes to what adoption actually looks like in an MSP that successfully automates, it’s cultural – 100%. If you look at cybersecurity – Perch was a cybersecurity company – you’d be looking for the correct size MSP that focused on security to resell through. But when it comes to automation, every size MSP needs to automate – small and big. And we’re actually seeing that. We see really, really small MSPs automate and really, really big MSPs automate. And we’ve also seen both those sizes fail. The number one reason they succeed is culture. The buyer – the buyer could be the CEO of the MSP, or a director of managed services, whoever can write a cheque – that person has to want to automate. And the engineer who’s actually going to do the automation, they have to want to do it too. If the buyer wants to automate but the engineer doesn’t, it’s not going to work. If the engineer wants to automate but the buyer doesn’t, it’s not going to work. And that cultural thing extends further than just the want. The CEO of the MSP should be running around saying, “I want to be an automated MSP,” and excited about it. If they’re not excited about it, they’re going to be a part-time automation MSP. The way I like to say it is: you’re either an automated MSP, or you’re an MSP that does automation. Robert Dutt: What do you find helps flip the switch from one to the other? What is it that gets those teams that are either misaligned or not aligned at all to get things lined up and moving in the right direction? Aharon Chernin: It’s really an open line of communication between the buyer and the person implementing. Because if the buyer has an automation idea – just one, a single simple basic thing that would save the company time or help improve service delivery reliability – and that engineer performs that small automation, and they talk to each other, and the engineer says, “Yes, it’s running. Yes, it runs fifty times a day. We’ve saved eight hours today running this automation” – and that actually gets back to the person who writes the cheque – there is alignment. The tide has turned. Suddenly the MSP says, “How do I dedicate more people to helping automate this business?” It’s a matter of getting that first win and getting it in place. Robert Dutt: There’s a lot of talk, obviously, about AI. And Canadian MSPs are being sold a lot of things that blur the line between AI and automation. You’ve talked about that distinction – the idea that AI thinks and automation acts. Can you expand on that? Because I think getting that framing right can help change how MSPs make decisions and think about how they’re structuring things internally. Aharon Chernin: AI can’t touch anything by itself. This goes back to: AI thinks, automation does. Take ChatGPT, for example. ChatGPT is not an AI. ChatGPT is a tool on top of AI. The AI is GPT. The tool is Chat. So just having AI gives you a lot of answers to a lot of questions, but nothing gets done. You need the tool on top of the AI. I can’t think of an easier way to define it than that. There are an infinite number of possibilities of what you can do with a tool that leverages AI. Robert Dutt: So you guys have RoboRewsty now. You’re moving from AI that guides building workflows to AI that generates those workflows. That sounds incremental, but to your point on thinking versus doing, I suspect it’s more significant than that. What actually changes for an MSP team when anyone in the org can describe a workflow in language that’s natural to them and have it built for them, rather than having to go back to that one person who knows how to build out the automation? Aharon Chernin: AI is easier to understand than even that. We need to think of it as just another employee. Now, depending on how much the business trusts that employee is how much governance we’re going to put around that employee. If there is one hundred percent trust, it gets free will and can run freely. If there is zero to ten percent trust, every step of the way needs to be gated by a person. But there’s a balance. One of the funny things about cybersecurity is everyone looks at the cyber risk side of the equation, but no one looks at the business risk. The business risk of having zero trust in your AI means all the other MSPs can surpass you. You need to balance business risk and cyber risk. It’s never one hundred percent cyber risk, or your business won’t move forward. How do you put people in the middle? When you tell the AI to build the automation, you require approval gates along the way. And the AI will build in those approval gates for people to get in the way of automation and approve or deny things. That solves the problem of the AI acting fully independently. Robert Dutt: You’ve announced an MCP server that lets external AI agents trigger Rewst automations directly. That feels like a pretty big architectural shift toward that AI-doing side of things – toward operations that are genuinely agent-driven rather than just automated. What does that look like in practice today, and where do you see that going over the next couple of years? Aharon Chernin: I see three main agent use cases. But if we sit back and think, “Where does this MCP server fit in?” – in my world, in my vision, when I create products, I have to try to predict the future. Because it takes time. If I create a product for what’s needed right now, by the time it gets done and goes to market, it’s already a bad idea. In the future, people will be interacting with agents, not with the user interface of any product – a PSA, an RMM, maybe even an operating system. When you think that way, without a capable MCP server in front of your product, you’re forcing people to always log into it. If everyone is in Claude Code all day long and you’re the one product they have to pop out of Claude Code for, that’s not good. I don’t want to be there. And for folks who want more approval controls in an automation process – what’s cool about using Claude Code to interact with the Rewst platform is you can put requirements in your Claude Code, in your AGENTS.md file, for example, to be enforced however you want them enforced on your side. Which is pretty neat, in my opinion. As far as the three major use cases for agents: I immediately get brain-fried when someone asks what an agent-driven MSP of the future looks like, because I think – what agent are they talking about? I really see three specific, distinct agent implementations that an MSP could ever have. One is an agent that they build for their customers that just does customer-centric business things. That’s not something the MSP would run internally – that’s something they want their customer running. Then they may want an agent that the customer uses to interact with the MSP – “Hey, I need to add a new user,” for example. That may launch Rewst automations, because it’s just an agent – it’s just AI, it can’t go do those things on its own. And then the third type is the agent that an engineer uses at the MSP itself, because that agent is going to have more privileged access and communicate in a much more technical way than you’d want to present to a client. Robert Dutt: How do you see those rolling out in terms of timeline? My first assumption would be that you build the internal side first – get the side the engineers are working with up and running, learn from that, then start building out the customer-facing side, and finally toward the end-user type stuff. Aharon Chernin: You always eat your own dog food first. It’s got to be useful for you. If you’re just doing it to say you’re doing it, you won’t be able to sustain it. It won’t scale. I would have your help desk and your engineers doing simple things first. I love the owner-operators that have grand visions of their AI-automated futures, because those are the ones who are going to succeed. The one downfall they may have is they won’t settle for anything other than that grand vision – they work on the most complex thing first. Or they get a ton of small wins under their belt and never go for the big win because the big vision feels too far away. So: keep it small initially. Eat your own dog food. Get really good at it. Then move bigger successfully internally. Then maybe the next step is the agent the customer uses to interact with your business – do the same thing, start small, then go big. The agent the MSP builds for their customers’ businesses is the toughest. Not because it’s technically challenging – it’s tough because the MSP has to go learn how that customer’s business actually operates. And if you want your agent to provide value, you’re going to have to do that work. Robert Dutt: That’s a chance to really test the “trusted advisor” theory out and get real about it. Aharon Chernin: Exactly. Robert Dutt: Let’s talk about the economics of this. Especially as a Canadian MSP – we’ve got a smaller talent pool, cross-border salary competition, the Canadian dollar. The headcount argument for automation is particularly acute here. Where does break-even actually land? What does an MSP need to have in place before this really starts to visibly move the margin needle? Aharon Chernin: You start with understanding the economics of automation. The most basic is: how much time will you save? And even the definition of saving time can be less obvious than you’d think, because saving time might mean “I don’t do this work today” – so how do you calculate that? Well, one of those savings is: will it reduce churn? How much time does it take to go get a new client? Then you realize, oh, there is a time savings there. Or it may not save time, but it improves service delivery reliability. How much time do you spend each month on ticket re-dos because they were done wrong the first time? And some of these savings are security-related. If you can take away privileged access from your lowest-level help desk because automation handles those tasks instead, how much does an incident cost you each month? The next big thing is understanding the cost to build an automation. We’ve dramatically reduced that over the past three months through RoboRewsty – you just describe an automation and it goes and builds it for you, then runs, tests, and fixes it. It could save you roughly ninety percent of the build time. Just like writing code with Claude Code saves you a lot of time building software. So: you’ve got an automation idea. It costs you four hours to build and saves you 400 hours a month – you break even really, really quickly. You have an automation that takes four hours to build but only saves you thirty minutes a month – do you still build it? Yes. Because automation is not a one-month profit thing. It builds off itself each and every month. And that’s when you start to realize: maybe I do start small, because the big grandiose ideas might save you ten hours a month but take you a hundred hours to build. We’ve got a couple of Canadian partners who’ve had great success and are okay with me naming them. Resolved IT: last month they did 420,000 tasks and saved fifty-nine hours – 1,800 endpoints. Ideological Systems: 28,000 tasks, forty-five hours saved – 750 endpoints. And Yardstick: 744,000 tasks, 327 hours saved – 6,500 endpoints. Just some numbers for you. Robert Dutt: That’s certainly some solid data. You’ve talked about where you’re at now with RoboRewsty. Can you share a little about where you see things going in the short term – in terms of the direction of the technology and how you’re automating processes? Aharon Chernin: I feel like I’m more of a future predictor than a startup founder. AI is both scary and exciting at the same time. It’s a huge opportunity for everybody – for MSPs, for vendors that serve MSPs. But it’s also super scary because it’s a disruptor. It could disrupt MSPs, the vendors that serve them, and their customers’ businesses. You have to take risks in how you predict what’s coming. But I really do think the user interface for people is going away, and that the primary user of all products will be AI. That’s where the world is going. Think about that – how does that change how an MSP operates? Look at the tool stack MSPs use today. Is your PSA built for people, or is it built for AI? It’s going to be interesting. Never a dull moment in this industry. Robert Dutt: Last one for me. If I’m an MSP listening to this and being honest with myself about where I’m at in my automation and AI journey – what’s the one thing that most of them should be doing in the next six months that most of them aren’t? Aharon Chernin: Starting at a really high level: you’re a business owner. I’m a business owner. I understand how hard it is to get out of firefighting mode. It’s hard to see thirty days out. There’s so much going on – happy people that want to talk to you, unhappy people pulling you aside. You have to spend some time thinking beyond thirty days. You can’t ignore what’s coming with AI and automation, because there is going to be an MSP that doesn’t ignore it. The next level: come up with an automation idea. As the owner of the MSP, that’s the most valuable automation idea that will ever get identified, because it’s coming straight from the business – not from a random engineer with a random problem. That engineer can go automate something and make their job better, but you may never know about it and it may never impact the business. Come up with an automation idea. If you find that easy, come up with more. Having the ideas is half the battle – not even having a product. Just start writing them down. Next: identify someone in your organization who will become the automation champion. As fast as tech is moving, it may not have to be a super technical person, because they’ll be able to talk to an agent to make the automation happen. But if it were me, I would still pick who I think can automate the best. Go to your team and say, “Who wants to automate?” and pick the hand-raiser. That’ll also help with alignment. Once all that’s done, you’re finally ready to look at automation solutions. Learn everything you can – we have Cluck U, our certification program, get certified in automation. Then build that simple automation as quickly as possible and get it into production. Do not wait for perfection. If you’ve got a ten-step process that takes a hundred minutes, and you only automate nine steps, you’re still saving ninety minutes. Why wait for the last step to get that win? And then we’ve got a conference called Flow – an automation-focused conference for MSPs. The coolest thing about it is that everyone there is an MSP that wants to become an automated MSP, not just one that wants to do some automation. This is our third year. First year we had about 120 people, second year over 300, and this year I think we’ll have 500. It’s in Nashville, June 23rd. Check it out at mspflow.events. Was I allowed to plug that? Robert Dutt: I think you’re good. Aharon Chernin: Sounds good. Robert Dutt: Aharon, I appreciate you taking the time and giving us a view of where automation’s at and where it could be going. Thank you. Aharon Chernin: Thanks – it was nice chatting. Robert Dutt: There you have it – Aharon Chernin from Rewst. I’d like to thank Aharon for his time today, and thank you for listening. A couple of things I’m still thinking about from this conversation. The framing that stuck with me most is the distinction between an MSP that does automation and an automated MSP. It sounds like a subtle difference, but Aharon’s point is that one is a project and the other is a culture – and only one of them actually compounds over time. If automation is something your team does when they get around to it, rather than something that’s baked into how the business operates, you’re probably not going to get the return you think you are. The other thing worth sitting with is the governance question. As AI moves from helping you build workflows to actually generating and running them, the trust model has to evolve with it. The new employee analogy Aharon used – starting with limited access, expanding trust as it earns it – is a practical framework for MSPs who are trying to figure out how much autonomy to give AI in their stack right now. And for any Canadian MSPs listening – the data points Aharon shared from Resolved IT, from Yardstick, from Ideological Systems – those are real Canadian shops with real numbers. The economics of automation are compelling anywhere, but they’re particularly compelling here, given our labour market realities. If this episode was useful to you, the best thing you can do is subscribe to or follow the ChannelBuzz.ca podcast wherever you get your podcasts. We’re on Apple Podcasts, Spotify, YouTube, and most major directories. A rating or review goes a long way and is always appreciated. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: Salesforce launches FDE Partner Network: Salesforce is dedicating 50 million dollars to its new Forward Deployed Engineering Partner Network, providing partners with the same training and direct product team access as internal staff. According to Nick Johnston, senior vice president of partner sales, the program is designed to help partners build and monetize their own agentic AI practices on the Agentforce platform. For Canadian MSPs and consultants, the initiative presents an opportunity to transition from selling software licenses to delivering higher-margin advisory and managed services. Cisco reinstates compute deal registration: Reversing a decision from late February, Cisco has officially reinstated its compute deal registration differential. The initial elimination, driven by rising memory prices, effectively removed roughly eight points of margin on server deals, causing friction within the channel. In a communication to partners, Cisco’s Tim Coogan confirmed the discount restoration, though the tightened seven-day quote protection window remains. The move restores critical profitability and margin predictability for Canadian partners navigating ongoing supply chain volatility. CloudCapsule debuts Manage module: CloudCapsule, a security platform launched by former Pax8 leaders and MSP owner Nick Ross, has introduced its Manage module. The solution extends Microsoft 365 security management into a unified workflow, bringing assessment, remediation, and reporting into a single pane of glass. For Canadian MSPs struggling with fragmented toolsets, the platform reduces administrative overhead and automates the reporting process, providing tangible proof of security outcomes to justify recurring revenue. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Wednesday, April 22, 2026, and here’s what’s happening in the channel today. Salesforce has launched a new Forward Deployed Engineering Partner Network for Agentforce, backing the initiative with a 50 million dollar investment in agent-building incentives. According to Nick Johnston, senior vice president of partner sales, the software vendor is committing to provide channel partners with the same training, tools, and direct product team access that its internal staff receives. The program is designed to help partners build their own agentic AI practices and push beyond basic implementation. For Canadian MSPs and consulting partners, the initiative signals a continued shift away from selling software seats toward delivering measurable business outcomes. As AI deployments become more complex, partners who can demonstrate real-world results will be positioned to capture higher-margin advisory and managed services revenue. Cisco has officially reinstated its compute deal registration differential, reversing a controversial decision made in late February. The networking giant had originally eliminated the discount in response to rising memory prices and supply chain volatility. According to partners, that move effectively erased roughly eight points of margin on server deals, causing friction and prompting some to look at competing infrastructure vendors. In a recent communication, Cisco senior vice president of global partner sales Tim Coogan confirmed the discount restoration for registered compute hardware deals, though the tightened seven-day quote protection window remains in place. For Canadian IT solution providers, the reversal is a necessary correction that restores critical margin predictability, allowing partners to confidently quote hardware projects in an unpredictable supply chain environment. A new security platform built by former Pax8 leaders and an experienced MSP owner is making its official debut this week at the Kaseya event. CloudCapsule, led by CEO Nick Ross, is launching its Manage module, which is designed to help managed service providers assess, remediate, and demonstrate security outcomes within a single workflow. The solution extends Microsoft 365 security management into a unified system, addressing the ongoing problem of fragmented tools and manual reporting. For Canadian MSPs, operational consolidation is becoming increasingly essential. Proving the value of security services to clients is a persistent challenge, and a platform that automates the reporting process can help reduce administrative overhead while providing tangible proof of security posture improvements to justify recurring revenue. Later today on In The Channel, we have a conversation with Rewst founder Aharon Chernin. We will be talking about building the automated MSP, and how AI thinks while automation acts. It is a deep dive into where the service delivery model is headed. And if you haven’t heard it yet, make sure you check out yesterday’s episode featuring Jennifer Roy, CEO of Nucleus Networks. We had a great discussion on maintaining culture while scaling a national presence, and what private equity really looks like from inside a Canadian MSP. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening.
Jennifer Roy, CEO of Nucleus Networks Jennifer Roy knew she was underqualified for her first job in managed services. She applied anyway — and she’d tell you that discomfort is kind of the point. Now CEO of Nucleus Networks, the Vancouver-based MSP that now operates across Victoria, Prince George, Calgary, and Toronto, Roy joined the company as COO in 2021 and stepped into the top job in January 2024, taking over from founder-era CEO Martin DesRosiers. Nucleus was recently named to the CRN MSP 500 Pioneer 250 — the SMB-focused tier of CRN’s annual managed services ranking — and Roy was named CEO of the Year by The Channel Company. In this episode of In The Channel, Roy talks about what a non-technical leader brings to an MSP that a technical founder sometimes can’t, including a willingness to ask basic questions and a genuine orientation toward service over infrastructure. “We’re delivering customer service,” she says. “We’re just doing it through technology.” She gets into the practicalities of scaling across Canadian markets. What breaks when you grow beyond your home city, how vertical specialization in architecture and construction, legal, and mining shapes hiring and delivery, and what it means to maintain culture at 80-plus employees across five cities. Roy is also one of the more honest voices you’ll hear on what life inside a PE-backed platform actually looks like. Nucleus is part of Lyra Technology Group, the Evergreen Services Group portfolio of MSPs. She’s specific about what that relationship delivers — a six-hour cross-portfolio hire, proprietary tooling shared from a sister company, a peer network that can produce a Linux specialist or boots on the ground in Australia on short notice — and honest about what it took to get comfortable operating within that structure. On AI, she’s practical rather than promotional: automated client reporting built around her own communication style, a shadow AI mitigation campaign that turned a risk conversation into a client engagement opportunity. It’s a wide-ranging conversation, and a genuinely candid one. Read Full Transcript Robert Dutt: Hello and welcome to In the Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. My guest today is Jennifer Roy, CEO of Nucleus Networks, a managed service provider based in Vancouver that now operates across five Canadian cities. Nucleus was recently named to the CRN MSP 500 Pioneer 250 list, and Jennifer herself was named CEO of the Year by The Channel Company in 2024. What I find really interesting about Jennifer’s story is that she didn’t come up through IT. She had no technical background when she took her first MSP job about 15 years ago. She worked her way from service manager to COO to CEO, and along the way built her reputation for people-first leadership and culture building in an industry that doesn’t always prioritize those things. We’re going to talk about what it actually looks like to scale a Canadian MSP nationally, how she thinks about hiring and culture when one wrong person can undo years of work, what it’s like operating inside a PE-backed platform like Lyra Technology Group while keeping your own identity, and where she sees AI fitting into the MSP business model right now. Let’s get right into it. My chat with Jennifer Roy. Robert Dutt: Jennifer, thanks for taking the time. I appreciate it. Jennifer Roy: Thank you so much for having me. Robert Dutt: You’ve talked openly about the fact that when you got your first job in the MSP world, you didn’t know what most of the acronyms in the job description meant — and that’s something I can relate to. I don’t know if you remember or know Nick Tidd, who led 3Com Canada and has gone through a variety of channel roles. But when I was a young reporter, he took me aside and said, “The thing you have to watch for in this industry is the TLAs.” I didn’t bite on that, and it was a great joke at the time. But anyway, the point being — you didn’t come in as a technician. What made you apply anyway? What do you think being a non-technical leader brings to an MSP that someone who has that technical background might not? Jennifer Roy: Great question. When I started in this industry — and I’m going to age myself here — close to 15 years ago, I was working in a quasi-government job and I had gone on maternity leave. I had come back from having my daughter and realized that I was underutilized and really bored. It just wasn’t a fast enough pace for me to feel fulfilled every day. So I had gone to my manager, who was also a good friend of mine, and said to her, “I think it’s time. I’m going to start looking, and I want you to know — I want to be really upfront and clear — that you’re going to lose me likely sooner than later because I’m going to start looking for a new role.” She was so incredibly supportive and said to me, “I’ve got this tech company that’s looking for a service manager. They’re looking for someone to come in and help with their operations. Is it maybe something you want to explore?” I said, “Well, send me the job description and I’ll take a look.” I looked at the job description and I didn’t know any of the acronyms. I didn’t know what ITIL was. I didn’t know what a SAN was. I didn’t know VPN. I didn’t know any of these things. I said to her, “I’m vastly underqualified for this position.” She said, “I know the consultant that’s helping them hire — I think you should at least have a conversation.” I thought, “Okay, what’s the worst that’s going to happen? I apply for this job and don’t get it?” So I applied, and it happened to be the legend Chris Jay’s MSP. They interviewed me — I met with Todd Kane and Chris Jay throughout the process, had a couple of interviews. Really, what they were looking for was somebody who wasn’t going to think from a technical perspective, but look at things from a client perspective and a coaching and leadership perspective — which were tools I had. So I took a leap of faith, and they also took a leap of faith and hired me to run their service desk. I think it was a very unique experience, something I didn’t think I was capable of doing. But I’ve always been a big believer that growth happens when you’re uncomfortable. So I made myself really uncomfortable taking a position I was massively underqualified for — and then 15 years later, this is where I’m at. The piece that I think I offer that’s different than technical leaders is I always look at things from that client perspective. My CTO is really great at finding unique technical solutions. But my first question is always: how does that impact our people? Not just our clients, but our team. Is it going to be a positive benefit for them? So I think that’s what I bring that’s different. Robert Dutt: You joined Nucleus as COO in late 2021 and took over as CEO from Martin DesRosiers in 2024. He’d been in the chair for a decade and built a lot of what Nucleus is. What was it like stepping into that? What did you want to keep, and where did it feel like you needed to put your own stamp on things? Jennifer Roy: Big shoes to fill for sure. I was hired in late 2021 as Chief Operating Officer — operations has been my background forever, so it was a really comfortable position to come in and kind of become Martin’s right hand. I looked at all of Nucleus’s operations. Nucleus had done an incredible job of building their brand and their business, but coming in with a fresh perspective, I was able to optimize a lot of their KPIs and processes and procedures. I had a lot of fun restructuring operations when I first joined. In January of 2024, when Martin asked me to take over as CEO as he elevated up to our parent company, I was definitely nervous. One, I had never been a CEO before. Two, I was stepping into these huge shoes. And then also — the elephant in the room — I’m a woman CEO of an MSP and there’s not a lot of us. So I was also mindful of the fact that I had to live up to that standard as well. Some of the things Martin had done for the last decade I kept, because don’t change what’s not broken. But I also wanted to put my stamp on things. I used that opportunity to make changes that we probably should have made but had stayed comfortable on. I’ll use a really simple example: we were a Microsoft shop, but we used Slack as our main messaging platform. I said, “Why do we have two? This doesn’t make sense.” Everyone was really comfortable with Slack and loved it, but it was a good way for me to say, “With new leadership comes new changes. We’re a Microsoft shop — we need to eat our own dog food. We’re getting rid of Slack.” So I made some small changes, and that really wasn’t just to put my own stamp on things — the timing just made sense. New leadership, some changes we probably should have done a long time ago. I also did a reorg and changed the reporting structure, moved some leaders into different roles I thought they were better suited for. I moved our Director of Client Success into a VP of Operations role because I didn’t backfill my COO position — I just elevated him and put him into a role he can now grow into. Robert Dutt: Let’s talk expansion. Nucleus started in Vancouver and now has offices in Victoria, Prince George, Calgary, and Toronto. For MSP owners listening who are thinking about expanding beyond their home market — what did you learn about scaling a company across cities, and what broke along the way that you had to fix? Jennifer Roy: Scaling across cities is challenging. Anyone who has done it with ease, I would love to learn from. It is hard to get penetration in a market you are not currently in. Building that brand awareness and reputation is difficult unless you have an anchor client that’s really helping you with referrals. Finding talent in a new city, building brand awareness in a new city, getting new logos — a lot of what MSPs sell comes down to trust. You’re asking someone to buy recurring services. This is not a one-time transaction. It’s a recurring relationship, which means you really have to have that trust. It’s harder when you’re an unknown presence. In Vancouver, we have a ton of legal clients. I can sign legal clients much easier here because I can name-drop those other clients. When we move into a new market, I don’t have that big group of logos to point to. The biggest lesson I’ve learned is that you need to be prepared to make an investment when you go into a new market. You need to be prepared that you’re not going to sign new clients before you hire staff and before you get marketing spend going in that area. You really have to be prepared to take a loss before you start to see the rewards. If you haven’t budgeted to lose money to expand, then you’re probably not prepared to do it. Robert Dutt: You touch on the legal vertical, and you’ve built real depth in a number of verticals — in architecture, in construction, in legal, and in very Canadian style, in mining. How deliberate was the choice to specialize, and how does vertical focus change the way that you hire, sell, and ultimately deliver those recurring services? Jennifer Roy: We started in architecture, engineering, and construction. Nucleus’s founder was an engineer by trade who was really handy with computers and ended up branching and developing Nucleus from that. So AEC is where we started. For a long time, the majority of our clients were in that vertical. Then we started to layer in nonprofits and expanded from there — so now, as you mentioned, mining, legal, nonprofits, and AEC are our biggest verticals. Although if you ask me, “Do you have a client in hospitality?” Yes. “Manufacturing?” Yes. We’re really vertical-agnostic, but we hire sometimes based on skill set for a specific vertical. If you’re hiring someone for an architecture and engineering firm, someone who knows AutoCAD is probably going to be helpful. Or if you’re hiring in our legal pod — because we do everything through pods, so we have a pod that supports most of our legal clients — knowing PC Law or Easy Law and being able to troubleshoot errors with those line-of-business applications is going to be super helpful. One of my account executives has a background working in marketing at law firms and is well connected in that space. He is my go-to to sell agreements at law firms because he understands lawyers, he understands their assistants, he understands what’s important. He understands why if you can’t print a document, that’s a crisis at a law firm in a way that it might not be at a marketing agency. So we try to hire looking at where those skills will come in handy for the verticals we mostly support. Robert Dutt: You’ve said that people-first leadership isn’t just a slogan — not just a poster on the wall — it’s a daily operating philosophy. And I think that makes sense given the operational lens you come from. You’ve also been pretty candid about being a Type A personality who’s had to learn to delegate and trust as you move through the ranks. For MSP owners who hear “culture” and think it sounds soft — what does people-first actually look like operationally at Nucleus, and what changed in the business when you leaned into it? Jennifer Roy: People-first to me really means that you make decisions that are going to be the most impactful for your team. Because if you take care of your people, they take care of you, and they take care of your clients. So things like investing in training and development, having better-than-average benefits, better-than-average vacation, better-than-average pay — those are the things that keep people, and you protect your culture like nothing else. I hire by our core values. I fire by our core values. I am so particular about who we let join the team. A warm body is not good enough. I would rather have a vacancy for six months than hire the wrong person, because one toxic person can ruin everything you’ve built. We’re a remote-first company. The majority of our people work remotely — that makes it a challenge to build camaraderie. You don’t get those water cooler conversations, so you have to be very intentional. We have huddles with each team a couple of times a week, and I make a point of joining those huddles even as CEO, just to say hello and get face time. I have an open door policy — anyone can Teams me, text me, call me with anything they want. We do fireside chats where people can sign up and ask anything, an ask-me-anything format that rotates through our executive team. No questions are off limits. Quarterly, we do a town hall. I have a slide I call “the good, the bad, and the ugly” and I am super transparent: what went well, what didn’t go well that quarter, and what is the ugly. Even if the ugly is something I’m responsible for and I made a mistake, I hold myself accountable to the whole company and say, “I did you guys wrong. I made this decision, here’s the impact it had, here’s what I learned, and here’s what I’m going to take away from it.” I’m really proud that employee one and employee two from Nucleus are still here today, over 20 years later. That’s really unheard of in the MSP space. Our average tenure is close to four years — from what I’ve seen, the average at other MSPs I’ve worked from was about two years. So we’re almost double. I think a big piece of that comes down to providing a culture and a place where people feel safe — that psychological safety to challenge, to say “I don’t agree with this” or “this process didn’t roll out smoothly for me and here’s why.” That psychological safety is what builds the culture piece, where people feel invested and feel like they’re part of the bigger picture. It is not just a slogan on the wall. I read every single comment on our ENPS verbatim — I don’t have HR summarize it for me. I read every comment. I want to know exactly what we need to do as an organization to provide a better home for our people. Robert Dutt: Nucleus is part of the Lyra Technology Group family now — 75-plus MSPs under that umbrella. A lot of MSP owners are either being approached by PE-backed platforms, watching peers who’ve gone that route, or thinking about it themselves. What does that relationship actually look like from the inside? What do you get from being part of the group that you wouldn’t have on your own — and conversely, what did you have to give up? Jennifer Roy: Great question. And your count is actually a little lower than what it is — the last I heard was 111 MSPs. Globally, I’m told we are the largest MSP in the world with all 111 MSPs under the Lyra umbrella. I’ll be super honest: when Evergreen purchased Nucleus, it was before I had started. They purchased in July of 2021, I joined in December of 2021. I will admit I was ignorant and did not know about the acquisition. I had known of Nucleus in the marketplace before and did not know they had been purchased by Evergreen. So it was during my first week of onboarding that I found out about Evergreen and Lyra and went, “Oh — what did I get myself into?” Thinking: private equity, this is going to be a lot of red tape, this is going to be really difficult. I was reassured: no, it’s decentralized, we operate as we always have. And one of the best examples I give of that decentralization model is how I was hired. I had exited my last MSP and was looking for a new home. Todd Kane — who’s been a mentor of mine and gave me my first role at Fully Managed — put on LinkedIn that he knew an operations leader who was looking for a new home. He lined up a whole bunch of interviews for me. This was just a few days after I was unemployed. I had all these job offers, and then Nucleus came to the table. I said, “Listen, it’s Friday morning and I’ve told everyone I’ll give them an answer by Friday at five o’clock. You have six hours if you want me.” Martin worked double time, had conversations with me and the rest of the executive team, and got me an offer in six hours. They had not budgeted for a COO. They had not posted for a COO. It was not a role they were actively looking to fill — but Martin knew there was talent there and he wanted to hire it. He didn’t need to go to Evergreen or Lyra and say, “Can I get approval to hire this executive team member?” He was able to just say, “I’ll figure out my budget. It’s my budget. I’m going to hire her.” That to me is the biggest story of decentralization — the fact that you can move that fast and there isn’t a lot of red tape. In addition to that, we’ve got 111 operating companies, which means my geographical reach is incredible. I have a client with an office in Australia — I can pick up the phone and call one of my partners in Australia and say, “Can you do boots on the ground for me?” No problem. And they’ll likewise send their work in Canada to me. So we’ve got this vast network of trusted people, whereas otherwise you’re googling someone and hoping they’ll represent your company well. And I’ve got a built-in peer group. We recently implemented Thread and were having some issues with it. We were able to call a sister company in the US and say, “I know you’re highly successful with Thread — can you help us with this?” And they said, “Here’s our code.” Most MSPs are not that transparent — “here’s our secret sauce, you can have it.” So it’s been really incredible from a professional development standpoint, and just having those relationships to leverage. The team at Lyra genuinely cares about the operating companies. I feel like I’ve got additional support, but not a high level of involvement where they’re stepping on my toes. I’ve just got an arm of support if I need it. Robert Dutt: And I have to imagine — to your point on the Thread issue — with a hundred-plus organizations of people all sitting in the same seat as you, if you go and say, “Hey, I’m seeing X, anyone else seen this?” — odds are pretty good someone’s going to put their hand up. Jennifer Roy: A hundred percent. And it goes the other way too — there are sometimes opportunities. I recently had an RFP that needed Linux support, and we’re not a big Linux shop. I went into my peer group and said, “Does anyone have a Linux expert who can help me bid on this? It’s only two servers — I can support everything else.” I had a handful of people say, “Yes, no problem.” It really creates more opportunity for our business than we would have without it. Robert Dutt: You were just on a panel at the Pax8 sales kickoff talking about AI-driven services. You told CRN that your investments this year are focused on AI-enabled automation and better data integration. Where are you actually deploying AI at Nucleus right now, and how do you think about that as a business opportunity versus a change to the billable-hour model? Jennifer Roy: There are a lot of AI initiatives happening at Nucleus. We’re looking at our internal processes and how we can automate and create smart AI for our current workflows. A perfect example: I have a monthly report I send up to Lyra covering how things are going in each department — initiatives, financial results. I used to ask every department to send me a summary, then I’d take all those summaries, combine them into one, and send it. It was really time-consuming, and I’d often kick things back to leaders and say, “I need more data, more context, this isn’t written clearly enough.” So I’d give coaching, wait for a revision, and go back and forth. Our CTO built a simple smart form so that if a department head didn’t provide enough data in their response, it would say, “You do not have data in this. You need data. Jen will send this back to you.” The coaching was already baked into the form. And then it would consolidate all of their writing to sound like me — he built it by taking my old documents and putting them into AI and saying, “Make it sound like Jen.” It combines all the data, and then I go in and edit and clean it up, versus having to do it all from scratch. It probably saves six hours a month of my time. For our clients, we’re looking at their workflows and starting really small — but we’re starting. We’re taking our noisiest clients, the ones who generate the most support tickets, and using them as guinea pigs to create AI and automation to reduce our support hours. I’m not necessarily billing them a ton of money for it yet — I’m really focused on what we can learn from their environment so we can make it more marketable and repeatable. I’m also working on a big initiative to provide a tool called Synthrio to all of our clients as part of an opt-out campaign — so looking at how we can help our clients use AI in a safe, controlled way. We know shadow AI is happening everywhere. So how do we make it so that we can provide it in a controlled environment where our clients aren’t losing their IP? That should be going live in the next couple of weeks. Robert Dutt: I love that example of automating what you can for those noisier customers. It looks like value add for them as a client, and it’s also value add for you as an MSP — because your effective billing rate goes up. Jennifer Roy: Totally. And at the same time, I’m getting my technicians and engineers trained on how to create workflows. Without those real-life examples, we’re kind of flying blind. Robert Dutt: You’re plugged into the North American MSP community pretty deeply at this point — between Lyra’s peer network and various organizational communities. When you compare notes with your American peers, what feels different about running an MSP in Canada? Is the Canadian market catching up, leading, or playing a different game entirely? Jennifer Roy: Interesting question. I don’t know that there are a lot of differences, honestly. There are differences depending on geographic region — I have a peer in New York City and their hourly rate is basically double mine. Vancouver is an expensive city, but New York is more so. So there are differences in what you can charge per user or per hour. But I don’t actually think there is a ton of difference in how we operate. There are economic challenges in Canada that are different from the US at different times, but they’re all very similar. I think we all operate very similarly. The biggest piece I would say is you have to be a little more mindful of Canadian data residency. Our clients want their data in Canada, so there are certain partnerships I’ve had to exclude because they weren’t willing to guarantee Canadian data residency. I can’t take on a new partner if they can’t host our data in Canada. Those are some small differences — but really, I always say: we’re delivering customer service. We’re just doing it through technology. I don’t think where you are matters that much. Robert Dutt: How do you see that data residency and increasingly data sovereignty conversation evolving with your customers? Jennifer Roy: It’s definitely evolved over the years, and I think it’s become more important — especially around certain verticals that want to ensure their data is protected and kept in Canada. We work with some investment firms and companies with personal identification data that they absolutely do not want released anywhere. So we really need to look at each client specifically: what is the requirement for their vertical, and how do we ensure their data is safe? We are a SOC 2 Type 2 organization, so we take security and governance measures very seriously and ensure we’re following those to a T. And I won’t sign a deal if a client comes to us with requirements that I don’t know how we’d fulfill. I’ll walk away from the opportunity — the last thing I want to do is fail a client. Robert Dutt: My last question. You guys hit 25 next year at Nucleus. Where does Nucleus go from here? What does the next chapter look like? Jennifer Roy: I want to see us double our growth in the next five years — new logos, revenue, team members. Even with the introduction of AI and automation, I don’t want to see our team size shrink. I want to see us be able to work on different and more creative things. I’d love to see us be fully across Canada, not just in the three provinces we’re currently in. That’s a very lofty goal — that’s my BHAG — but that’s where I’d like to see us in five years. Just growth, growth, growth, and brand awareness. I think Nucleus is a well-known brand, especially across Canada, but I’d love to see it even more so. Robert Dutt: Well, good luck on attaining all those goals. And thinking back to something you said in answer to the first question — about feeling like things weren’t changing fast enough in the role you were in before you took that first MSP job — I don’t think that’s a complaint you have about the managed services world. Jennifer Roy: No. And this is why I’m still here 15 years later — I like fast-paced. I always say my peak performance is at the brink of overwhelmed. Just before I’m overwhelmed, that is the time when I am at my best. The MSP industry keeps me on my toes. I actually can’t imagine leaving this space and going anywhere else. I love it. Robert Dutt: Brilliant. Thanks for taking the time and sharing some of your insights. Jennifer Roy: Thank you so much for having me. I appreciate your time. [MUSIC] Robert Dutt: There you have it — Jennifer Roy from Nucleus Networks. I’d like to thank Jennifer for her time, and honestly, for her candor. This was not a corporate interview. She was remarkably open about what it feels like to take a job you’re not qualified for on paper, about the pressures of being one of the very few women CEOs in the MSP space, and about what people-first leadership actually costs you day to day when you’re reading every single employee comment and holding yourself publicly accountable when you get it wrong. A few things that stuck with me. First, her point that customer service is what MSPs actually deliver — the technology is just the vehicle. Simple reframe, but I think a lot of MSP owners would run their businesses a little differently if they really internalized it. Second, the Lyra and Evergreen story. If you’ve been wondering what PE involvement actually looks like from the inside of a Canadian MSP, this is probably the most specific and honest account I’ve heard. Hiring someone in six hours through a sister company, getting proprietary code handed over, having boots on the ground in Australia through the network — those are real, tangible examples of what a platform can do for you. And third, her approach to AI. No hype, no panic — just practical applications like automated reporting and shadow AI mitigation that are already saving her team time and creating new conversations with clients. If you enjoyed this conversation, please follow or subscribe to In The Channel. You can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. And if you’ve got a moment, a rating or review goes a long way toward helping other channel professionals find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: Everpure, formerly Pure Storage, has launched a new global partner program that replaces volume tiers with an outcomes-led model focused on service delivery and recurring revenue for MSPs. Copado has introduced Agentia, an AI-driven platform for Salesforce DevOps that uses context-aware agents to automate testing and compliance workflows. Acer Gadget has completed a strategic investment in Plugable Technologies to expand its reach into the AI-peripheral and workspace connectivity markets. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, I’m Robert Dutt, today is Tuesday, April 21, 2026, and here’s what’s happening in the channel today. Everpure, the company formerly known as Pure Storage, has unveiled a comprehensive overhaul of its global partner program. Moving away from traditional tiering based strictly on volume, the new framework focuses on an outcomes-led model designed to reward partners for service delivery and recurring revenue growth. Key features include a simplified incentive structure and enhanced technical support for managed service providers. According to Everpure, the change is intended to align more closely with how modern customers consume storage-as-a-service. For Canadian MSPs, this shift represents a significant opportunity to move beyond hardware resale. By prioritizing service outcomes over box-pushing, partners can leverage Everpure’s consumption-based models to build more predictable margin into their cloud and hybrid storage offerings. The update also includes new competency-based tracks that allow smaller, specialized firms to access benefits previously reserved for high-volume resellers. Copado has officially launched Agentia, a new platform designed to integrate context-aware AI agents into Salesforce DevOps workflows. The tool is positioned by the company as a way to automate complex testing, documentation, and compliance tasks that typically require manual intervention. Copado claims that Agentia can understand the specific business logic of a Salesforce environment, allowing it to provide more accurate suggestions than general-purpose AI models. This launch is particularly relevant for Canadian solution providers managing large-scale Salesforce deployments. As talent shortages in specialized DevOps roles continue, the ability to automate routine oversight through AI agents could allow MSPs to scale their operations without a linear increase in headcount. By reducing the time required for quality assurance and release management, providers may be able to increase their project velocity while maintaining high standards for security and compliance. Acer Gadget has announced a strategic investment in Plugable Technologies, a leading provider of USB and Thunderbolt peripherals. The investment is intended to accelerate the expansion of Acer’s peripheral portfolio, with a specific focus on AI-enabled docking stations and productivity tools. While Plugable will continue to operate as an independent brand, the two companies noted in a statement that they will collaborate on product development and global supply chain logistics. This deal signals a consolidation in the workspace technology sector. MSPs can expect to see a broader range of high-performance connectivity solutions that are increasingly integrated with Acer’s hardware ecosystem. As the hybrid work model evolves, the demand for sophisticated peripheral hardware remains high, and this partnership likely ensures better availability and integrated support for partners providing end-to-end hardware solutions to their clients. And for those of you who have been around the Canadian channel scene for a while, it's worth mentioning that Plugable's CEO is none other than Lynn Smurthwaite-Murphy. Later today on In The Channel, I am joined by Jennifer Roy of Nucleus Networks to discuss the evolving landscape of channel leadership and the importance of mentorship in tech. And if you haven’t heard it yet, be sure to check out my conversation from yesterday with Ben Yerushalmi of OutSystems, where we took a deep dive into the impact of low-code platforms on modern application development. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening.
Benjamin Yerushalmi, senior vice president of partners and alliances at OutSystems OutSystems launched its redesigned Elevate partner program in late February – a ground-up rethink that moves away from volume-based incentives toward a point-based earned level model weighted toward AI credentials and delivery outcomes. To walk through what changed and why, I spoke with Benjamin Yerushalmi, OutSystems’ senior vice president of partners and alliances and a three-time CRN Channel Chief, who came to OutSystems from Automation Anywhere and before that spent seven years at Salesforce building global alliance teams. That arc across three major technology waves gives him an interesting vantage point on what actually gets partners to invest – and how the pitch changes when you’re not working for a juggernaut. The most substantive part of the conversation is about where the services work is moving. Ben describes a clear shift toward front-end advisory – design, architecture, change management, understanding how AI agents will function alongside people – and away from pure back-end implementation. Partners are also doing more objection handling earlier in the cycle, including making the case against what Ben calls “vibe coding tools.” His line: you’re using a vibe coding tool, you’re gonna get vibe code. We also got into the Elevate mechanics: the Elite Delivery Partner credential (earned per individual, not per organization, which changes the calculus for smaller shops), how OutSystems is weighting points toward Agent Workbench and ODC to drive partner behavior toward newer AI products, and Ben’s framing of the competitive landscape as convergence and coexistence rather than zero-sum competition with Microsoft, ServiceNow, and Salesforce. OutSystems is an enterprise play, and not every shop in our audience is landing these deals. But the conversation about where partner economics are heading in the agentic AI era applies well beyond any single vendor’s program. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. My guest today is Benjamin Yerushalmi, senior vice president of partners and alliances at OutSystems, the enterprise low-code and AI development platform. Ben is a three-time CRN channel chief who spent the last decade-plus building partner ecosystems at Salesforce, Automation Anywhere, and now OutSystems – three companies that each represent a different wave of technology transformation, from cloud CRM to intelligent automation to what’s now being called the agentic AI era. OutSystems recently launched Elevate, a ground-up redesign of its partner program that shifts the incentive model away from volume and toward outcomes, customer satisfaction, and AI credentials. Now, OutSystems may not be a name that’s top of mind for a lot of solution providers in our audience, but the conversation we had touches on questions that are very much in play for every partner right now. What does an agentic AI engagement actually look like from a services standpoint? How is the work shifting from implementation to advisory? And what do you do when a customer asks why they shouldn’t just use a vibe coding tool instead? Let’s get right into it. My chat with Ben Yerushalmi. Robert Dutt: Ben, thanks for taking the time. I appreciate it. Ben Yerushalmi: Thank you for having me. Robert Dutt: The last time we spoke, you were at Automation Anywhere – it was their event in Austin a couple years ago. Before that, you were with Salesforce, now OutSystems. Three very different platforms, but in all of them you’ve been building or revamping a partner ecosystem around a technology wave. What’s the thread that connects those experiences for you? What have you learned about what actually works when you’re asking partners to bet on something, especially when it’s early innings of that particular wave? Ben Yerushalmi: Great question. It’s interesting, because three very different experiences. When you’re with a company like Salesforce, Salesforce is a juggernaut in a lot of respects. There are a lot of partners who are very invested in your success. They’ve got big business units, big practices, and there’s a clear ROI. Salesforce is creating a lot of demand in the market. When you’re with a mid-sized software company like Automation Anywhere or OutSystems, the challenge is still the same – you have to present them with a reasonable business case for investing in your technology and then going to market with you. Because you don’t have a shiny blue cloud on your business card, I think it’s a much bigger challenge. You have to do things like build a partner program that’s designed for growth, build a partner program with clear benefits to the partners about how they’re going to lean in, why they’re going to lean in, how they’re going to engage with your brand. It is a slightly different challenge – or a vastly different challenge. And when you’re with the smaller companies, the need to move fast is so urgent, especially where we are right now in this market with AI impacting everything we do. Messaging is changing, the go-to-market models are changing, the expectations of our customers are changing. Building a program that can be flexible, fast-moving, and built for growth is just super critical. Robert Dutt: OutSystems has been around for 25 years now, but Elevate feels like a pretty significant rethink of how you engage partners. I suspect your previous answer may have covered some of the territory, but what was broken – or not working well enough – about the old model that made you say, “All right, fresh sheet of paper, let’s do something new here”? Ben Yerushalmi: Look, nothing was broken. We had a functioning partner program that evolved over time, and none of the iterations it evolved through looked like the market we’re in today. We really needed to take a step back and strategically look at the program, think about what needed to be built in that could move at the pace of the market and give the ecosystem the things it was going to need to grow. For example, if you look at the old program – big emphasis on new logos, big emphasis on partners that had the implementation skills. Both super important, but only a fraction of how our partner ecosystem adds value to our brand, to our customers, and in the things they do to drive outcomes. We really had to reposition the program. First, pivot everything toward AI – everything from how we measure financial impact, to how we reward training and enablement, to how we measure CSAT and outcomes. Everything had to shift to AI. We also had to acknowledge all of the different ways that partners add value. Not just sourcing new logos, but co-sell, resell, managed service, MSP, ISV – and not just new logo acquisition, but growth in our existing accounts. Partners source business in our existing accounts. Partners are the best set of people to go in – especially when they apply their AI expertise, their industry expertise – and really grow our footprint at those accounts and truly drive outcomes and value for our customers. We had to acknowledge that. We also had to think about what we could build into the program to incent our ecosystem to be thinking about industries, to be thinking about agentic solutions, and to drive that behavior. Robert Dutt: One of the things that jumps out about Elevate is the shift toward earned levels based on outcomes and customer sat rather than just volume. That’s a trend we’re seeing across the industry. But it does raise the question: does that model inherently favor larger partners who can invest in multiple certifications and have that CSAT infrastructure, or is there a path for smaller partners as well? Ben Yerushalmi: There is. We have a number of examples of smaller-scale partners that have achieved some of the higher levels in the program. We also have examples of smaller partners who are on path to achieve Elite Delivery Partner status – because it’s not one credential per person. One person can have multiple credentials across the different disciplines. It doesn’t necessarily favor large partners. Now, when we launch Global Strategic – which would be a tier sitting above Platinum – that may, just because of sheer scale, favor larger partners. That said, our company is going to run on the strength of our Silver partners, our Gold partners. It truly takes partners across all of those levels to build a healthy go-to-market. I’m not terribly concerned about where smaller partners are going to find their place in the program. The other thing – and I’ve gotten a lot of questions about this – the Premier level in the old program basically maps to Gold in the new program. Platinum is effectively the level above that for partners to strive for. Robert Dutt: You’ve weighted agentic AI credentials pretty heavily in the point system, for obvious reasons. How are you credentialing something that’s that new and that quickly evolving? What does an agentic AI competency look like for a partner today versus what you expect it to look like a year from now? Ben Yerushalmi: You tell me what the market’s going to look like a year from now. What we’re doing right now is putting emphasis on our AI-built components. For example, Agent Workbench is going to carry a higher number of points in the program than O11. ODC is going to have a higher number of points than O11. As we continue to release additional AI-built products, we’ll continue that over-weighting. It’s simple – it’s trying to encourage a behavior. Staying at pace with the market is a massive challenge. One of the things we need to make sure is that as fast as we’re moving, as fast as our messaging evolves to meet the demands of the market, our partners have to come along with us. Partner enablement is one of the most important things we’re going to do this year – around messaging, around hands-on product enablement on all of the innovation we’re bringing to market. Because we want to encourage partners to go out and get those credentials, we’re putting the weighting in the program. It’s also a faster path to up-leveling within the program. Retooling all of your practitioners is something we need all of our partners to do – it’s a big undertaking. Robert Dutt: Everyone in the industry is talking about agentic AI. You touched on the role of Agent Workbench and how it’s a core piece for you. Curious what you’re hearing from a partner economics standpoint – when a partner takes on an agentic AI engagement, what does that actually look like? Is it a dev project, a consulting engagement, something that becomes a managed service? What are you seeing as the motion for partners today? Ben Yerushalmi: That’s a great question. We’ve historically had – maybe a small army, but a really great ecosystem of – partners with strong technical skills that did a really great job of implementing. We were a leader in the low-code space, implementing rapid application development and doing great things for our customers. We had a lot of folks that were really strong on the back end of a project, on the implementation side. What we’re seeing now with agentic is that there’s a lot more work for partners on the front end – on the design, on the architecture, on thinking through the downstream change management implications, the way agents are going to have to work within the current corporate and IT environment. Just to use the most common example: if you’ve got an agent working alongside humans with humans in the loop, that impacts how an organization functions. You need to be thinking through those things on the early side of these engagements. So we’re seeing a shift to more work on the front end, because you’re not just thinking about how do I architect the solution and how do I build it – you’re thinking about all of the downstream impact on how an organization functions. We’re also seeing a lot more experimentation. What can these tools do? What can these agents really do? Our partners are being asked what the best technology is. Our partners are being asked to evaluate us alongside other technologies. We’re seeing competition from all directions, and our partners really need to understand how to sell the value of our platform and handle a lot of the objection handling earlier in the cycle. Why can’t I just use a vibe coding tool, for example, versus Mentor or Agent Workbench? We always go back to the platform messaging – if you’re using a vibe coding tool, you’re going to get vibe code. At the end of the day, you still need a platform that takes care of governance, security, privacy, compliance. But our partners are being asked all those questions up front. There’s a lot more advisory that now goes into any level of engagement. Robert Dutt: Along the same lines but with a slightly different take – where are you seeing partners actually generating revenue with agentic AI today, versus where is it still more of “we see the opportunity, we’re investing, and expect the payoff in a year or so”? Ben Yerushalmi: Look, I think the end state for a lot of this is envisioning multi-agent systems operating within our customers’ technology and corporate environment. We are starting to see that emerge, and we’re starting to see our partners build multi-agent workflows – not just one-offs. These are starting to look like repeatable solutions, which is really great. Think about areas like claims processing – that’s one where you see a lot of examples. You’re starting to see people build claims assessment agents, claims orchestration agents, claims adjudication, and these are repeatable solutions. You’re also starting to see a lot of things, especially on consumer-facing apps, where digital agents are handling a lot of the customer interface. Those are things that are repeatable and can be used across industries. You’re starting to see really interesting things with voice-enabled agents. I listened to a demo just today where it was every bit as good as talking to a human – a natural language conversation, all built on the core components of OutSystems, and it can be used across industries. You’re also starting to see complex industry use cases. As we go to market in finance, in manufacturing, in public sector, we’re seeing our partners bring repeatable solutions for a joint go-to-market. In addition to the things we’re building, we’re starting to see our partners lean into those industries, bring those repeatable solutions, and color outside the areas where we’re investing so we can cover off other industries. We’re also launching a program within Elevate that contains the framework for industry-focused go-to-market programs. Robert Dutt: A bit earlier, you mentioned there is a space and a motion for the smaller deep-dive specialist kind of partner to succeed with you. Given that a lot of our audience – especially here in Canada – is smaller solution providers, MSPs, VARs, people who live in the Microsoft ecosystem and serve the mid-market, can you elaborate on what makes for a successful partner for OutSystems in that space? What are the common threads you see, and what do those partners typically get out of it? Ben Yerushalmi: One of the things we’re seeing is partners investing in getting the Elite Delivery Partner status. Before, we just had Delivery Partner – a fairly low threshold. Now we have the Elite Delivery Partner threshold, which is an indication to our customers that our partners, big and small, know our platform every bit as well as our professional services team. Reaching EDP is something that can be done by large and small partners alike, and that’s where we’re going to tend to recommend partners who have achieved those higher levels. Those are the partners that will likely get subcontracting work from us – that becomes super important. It also doesn’t take a large partner to invest in an industry solution. You need to be thinking about the demands of the market you want to serve and where you want to make those investments. It doesn’t take a large partner to offer a managed service. Those are all things that drive faster time to market and faster time to value for our customers. Having a niche in a market where you can sell is also important, because financial impact is a big component of how you level up in the program. We have small to mid-sized partners that have achieved the top tier. You need to be thinking about the buckets of contribution – co-sell, resell, anything adding financial impact, new logos, credentials, CSAT, program track. All of those buckets contain a lot of different areas to earn points for partners that don’t have a giant GSI logo. It was really designed for partners of all sizes. Silver, Gold, even Bronze partners are adding a ton of value to our customers. Our sellers recognize who they need to align with in a given market. We’re also putting tools in the hands of our PAMs and sellers so they can understand the capability, capacity, and competency of every partner in our ecosystem – who knows how to sell our platform, who has flawless delivery, who has expertise in a given industry or geo or domain – so that we can really arm our sellers with the information they need to align with the right partner. Robert Dutt: For a partner who’s living in that Microsoft-centric world and has started delivering Power Platform to their customers, what’s the conversation? Is there a both/and at different tiers of the market, or do you see OutSystems occupying a fundamentally different space? Ben Yerushalmi: Great question. Look, just about everywhere I’ve worked, I’ve competed with Microsoft – I’ve never worked for Microsoft. They’re a great company. Here, as at Automation Anywhere, the question of how we compete with Microsoft has come up. I think at the end of the day, it’s going to be co-opetition in a lot of ways, because there is room for coexistence at a lot of our customers. If you step back and look at the competition – from vibe coding tools to a lot of the traditional players – I think where we all converge is around agentic. The Gartner BOAT quadrant – Business Orchestration and Automation Technology – came out about nine months ago. It has the automation players, the low-code players, some of the big ISVs like Salesforce, ServiceNow, and Microsoft, and the process orchestration players like Pega and Appian – and where we all converge is around agentic. I need to be able to compete and win against each one of those players and understand exactly how I’m going to do that. But I also have to understand that in any enterprise architecture, we’re going to need to coexist. We have partnerships with a number of the companies we compete with in that quadrant. I always want to win when we’re going toe to toe, but the right solution for a customer may have one, two, or more of those players in a given solution. There are some great companies in that mix, and we’re going to need to work alongside them. Robert Dutt: You’ve now built partner programs across cloud CRM, RPA, and low-code/agentic AI – three waves of technology. If you had to tell a solution provider today where to place their bets for the next three to five years in terms of building a practice and generating new service revenue – not necessarily OutSystems-specific, but across the industry – what would you tell them? Ben Yerushalmi: Flexibility has to be inherent in everything people do. The ability to move at speed and adapt has to be critical. Every company is under pressure to do something with AI – not I think, I know. So people who are investing need to be thinking about skating to where the puck is going. I woke up too early this morning and was reading the news, and there was a fully AI-enabled humanoid robot at the White House. You see stuff like that and you think, where is all of this headed? But you know there is a world of changing work patterns, a world where AI touches every aspect of everybody’s job. You’ve got to think about the technologies that are going to help companies get to that clearly agentic future. And at OutSystems, we obviously believe we are well positioned to tackle that challenge. But you also have to think about this: it’s not just having those hands-on keyboard skills anymore. Customers want people who can take them on that journey. They want partners who can help them think about what are the high-value use cases, how are we going to architect that into our existing enterprise architecture, how are we going to build the applications – and then also manage all of the downstream implications and continue to evolve what we’ve built. Because if you look at a lot of the technologies out there today, they’re cool, they’re exciting, but the second you roll them out, you’re creating technical debt. You need to be making bets in platforms that are going to evolve with the market. Robert Dutt: Last question. A year from now, what does success look like for Elevate? What’s the number or the outcome that tells you this worked? Ben Yerushalmi: What we rolled out in February was half of the vision. There’s still a lot coming. Working through the roadmap of additional elements to Elevate is going to be really important – everything from how we leverage MDF and rethink that model, to how we rebuild our resell model to promote growth in the market, to continuing to stay ahead of the enablement challenge. But if I step back – when I originally talked about Elevate, it was about building a program built for growth. As we continue to be a partner-first organization, success looks like seeing partners successful in the program, being able to level up to wherever they want to be contributing, having partners invest in solutions that drive faster time to value for our customers and really help them move into this agentic future, and having our partners clearly driving successful outcomes with AI and agentic for our customers. At the end of the day, it’s not about Elevate partner program success. It’s really about OutSystems, and OutSystems customer and partner success, that matters. If we can sit quietly in the background and see our partners successful, see us continue to grow, and see our customers realize amazing agentic outcomes on our platform – that’s success. And then I can just sort of ride off into the sunset. Robert Dutt: Sounds like a plan – although it sounds like you’ve already got phase two well in mind, so I don’t think you’re riding off any time soon. Ben, thank you for taking the time. I appreciate it. Ben Yerushalmi: Thank you. Robert Dutt: There you have it, Ben Yerushalmi from OutSystems. I’d like to thank Ben for his time – and I thought it was a pretty candid look at how a vendor thinks about structuring a partner program in a market that’s moving as fast as this one. And I want to thank you for listening, as always. A few things that stood out for me from this conversation. First, the shift Ben described from partners doing mostly back-end implementation work to doing a lot more on the front end – design, architecture, change management, helping customers think through how AI agents are actually going to work alongside their people. That’s not unique to OutSystems. If you’re a solution provider building any kind of AI-adjacent practice right now, that front-end advisory is where the value is moving, and it’s a different set of muscles than a lot of partners have built over the years. Second, his point about the Elite Delivery Partner credential being something an individual can earn – not something that requires organizational scale – was worth paying attention to. As the industry moves toward outcome-based partner programs – and it is, across the board – understanding which programs are genuinely accessible to smaller firms and which just say they are is going to be a real differentiator in where you invest your time. And third, the convergence point. Ben talked about the Gartner BOAT category putting low-code vendors, automation vendors, process orchestration players, and the big ISVs like Microsoft, Salesforce, and ServiceNow all in the same quadrant. His argument is that agentic AI is the thread that ties them all together. Whether that’s true or just convenient framing, it’s worth thinking about – because wherever you sit in the channel, you’re going to be navigating that convergence whether you planned on it or not. If you’re enjoying the ChannelBuzz.ca podcast, you can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. Ratings and reviews are always appreciated – they do help people find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Today’s headline news for Canadian IT solution providers: Fleet launches inaugural partner program: Open-source device management vendor Fleet has announced its first partner program, officially moving to a 100 percent channel sales model. According to CEO Mike McNeil, every deal will now flow through a partner. The program includes reseller and services tracks, focusing on enabling partners to build recurring revenue around Fleet’s multi-OS platform. For Canadian MSPs, the move presents an opportunity to consolidate device management across Windows, Apple, and Linux environments. Scale Computing introduces Velocity Partner Program: Edge computing and virtualization provider Scale Computing has launched a competency-based Velocity Partner Program. The new model ties advancement to verified capabilities rather than sales volume, aiming to reduce operational friction and accelerate quote-to-close cycles. The company is positioning the program as a way for partners to increase autonomy and capture more professional services revenue. N-able CEO urges measured AI approach: N-able CEO John Pagliuca is advising MSPs to focus on internal efficiency before rushing to monetize artificial intelligence. Pagliuca outlined a three-step journey: efficiency first, safe deployment next, and monetization last. He noted that the revenue opportunity will come from helping SMBs implement AI securely, but MSPs must first master their own data governance and automation. Read Full Transcript Welcome to The Buzz from ChannelBuzz.ca, our brand spanking new daily podcast, giving you the latest headlines for the IT channel community every morning in five minutes or less. I’m Robert Dutt, today is Monday, April 20, 2026, and here’s what’s happening in the channel today. Fleet, the open-source device management platform, has officially launched its inaugural partner program, signaling a hard pivot to a 100 percent channel sales model. Founded in 2020 and born out of an open-source project at Facebook, Fleet’s technology enables organizations to manage and secure IT assets across MacOS, Windows, Linux, Android, and ChromeOS. According to CEO Mike McNeil, every sales deal will now flow exclusively through a partner. The new program features two distinct tracks: a reseller track for co-selling, and a services track geared specifically toward partners looking to build recurring revenue streams through implementation and managed services. For Canadian MSPs managing increasingly complex, mixed-device environments, Fleet offers an infrastructure-as-code approach to endpoint management that can help consolidate tool sprawl. The company is actively recruiting new partners and is reportedly offering financial incentives, including enhanced margins and deal protection, for solution providers who migrate customers away from established competitors like Jamf or Microsoft Intune. Edge computing and virtualization vendor Scale Computing has unveiled its new Velocity Partner Program, shifting decisively away from traditional volume-based tiers to a fully competency-based model. The company says this new structure is engineered to help partners navigate the evolving virtualization market by reducing operational friction and increasing partner autonomy. According to Scale Computing, advancement in the Velocity program is now tied strictly to verified capabilities, ensuring that technical expertise—rather than raw sales volume—drives partner economics. The framework is designed to accelerate quote-to-close cycles and reduce dependency on vendor resources. For Canadian solution providers, this represents a faster path to revenue and far better margin predictability, especially for regional partners who might be penalized by strict volume quotas. The program also focuses heavily on enabling partners to capture more of the total value of each opportunity, specifically by driving professional services revenue around deployments of the company’s SC Platform and edge orchestration solutions. N-able CEO John Pagliuca is advising the channel to take a highly measured approach to the artificial intelligence boom. In a recent interview, Pagliuca outlined a specific three-step journey for MSP AI adoption: efficiency first, safe deployment next, and monetization last. He noted that while the broader industry is rushing toward AI-driven revenue streams, MSPs must first focus on internal productivity gains and establishing data governance. According to N-able, the monetization opportunity will materialize as small and medium-sized businesses seek third-party help to navigate their own AI implementations and security challenges. For Canadian MSPs, this serves as a pragmatic reminder to prioritize internal automation and secure operational foundations before packaging artificial intelligence as a billable service. It echoes broader industry research suggesting that data governance remains a significant hurdle to AI adoption, reinforcing the need for partners to establish internal standards first. Later today on In The Channel, I sit down with OutSystems channel chief Benjamin Yerushalmi to talk about defining the channel for three different technology waves over the years, and why AI is moving more partner revenue opportunities earlier in engagements. And if you haven’t heard it yet, check out our chat with Alex Webb and Leanne Yeatman of F12.net on what they’ve learned from 20 years and 15-plus acquisitions, which dropped on Friday. That’s how we’re seeing the headlines today. I’m Robert Dutt for ChannelBuzz.ca, thanks for listening. Have a great day.
Alex Webb, CEO of F12.net and Leanne Yeatman, chief of staff at F12.net F12.net has completed more than 15 acquisitions since founder and CEO Alex Webb and Chief of Staff Leanne Yeatman made their first deal in 2006. What started as a circumstantial opportunity evolved into a deliberate growth strategy that has taken the company from its Alberta roots to a national MSP with offices across Canada and over 500 employees. In this conversation, Webb and Yeatman open up about how they evaluate potential acquisitions – and why the criteria that matter most aren’t the ones on their website. Culture, resilience, and how distributed the workload is across the team all weigh more heavily than the financial table stakes. They also share hard-won lessons on integration, including why they stopped calling deals “mergers” and why leadership can’t outsource the transition work. The conversation takes a turn when Webb discusses F12’s recent private equity transition from Clairvest to Audax, putting him on the other side of the due diligence process he’s put sellers through for years. “Gives me a lot of empathy for what we put our sellers through,” he says. For MSP owners considering a sale, there’s practical advice throughout – from cleaning up your P&L and building leadership depth to understanding why recurring professional services isn’t managed services, and how that distinction affects your valuation when it surfaces in due diligence. Webb and Yeatman also weigh in on the AMTRA Solutions acquisition, a capability play that signals a shift in what acquirers are looking for beyond geographic expansion. Read Full Transcript Robert Dutt: Hello and welcome to In the Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. If you go to F12.net right now — one of Canada’s largest managed service providers — you’ll find something you don’t see on most MSP websites. A page that says “Looking to sell? Let’s talk!” And it’s not vague. It lists exactly what they’re looking for and exactly what a seller gets. That kind of openness tells you something. It tells you that for F12, M&A isn’t opportunistic. It’s a core part of how they’ve grown from an Alberta basement operation in 1994 to a national MSP with over 500 employees and more than 15 acquisitions under their belt. My guests today are Alex Webb, founder and CEO of F12.net, and Leanne Yeatman, Chief of Staff, who’s been deeply involved in the company’s acquisition strategy and adds some valuable perspective throughout our conversation. We cover the full picture here — how F12 decides what to buy and what to walk away from, what integration actually looks like after the deal closes, and what MSP owners on the other side of the table need to know if they’re thinking about selling someday. Alex also shares what it was like to recently go through a recapitalization of his own company, putting him on both sides of the M&A equation. Let’s get right into it. My chat with Alex Webb and Leanne Yeatman. Robert Dutt: Alex, Leanne, thanks for joining us. Alex Webb: Thanks. Leanne Yeatman: Thank you for having us. Robert Dutt: Not every MSP has a “looking to sell” page on their website — much less one that is as prescriptive as listing what you’re looking for and what a potential seller gets. Pretty deliberate signal. When did M&A go from something that happened at F12 — an opportunity that came along — to something that became a core part of how you grow and something that you approach intentionally? Alex Webb: Going back to the memory here — I would say that transition happened right around 2015. Prior to that, we did two acquisitions and they were more circumstantial, opportunistic, presented themselves more than us actually going out and seeking them out. But that shifted when we wanted to expand into a new region that we targeted. That region was Ontario. We were Alberta-based in 2014 and we had a plan to expand into two more provinces — Ontario being first, then BC being second. So I would say that was the date. Robert Dutt: Your first acquisition was CPU Technologies, way back in 2006 — 20 years ago. What was that experience like, and how much of what you do now was shaped by what you learned, for the good and the bad, doing it for the first time? Alex Webb: I’ll actually let Leanne go first. She played a big role in that acquisition. Leanne Yeatman: Going back a long time in history — that was our first transaction. It was different in the sense that we had some outside influence. One of our partners at the time, Wayne Scrivens, played a big role in coaching and teaching us what to look for and how to go through that process. I would say it was foundational in that it sparked this desire to do it more and to recognize that this can be a huge part of our growth story. It’s not the only piece of the journey, of course, but it definitely was a foundational moment for us. And while no two transactions are the same, there are obviously similarities. The more you do it, the more you look back and remember the specific things that went well and the things that maybe didn’t go so well — that you would do differently if given another shot. I remember the details very clearly still to this day. What we learned in that early phase of the CPU acquisition was that when you don’t have the relationships, it’s very hard to convert clients, because they don’t trust you, they don’t know you, they don’t believe you. You have to work really hard to build that trust. That was the biggest education we had: that integration and converting clients was going to be way harder than we thought. Robert Dutt: Obviously it didn’t scare you off, because you’ve done 15 or so acquisitions over those last 20 years. Is there a rhythm to it? Is it a “you’re always looking” kind of thing, or do you find it comes in waves? Alex Webb: I would say waves. We found it a little easier to have a few acquisitions brought in and do that integration work together, because you’re usually assembling teams, and it tends to work a little better than fully integrating one and then starting another. You can do a lot of things in tandem, because you’re generally ripping and tearing not only at their systems but at your own — learning as you go all of the inadequacies in your own systems that need to be redeveloped. That work has to happen while you’re doing integration. So we just found it a little easier to do them in waves. Robert Dutt: The technology tradition of batching — it kind of makes sense from that regard too. Your website lists the criteria you look for: north of $5 million in revenue, low churn, a majority of managed services, healthy EBITDA. Those are the table stakes. What’s the stuff that’s not on the website? What makes you lean in on a company that maybe looks more marginal on paper but gives you a good vibe — or conversely, walk away from one that checks all the boxes but just leaves you with a “no” feeling? Alex Webb: Culture plays a big role. The depth in the organization — how distributed is the effort? Does it all sit on one or two people? Or, even if they’re smaller, have they found ways to distribute the workload across the team? The test of resiliency in the organization matters too. Sometimes longevity brings a certain amount of resilience to a team and a culture. Sometimes experience doing their own expansions or acquisitions brings some of that. That’s important, because when you go through integration, things change — and not just for one entity. A wise person in the industry once explained it to us as: there are two cultures, and both cultures change and become one going forward. The pressure integration puts on both teams is significant. So you really want to look for a team that’s going to be able to weather that storm — one that has a good amount of trust built up with their leadership and with each other. Robert Dutt: How much of the decision comes down to the owner? Their personality, their readiness to move, what they want their life to look like after the acquisition? Alex Webb: That’s a big one. The motivation for why they want to do it is a key ingredient. We try to get to that early, because in M&A, some owners might feel like they can get a little more value out of the business if they portray that they’re staying — but it’s actually traumatic on the business when the alignment is wrong. So we work really hard up front to figure out what’s actually going on. And it’s okay if you want to transition out, or if you want to stay and we work a role around you. Those are very important ingredients for a successful integration outcome. Sometimes there’s indecision — do I want to be part of it or do I want to leave? We just help them with that. We make it okay either way. F12 is a good home for their people and their clients, so they don’t have to worry about that part. We can concentrate our efforts on the outcome the owner actually wants. Robert Dutt: To Leanne’s point about two cultures becoming one — you close the deal, it’s Monday morning. I presume champagne pops, but that’s just my vision of how these things work. What does that first week actually look like for the employees and the clients of the company you just acquired? Alex Webb: If you’ve done it right, it doesn’t feel any different. I know that’s a bizarre answer, but I think that’s what people build up in their minds — that day one, a bunch of things are going to change. Balloons and fanfare. And really you just wake up Monday morning and, you know what, we need to collect some money, answer the phone, go to the client site. All of the things just keep happening. The only difference is generally that there’s a little more money in your bank account than there was the day before — and that’s significantly the only difference. That’s a bit of an out-of-body experience for most owners who’ve never done it. The real work starts more like two or three weeks in. You want things to be business-as-usual for a beat, and then you’re working through the integration plan and executing against it. But that doesn’t happen on Monday morning. Robert Dutt: After 15 or more acquisitions, what have you learned about that integration process? How does the playbook look different now than it did for deal three or four — once you’d realized you were going to do this more than once, but before it had become the muscle memory it is today? Alex Webb: I can say for sure what we don’t do: don’t call it a merger anymore. That’s the tendency with people who are new to it — “we’re merging, we’re going to take the best of both businesses.” That communication is false, because inevitably an acquisition is going to become one entity, and you’re not going to change the processes of the mothership too quickly. You might learn some things and adapt, but you’re not going to adopt their RMM tool or their PSA tool — not likely, because you’ve done so much work building your own. On the communication side, we’re very clear on that now. I think we presented it more like a merger in those earlier days, and it didn’t create a better outcome. The better outcome comes when it’s highly communicative all the way through the process, so people know what’s going on and can plan accordingly. Leanne Yeatman: I’d add two things. One — you can’t outsource the integration work. You can use outside parties to support it, but the leadership team needs to be present and own those pieces of integration very intently. And two — really understand the essence of the business: the things that make the culture what it is, the things that drive people’s loyalty and love for that entity. Make sure you foster those things and allow them to continue. Robert Dutt: What does that transition look like? When you acquire a company, they have their own name, their own culture, their own way of doing things. How do you handle that — it doesn’t sound like it’s “welcome to F12” from day one? Alex Webb: It starts with core systems — getting the tools in place so that we have shared visibility into how the business is performing. That’s the first wave. What we’ve discovered from a culture perspective is that you can still have your identity as a region, as a location. Just because the logo is different, that doesn’t need to change how you do things. You can still have that Friday lunch if that’s what you did. You can still have the barbecues. You could still race RC cars in the parking lot. We don’t need to have a brand above the door to enable those things — but it’s bizarre how people interpret that they’re suddenly not allowed to do them anymore. So for us, it’s about being, as Leanne said, very intentional — making sure people continue doing the things that kept that culture alive. Then when the logo changes over, it shouldn’t feel that different other than it’s a different brand. And now there’s marketing support, sales support, and a lot of things that help that business that they didn’t have before. If you’ve done it right, you’ve added capabilities, expanded the offerings, and people can be more successful and feel more security about their future. That’s the magic. When that occurs, retention stays high — for both clients and team members. Robert Dutt: You mentioned that you initially started doing acquisitions to expand geographically, and a lot of your acquisitions have looked like that going across Canada. AMTRA Solutions last year looks a little different, though — that’s a capability play, adding Microsoft Cloud and AI Copilot expertise. Is what you’re looking for in an acquisition changing? Alex Webb: It certainly is — or, maybe I should rephrase: it’s not so much changing as expanding. We’re still doing what we did on the geographic side, but we’re now adding strategic capabilities as an additional objective. For us, it’s either build it or buy it, and if it makes sense to buy it and bring that capability in, we will. AMTRA really presented a very unique opportunity. In full transparency — when clients get larger, into that upper mid-market range of roughly 350 to 500 seats, their IT needs shift from what a traditional managed service provider does. We handle level one, level two, level three help desk, patch management, backup, infrastructure management — all of those things. But as those organizations get a little larger, the needs change. They want to bring in more advanced Microsoft capabilities, and we would either lose those clients to larger enterprise providers, or bring those capabilities in-house. AMTRA presented that opportunity. It’s been incredibly successful, and we’ve been able to bring those technologies to our upper-end clients in a way that’s really working. Robert Dutt: Without tipping your hand on anything specific — where are the gaps? Is the next chapter more geography, more capability, or are you looking at different frontiers altogether? Alex Webb: For us, the primary frontier is still geographic expansion — into Central Canada and Eastern Canada. That’s still on the to-do list. We also have our eye on more advanced security capabilities, because that’s forever changing and moving more toward the AI front. And we’re not ruling out ERP — the things I like to see are capabilities that all of our clients could utilize and benefit from. When we look at ERP applications, Dynamics 365, these are technologies that the broader client base can use and benefit from, having a mid-market provider able to bring them to market at scale. And we’re not ruling out going south of the border either. We already have clients in the U.S., and we’re starting to see opportunities in states just adjacent to Canada. Robert Dutt: In December, Clairvest exited and Audax came in. You’ve spent 20 years as the buyer. What was it like to be on the other side of that process — having someone evaluate your company the way you evaluate the companies you acquire? Alex Webb: It gives me a lot of empathy for what we put our sellers through. How’s that for an answer? It’s tiring. It was a tiring process. It’s enjoyable on a lot of fronts, and incredibly rewarding when it’s done. But the six to eight months leading up to it — that was a ton of work for the organization. We had some really good support from our banking partners, from Clairvest, and the Audax team were terrific to work with. But even with all that, a lot of work and a lot of sleepless nights. That wasn’t our first experience on that side of the table, though. That was our third private equity transaction. We’ve been through it a few times — just enough to stay in tune with what it actually feels like. Robert Dutt: You’ve got the muscle memory built on both sides of the equation — that’s an interesting place to be. You mentioned how it gave you empathy for what sellers go through. Did going through it change anything about how you think about and deal with the sellers you work with? Or did it confirm what you already believed, having lived as an MSP in this industry? Alex Webb: I think it did both. It confirmed some things, and I think we approach the process with a little more maturity now — on how we handle due diligence, data collection, and integration strategy — because every time you go through it from the other side, you learn a little more. And even when we’re not going through a full business integration, we’re still integrating at a board level, reporting to different people, going through change when you move from one private equity partner to another. I think that leveled us up a little bit and is making us stronger on the buyer side — helping sellers through the process with a little more elegance. Robert Dutt: A lot of MSP owners hear “private equity” and get nervous. They picture cost-cutting and layoffs. From your point of view — having been through it a few times now — what actually changes when you have an institutional capital partner? Does it speed up acquisitions? Redirect them? Put guardrails on them? Alex Webb: Every private equity firm has their own view of what a good target looks like. So for any listeners thinking about private equity, it’s really critical that you align on strategy upfront. That becomes part of the conversation — what’s the tolerance, how does this look, who’s driving the acquisitions? These are important questions. Generally speaking, the private equity partners we’ve worked with liked that we had M&A capability and could hit the ground running. But the types of businesses and the size of acquisitions does change as you grow and move from one partner to the next. As your business gets larger, you can take on larger transactions. Leanne Yeatman: I’d add — knowing what you want to get out of the relationship and how you intend to continue operating the business with that new partner is critical. What we would do leading up to any transaction is decide on the top three things we were looking for in a new partner and what our vision for the organization was for the next five years — then stay focused on that through the process, to make sure you’re finding the partner that’s going to help you execute that vision. When done well, it should be a true partnership. It comes down to alignment. Robert Dutt: You’ve sat across the table from a lot of MSP owners who want to sell. What’s the most common disconnect between what they think their company is worth and what the market says it’s worth? Alex Webb: I would answer that with their understanding of what should be normalized in the business and what shouldn’t — as it relates to EBITDA. The multiples vary a little, but M&A is generally a multiple of EBITDA. So what is that EBITDA, and what’s normalized? The biggest disconnect usually comes from owners running what you might call a lifestyle business — where a lot of their personal world is woven into the business finances. When it comes to doing a transaction, it’s very tricky to determine what’s truly in the business and what isn’t, and to convince the accountants, bankers, and funders of what the real number is. Owners who operate with a clean separation — who take a dividend and keep their personal world out of the business P&L — those are by far the easiest transactions, and you might even pay a little more for a company that runs a pure P&L. That’s one of those intrinsic things we look for. Robert Dutt: In your experience, how many owners who say they want to sell are actually ready to sell? And what does “not ready” look like when you’re sitting across the table? Alex Webb: Tough to quantify, but I’d say it’s usually not a matter of “no” — it’s “not right now.” Either they’re ready and it makes sense, or they just need another year or two to readjust and get things to where they need to be. Everybody has a number in their mind: “If I could get this number for my business, I would sell it.” But nobody wants to reveal that number, because maybe they’d get more. The reality is, people who know their number and understand the mechanics of what it’s going to take to get there tend to have more success. Maybe they’re there now, or maybe they can get there in six months. But that’s the financial side. The mental side is probably trickier. Am I ready to let go? Am I ready to report into an entity? Am I ready to walk off into the sunset? Because sometimes the motivation for doing the transaction is fear — fear of industry change, all of the AI coming, feeling like you’re not ready to compete. That can be traumatic for an owner, because they’re doing it from a position of fear rather than from a position of opportunity for themselves and for their family. Robert Dutt: There’s a whole generation of MSP founders who started their businesses in the nineties and early 2000s who are approaching retirement. Is that creating a wave? And if so, does that make it a buyer’s market? Alex Webb: I would still say it’s a seller’s market. The multiples are still high, there’s still lots of opportunity, and the industry loves businesses focused on recurring revenue with multi-year contracts — there’s real value in those businesses. As for the retiring founders — I’d say we’re just at the beginning of that wave. I haven’t seen a meaningful change in M&A deal flow as a result of it yet. But I believe we’re at the beginning, as some of these groups hit their late fifties and early sixties and start thinking about succession. In fact, I just had one of those conversations recently. Robert Dutt: If I’m an MSP owner three to five years away from wanting to sell, what should I be doing right now to put myself in the best position — not just financially, but operationally and personally? Alex Webb: I’ll let Leanne start with this one. Leanne Yeatman: Build depth in the organization — have multiple leaders present and capable of guiding the rest of the organization through that change. On the normalization side, be clear on what’s acceptable going forward: anything personal that’s wrapped up in the business should start coming out. And third — focus on organic growth. Being able to demonstrate that the business is actively growing and has the ability to keep moving forward. Those three would be my top priorities. Alex Webb: I would add — bring your management team into the conversation when you’re ready to start thinking about a sale. It’s a tough situation when an owner goes through the LOI and due diligence process and then reveals it to the team at the very end. Everybody feels like, “why didn’t you trust me with this earlier?” Bringing them into the dialogue — saying “here’s what I’m thinking about” — you get their input, you get buy-in, you work it together. We do that even when we’re going into a transaction ourselves. When we were going through the Clairvest to Audax transition, we didn’t do it as a cloak-and-dagger move. It was intentional. And I think when it’s done that way, the outcome is even better. Leanne Yeatman: Exactly. The length of the process — if you’ve been in that seat for six or eight months going through due diligence, you’ve already had the time to mentally transition yourself to what’s next. But everybody else at close is just finding out. The more people who are part of that journey earlier, the easier that first week and beyond is. Robert Dutt: My last question — if you could sit down with every MSP owner in Canada at one big table and tell them one thing about M&A that they probably don’t want to hear, what is it? Alex Webb: That recurring contract revenue needs to actually be in managed services. Meaning: you’re getting compensated on a contract whether you put a person out there or not. Recurring professional services — that isn’t managed services. This comes out in due diligence. People take that bucket of revenue and pile it in, trying to present it as managed services. But it gets found out and the deal gets discounted. So: be really clear about your lines of business. What’s product, what’s professional services, what’s managed services. You can have recurring professional services, and if it’s contractual, you’ll get a little more for it. But if you have true managed services, isolate it — because it won’t have the same revenue volatility, and you’ll get better rewarded for it. And if you want to improve your position, convert that recurring professional services to recurring managed services. It’s a lot of work, but we’ve successfully done that through integration for years. People are afraid to have those conversations — it goes back to the old time-and-materials, block-time days. That was the first wave. But when you look at block time and ask “why does this revenue move up and down?” — well, that’s because it’s getting classified as managed services when it isn’t. To hammer again on normalizations: less normalizations will actually benefit you more. Robert Dutt: Great insights, and I appreciate you sharing what you’ve learned through 20 years of acquisitions. Good luck on the next 15. Alex Webb: Thank you very much. Leanne Yeatman: Get it. Robert Dutt: There you have it — Alex Webb and Leanne Yeatman from F12.net. I’d like to thank Alex and Leanne for their time and for their candor. These aren’t always easy conversations to have publicly, and they were both remarkably open about what they’ve learned across 15-plus acquisitions and 30 years of building the company. A few things that stuck with me from this conversation. First, the shift from opportunistic to intentional. 2015 was the year that F12 decided M&A wasn’t just something that happened when a deal fell into their lap, but a deliberate growth strategy. That distinction matters, because it changes everything about how you prepare, how you evaluate, and how you integrate. Second, the culture point. Alex and Leanne both kept coming back to the idea that the numbers can look perfect and you still walk away if the culture isn’t right. And on the flip side, integration isn’t about slapping your logo on the door — it’s about two cultures becoming one new thing. “You don’t need a brand above the door to race RC cars in the parking lot,” as Alex put it. And third — and this is the one I think every MSP owner listening needs to sit with — Alex’s closer about recurring professional services versus managed services. If your recurring revenue is really just project work on a retainer, that gets found out in due diligence and your deal gets discounted. That’s specific, actionable, and probably uncomfortable for more than a few people listening. If you found this episode valuable, I’d appreciate it if you’d follow or subscribe to the show. We’re on Apple Podcasts, Spotify, YouTube, and most other podcast directories. And if you’ve got a minute, a rating or a review goes a long way to helping other people in the channel find us. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Frank Vitagliano, CEO of the Global Technology Distribution Council Every few years, someone announces the end of distribution. Direct sales was going to kill it. Then e-commerce. Then cloud. Then hyperscaler marketplaces. And yet here we are. Frank Vitagliano is CEO of the Global Technology Distribution Council, the industry consortium representing 21 of the world’s leading technology distributors, collectively responsible for more than $180 billion in annual IT sales. He spent more than 30 years in the channel as a vendor executive at IBM, Juniper Networks, and Dell – where he served as VP of Global Distribution Sales and Strategy – and as president and CEO of solution provider Computex Technology Solutions, before taking the helm at GTDC in 2019. In this episode, Vitagliano talks about why distribution keeps enduring through waves of disruption that should, on paper, have displaced it. His framing: distribution has evolved from what he calls “bank and warehouse” into the orchestrator of the IT ecosystem – the entity that connects vendors, solution providers, and end users in ways that no single vendor or hyperscaler marketplace can replicate on its own. He also gets into what distribution’s digital platform investments actually change – including GTDC’s recent research showing that 86% of suppliers are using or evaluating digital platforms – and why Vitagliano believes AI-enabled opportunity identification is “the game changer” that will define distribution’s next chapter. Vitagliano also draws on his vendor-side experience to explain what he wasn’t getting from distribution at Dell, and why platforms and data are finally closing that gap. This episode pairs with our solo essay on why reports of distribution’s demise have always been overstated. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. If you caught my recent solo episode on why reports of distribution’s demise have always been overstated, you know this is a topic I’ve been thinking about a lot lately. Distribution has survived every wave of disruption the IT industry has thrown at it – direct sales, e-commerce, cloud, marketplaces – and it keeps evolving. I want to explore that further, and I couldn’t think of a better person to do that than my guest today. Frank Vitagliano is CEO of the Global Technology Distribution Council, the industry consortium representing 21 of the world’s leading technology distributors, collectively responsible for more than $180 billion in annual IT sales. Frank has been in the channel for more than 30 years, holding senior executive roles at IBM, Juniper Networks, and Dell, where he served as VP of Global Distribution Sales and Strategy. He’s also been on the solution provider side as president and CEO of Computex Technology Solutions. He’s a member of the IT Industry Hall of Fame, and he’s one of the few people who’s seen distribution from every angle – vendor, solution provider, and the advocacy side. We talk about why distribution keeps enduring, what it actually does that’s harder to replicate than it looks from the outside, how digital platforms are fundamentally changing the distributor’s role, and what the next chapter looks like. Let’s get right into it. My chat with Frank Vitagliano. [Music] Robert Dutt: Frank, thanks so much for taking the time. It’s nice to catch up with you. Frank Vitagliano: Hi, Rob. Good to see you again. Robert Dutt: I guess to throw it open – you’ve changed roles since last we spoke, and I know you’re well-established at GTDC now, but because it’s an industry organization for distribution, can you tell us a little bit about the mandate of GTDC and what you guys are focused on over there? Frank Vitagliano: Absolutely. So GTDC has been around for quite some time. It stands for Global Technology Distribution Council – it kind of doesn’t exactly roll off your tongue – and it was established more than 20 years ago by some of the major distributors. Initially, the idea was to educate the financial community on the role and value of IT distributors, and this was before they were all public companies. There were a lot of questions about what do they do, how do they do it, why are they needed. For the first five or six years, GTDC focused on educating that group. After most of them went public, it wasn’t really necessary, because companies certainly did a better job of talking to the financial community themselves through earnings calls. So we pivoted to focusing on the supplier community and educating them on the role and value of distribution. You might think, why does the supplier community need to be educated on distribution? A couple of reasons. One, as you know, Rob, every day there are more players coming into the space, particularly in the cybersecurity area. You can’t count the number of cybersecurity vendors out there, and typically they’re all started by and run by very smart technical folks who really don’t know that much about taking a product to market. So that’s one reason. And the second group that continually needs a refresher is the broader vendor community, because most vendors rotate their people through a number of jobs. You start in direct sales, then you move to channel, and you don’t really understand distribution because it tends to be the least well understood aspect of channels. A lot of people view it as a cost element rather than a value driver. We’ve got about 21 members globally representing more than $180 billion of IT sales annually, so all of the major distributors are part of GTDC. We run three big conferences a year – one in Europe, one in Asia, one in North America. We do a lot with research and content – we had a particularly good year last year and released four strong papers on topics important to the vendor community. I do a podcast series every three weeks with members of the ecosystem. And we have global relationships with major data companies – IDC in North America, Context and Nielsen IQ GFK in Europe – where we collect POS data from distributors weekly and compile it into reports that the vendor community uses to track market share and pricing. So those are the major aspects of who we are and what we do. Robert Dutt: You sit in an interesting place. You’ve done the vendor side with Dell, IBM, Juniper. You ran a solution provider business at Computex. And now you lead the organization that represents and promotes the world’s largest distributors. Pretty rare trifecta. I’m curious how each of those vantage points shaped the way you think about distribution’s role today. Frank Vitagliano: That’s an excellent question, and it was actually one I had to answer when I first took the role at GTDC, because most of the folks previously involved in running the organization had worked in distribution, and I never have. But I had the advantage of working extraordinarily closely with distributors over the years. Back in my IBM days – and this is way in the way-back machine – I was involved in the early days of authorizing distributors to sell IBM PCs. It goes back that far. I understood early on the value they provided in getting a vendor’s product to market. Back then, you could argue it was a bank and a warehouse, which is how a lot of people still think about distribution. But it continued to evolve from a bank and a warehouse to a support mechanism that included pre-sale, post-sale, and solution support, to where it is today – a completely digitized route to market that I think orchestrates the IT ecosystem, because distribution sits right in the middle of it. Upstream is the vendor community, which I view as partners with distribution, and downstream are the customers, the solution providers. The second thing you mentioned is that I spent a couple of years running a solution provider, so I was a customer of distribution, not just a partner. It’s really something to have that perspective, because I thought I knew a lot about what distribution did, but I learned a lot more as a customer. And the last thing I’ll mention is that I have watched distribution evolve over the last 40 years – from a bank and a warehouse to what they are today. It’s incredible what they’ve been able to do to keep pace with technological changes and changes in how people buy technology. And they’ve continued to do it while maintaining the core function that a lot of people still consider critically important: help me get my product to market. That evolution has made me genuinely passionate about what they do and how they’ve done it. And it’s continuing now as they evolve into this new digital world with platforms and AI. Robert Dutt: In the time that I’ve covered the channel space, there’s always been a case being made for “well, this is finally the end of distribution” – it was direct sales, e-commerce, cloud, marketplaces, and yet here we are. You’ve touched on the nature of distribution’s evolution. What was the key through-line in that? What is it that distribution was able to do that allowed it to adapt through those waves of change? Frank Vitagliano: I think it’s one thing primarily. They listened very well to their customers – the solution providers – in terms of what they needed, and they listened and collaborated very well with the suppliers. At the end of the day, that’s the most important aspect of what they’ve been able to do. As the technology shifted – from hardware to services to SaaS, to the changing business models in terms of how products are delivered – they’ve been able to watch the evolution, watch the requirements, and adapt. The platforms that are now being built started probably six or seven years ago with very significant investments in an environment where, as you know, it’s a tight margin model. We’re not talking about hundreds of millions of extra dollars for investment. But they started making these major investments because they saw the requirements, and their customers pulled them in that direction. Another great example is that four or five years ago, the supplier community started pushing consumption models. And distributors have done an amazing job of combining their core capabilities – what they’ve been doing well for 40 years – with investments in key areas that keep them relevant. As for the disintermediation discussion, we’ve been hearing that forever. We heard it with the transition from hardware to software to SaaS. We heard it in the cloud transition. Now we hear it with hyperscalers. And the reality is it hasn’t happened. It won’t happen. You can go look at the earnings of the major distributors in 2025 and say, well, that certainly isn’t a business being disintermediated. That’s a business that’s thriving. And the secret is they’ve done an excellent job of understanding what’s required with their core constituency – the vendor community upstream and their customers downstream. Robert Dutt: One thing I’d add, maybe more from a solution provider point of view, is that a lot of the disintermediation predictions were tending to describe distribution as a transaction – the bank and the warehouse, a single point in the supply chain that can be removed. But there’s more to distribution than that transaction. There’s the ecosystem side – the way distribution has made itself stickier through things like partner communities. Can you talk about what distribution does that’s harder to replicate than simply having a bank and a warehouse? Frank Vitagliano: Absolutely. About three or four years ago, we started talking about distribution as the orchestrator of the ecosystem. You can look at that and say, okay, that’s a catchy marketing term, but what does it really mean? What it means is that there needs to be somebody within the IT ecosystem that connects all the pieces, and distribution is the logical point for that. When I do presentations about what distribution does, I can put up a chart with an enormous number of activities, and typically people’s eyes start to glaze over. But what I tell people is: these are all the activities that are part of getting a solution – not a product, but a solution – from the suppliers involved. And typically there are four or five vendors in every solution. It isn’t as simple as putting a PC on someone’s desk anymore. It’s way more comprehensive when you include all the technology, including the whole cybersecurity conversation. Distribution has the ability to do that, and has been doing it in a multi-vendor world since day one. Then when you look at the customer side – and this is the piece I really learned when I became a customer of distribution – there’s a whole set of capabilities around end user experience. Whether it’s managing the myriad of subscriptions that are out there, the typical solution provider today – whether it’s an MSP, a professional services organization, or the hybrid organization that I ran, with hardware, managed services, and professional services all combined – when they look around for who can help them, distribution becomes the natural spot. Vendors are very focused on training solution providers to sell their specific product, not necessarily to sell a complete solution. So partners turn to distribution for that, including now for AI guidance – how do I deal with it, what areas should I focus on, how do I train my people, how do I educate my customers. And then you add the communities. Distributors support partner communities that let a small solution provider in Canada, for example, punch way above their weight – accessing capabilities they couldn’t afford on their own because the distributor and the community members are supporting them. Really big deal. Robert Dutt: Let’s talk about some of the recent research. Your report found that 86% of suppliers are either using or actively evaluating digital platforms for transactions, lifecycle management, and analytics. That feels like a pretty fundamental shift in what distribution even looks like day to day. What does that transition mean in practice, and what does a distributor’s digital platform need to do that a vendor or a marketplace can’t? Frank Vitagliano: There are three things it does – and they’re well on the way to doing all three, although the third one is still a bit in transition. The first is that the platform provides an incredible productivity enhancement to just doing business. The basics – getting a quote, getting an order through the system, figuring out the right solution. There are studies showing that in some cases what used to take four hours is now taking 30 to 40 minutes. The productivity gains are significant enough on their own that vendors who have committed and built the appropriate API integrations will tell you it’s worth the engagement for that reason alone. The second thing is that distributor marketplaces are multi-vendor marketplaces. You don’t get that when you’re dealing directly with a vendor – you get their marketplace. Maybe some ancillary support, but it’s not a true multi-vendor, compatibility-tested marketplace. It’s the same with the hyperscalers. Hyperscalers have done a fabulous job and collaborate very well with distribution, but at the end of the day, a hyperscaler is a direct vendor – the same category as an IBM, a Juniper, a Dell. They have more capabilities than a single-vendor marketplace, but they still can’t match the breadth of a distributor marketplace when it comes to multi-vendor compatibility testing, subscription management, training, and services. So it’s not instead of – it’s in addition to. Hyperscaler marketplace, great. Vendor marketplace, great. Distributor marketplace can provide all of that plus. The third thing – which I believe will ultimately be the big differentiator – is this: if you ask any solution provider what the number one thing is they want from distribution, they tend to overlook the basics distribution already provides and say: I want distributors to help me drive sales. I want them to help me identify and close opportunities. AI-enabled opportunity identification, based on years and years of history and data, is providing that in ways that weren’t possible five years ago, two years ago. When you can go to a partner and say: three years ago you sold this configuration to these customers, and those customers now need an upgrade or new security features – here’s the customer, here’s the opportunity, here’s how we can help you close it – that’s the game changer. And it’s starting to happen. Robert Dutt: You hit on a key point there, which is the scale piece. Everything they do, they do at scale. And one of the reasons some of what distribution does gets taken for granted is they’ve been doing it for a long time at scale extraordinarily efficiently – because with a one to two percent net margin model, you don’t have a choice. Frank Vitagliano: Exactly. You can’t run a one to two percent net business and not be able to do it efficiently at scale. The margins aren’t big enough to survive any other way. That’s right. Robert Dutt: We’ve talked about the changing nature of distribution over the decades. When you were on the vendor side building distribution strategies, what did you expect or want from distributors that you weren’t always getting? And has anything changed about what vendors should be expecting today versus ten years ago? Frank Vitagliano: Back then, I was getting the basics – no debate there. What I wasn’t getting, and what I think we now have the opportunity to get, is leverage from data. I’ve been working with distributors for 40 years, so they’ve got 40 years of information. And in many cases, the distributors knew the end users that product was going to – it would go through a solution provider but ship directly to an end user. All that data existed, but we were never able to harness it to get what I needed for opportunity identification. I got inside sales support, both technical and to some degree sales. I got outside sales teams supporting opportunities. But I wasn’t getting the insights I really needed to figure out how to grow to the next level. I was getting the support I needed. I wasn’t getting the sales capabilities I needed. That was always the gap. So when we’d design programs and allocate MDF dollars to distribution, I’d fund inside sales heads focused on IBM, Juniper, or Dell. But the outcome I was looking for was increased volumes, increased opportunities, increased sales. I took for granted that if I brought distribution an opportunity, they’d support it flawlessly and at scale – no question. But I wanted them to bring me opportunities. And I’m not saying it didn’t happen, because it did – but it wasn’t completely consistent or transparent. It required effort. What’s happening now with AI-supported platforms, you have the ability to do that in a way that wasn’t possible before. Smart people are designing these platforms in conjunction with the supplier community and customers, and it’s happening. That’s a huge deal. Robert Dutt: One of the things I keep thinking about with distribution in a country like Canada is that it plays differently here. Part of that is the geography – huge country, relatively few major centres spread throughout. But there’s also Canadian-dollar credit, local peculiarities in terms of language – you have to parler français to be successful in the Quebec market – and different regulatory considerations. How do you see distribution’s role being amplified in markets like Canada versus larger, more centralized markets like the US? Frank Vitagliano: That’s one of the real values the global distributors provide – they have experience dealing with markets beyond their home territory, and they bring that cross-border understanding wherever they operate. One of the papers we did last year talked about how to build a distribution strategy for the vendor community. If you’re a supplier thinking about Canada, what do you think about? How many distributors do I need – one, three, twelve? We go through this in the paper, which is available on our website. You think about the TAM of the market, the geography, where you need warehousing to reach major markets effectively. You think about whether you need global players, what combination of local players – because every market has what we call local heroes who are really strong within their community. And then domain specialists – do you need a cybersecurity-focused distributor in addition to your broadline relationships? A lot of vendors think the more distributors they have, the more business they’ll generate. That’s not true. More distributors fighting with each other becomes a cost issue for the vendor and a margin issue for everyone. Building a thoughtful distribution strategy is genuinely important – and the nuances of a market like Canada are exactly the kind of thing that gets missed by vendors who don’t think it through. Fortunately, it’s all laid out in the paper for those who want the framework. Robert Dutt: My last question. We’ve talked about being at the early stages of the platform evolution and where it has the potential to go. If we’re sitting here again in five years, what does distribution look like? And what should partners and vendors be paying attention to right now? Frank Vitagliano: Good question. When I first took the job at GTDC in 2019, right before the pandemic, I was hearing all this discussion about disintermediation – hyperscalers were coming into play, cloud was a big deal, SaaS transition was accelerating. I took the job thinking: I don’t believe distribution is going to get disintermediated, but let’s go do a study. So we did Distribution 2025 – a five-year view of what we thought would happen. It turned out to be pretty accurate. A big part of that was validated by the pandemic, which made the value of distribution extraordinarily obvious. At the beginning of 2025 we did Distribution 2030, and we laid out what we see ahead. Clearly, a fully functioning AI-supported platform will be in place in five years. Not 86% of vendors – every vendor will be utilizing it. There will be major cybersecurity enhancements, and major opportunity identification scenarios where vendors will really begin to get that level of sales support from distribution with the existing basics still covered. I also see the enhancements creating stickiness. Today, any customer can work with any authorized distributor. The question is: how do you make your services sticky enough that they become primarily focused on one or two distributors rather than spreading everything around? Same on the supplier side – vendors will narrow to a smaller subset of distributors who can provide the level of service and platform integration they need. I don’t think it ever becomes exclusive, because most folks will view that as too risky. But it’ll certainly be a lot more thoughtful than “let me just sign up as many distributors as I can.” And I see potential for additional consolidation in the distributor market, particularly in Europe and Asia – not so much in North America, where five or six distributors already represent 90% of the business. But globally, I think we’ll see that over the next few years. Robert Dutt: Fun to have a talk about the ever-evolving nature of distribution. I appreciate your time, Frank. Frank Vitagliano: Rob, thank you for the platform. I love talking about it, as you can probably sense, because I’m genuinely passionate about what they do. I think distributors have done an excellent job over the years of doing what they needed to do to support existing business, while also making the investments required to ensure they weren’t left behind – they weren’t the Blockbuster or the Kodak of the IT space. You could argue that could have happened. But it isn’t happening. And it goes back to the number one point I made: they’re listening to their customers and their suppliers. Robert Dutt: It certainly has not happened. Frank, thank you. Enjoy the talk. Frank Vitagliano: Thanks, Rob. [Music] Robert Dutt: There you have it. Frank Vitagliano from the Global Technology Distribution Council. I’d like to thank Frank for his time and a really candid conversation. It’s not every day you get someone who sat on the vendor side, the solution provider side, and the industry body side, willing to talk openly about what distribution gets right, what it hasn’t always gotten right, and where it’s headed. A couple of things that stood out to me. Frank’s point about distribution evolving from what he called a bank and a warehouse into an ecosystem orchestrator – that’s not just branding. When you think about what it takes to stitch together multi-vendor solutions, handle consumption models, manage renewals, and now use AI to identify opportunities that individual vendors and solution providers can’t see on their own, that’s a fundamentally different value proposition than moving boxes and extending credit. And his candor about what he wasn’t getting from distribution when he was on the vendor side at Dell, and how platforms and data are finally closing that gap – I thought that was a really honest moment. The other thing I’d flag is his point about stickiness – the idea that vendors are going to narrow their distribution relationships and go deeper with fewer partners. That has real implications for solution providers too, in terms of which distributors they’re aligned with and what platforms they’re investing in. If you haven’t already, check out my solo episode on why distribution endures. It sets up a lot of the themes Frank and I explored here, and the two episodes work well together. If you’re enjoying In The Channel, I’d appreciate it if you’d follow or subscribe. You can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. And if you have a minute to leave a rating or a review, that goes a long way to helping other people in the channel community find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Rob Falzon, Head of Engineering in the Office of the CTO at Check Point Software Technologies Canada’s data sovereignty landscape is shifting faster than most organizations realize – and according to Rob Falzon, Head of Engineering in the Office of the CTO at Check Point Software Technologies, the conversation isn’t happening early enough. In this episode, Falzon breaks down the regulatory pressure building around Canadian data – including Quebec’s Law 25, Bill C-8, and new federal PIPEDA reform expected this spring that is expected to include data sovereignty provisions. He draws a sharp distinction between data residency (where data sits at rest) and data sovereignty (control over the entire processing chain) that many partners and their customers are still conflating – and explains why contracts alone can’t solve the problem. Falzon unpacks the CLOUD Act dimension: if data lives in the U.S., it is accessible to the U.S. government regardless of where your company is headquartered or what your service agreement says. For MSPs, the conversation turns to opportunity. Recent research from Kiteworks found that 23% of Canadian organizations experienced a data sovereignty incident last year, and mid-market firms lag enterprise by 15 to 25 percentage points in sovereignty maturity – despite facing the same penalties. Falzon’s advice: lead with risk, not product. He also raises a recent U.S. legal judgment holding that all data entered into ChatGPT belongs to OpenAI – and asks whether organizations using AI services even know where that data is going. Check Point launched a dedicated Canadian data region for CloudGuard WAF in March, opening doors to government and regulated-sector contracts that were previously unavailable to partners. But Falzon’s bigger point is this: the regulatory picture is still coming into focus, and MSPs who get educated now – before the legislation fully lands – have a real chance to stake out expertise and become the trusted voice in the room when urgency hits. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. There’s a phrase you’re probably hearing more and more in customer conversations: data sovereignty. And if you’re not hearing it yet, you probably will soon. Canada’s regulatory landscape around data is shifting fast. Quebec’s Law 25 is already in force with real financial penalties. Bill C-8, the Critical Cyber Systems Protection Act, is working its way through committee. New federal privacy reform is expected this spring, and underneath all of that, there’s a growing realization that the old assumption—that if it’s okay for the U.S., it’s okay for us—may not hold up much longer. My guest today is Rob Falzon, Head of Engineering in the Office of the CTO at Check Point Software Technologies. Rob has spent over 30 years in large-scale security architecture, including government work, and he’s been with Check Point for over two decades. He’s based here in Canada and has a front-row seat to how this market handles security and compliance differently from the rest of the world. We’re going to talk about what’s driving the urgency around data sovereignty in Canada right now, the distinction between data residency and data sovereignty that a lot of partners are still conflating, and what it all means practically for MSPs serving the Canadian mid-market. Let’s get right into it—my chat with Rob Falzon. Rob, thanks for taking the time. I appreciate it. Robert Falzon: No trouble. Robert Dutt: You’ve been in the industry a long time, with Check Point for two decades, and you’ve had a front-row seat to how the Canadian market specifically handles security and compliance. For an audience of Canadian VARs and MSPs, how has the data conversation in Canada changed over, say, the last 18 months or so? It feels like something’s shifted in that discussion. Robert Falzon: Yeah, there’s been a significant shift. In the past, obviously, we’ve seen the changes that have happened with our neighbors to the south and how the climate and atmosphere have changed. It’s caused folks in Canada to have a closer look at what their various different arrangements are from a trust perspective, and what their comfort level might be in where they store their data and how they manage that data—and where their customers are based as well. I think that’s been the primary change in the last few months specifically. For a long time, we’ve had this feeling that Canada and the U.S. have been sort of the same. There wasn’t really a big concern because we have agreements back and forth. A lot of the recent changes have forced us to really revisit those arrangements and see: are we actually making sure that the information is safe and protected? As a result of that, we’ve been getting those questions at Check Point, and it’s incumbent upon us to manage it in such a way that our customers get the security and safety they need while meeting their business requirements. Robert Dutt: From the regulatory side of things, there’s a lot going on. We have Quebec’s Law 25 in place with real penalties behind it. We have Bill C-8 working its way through committee. There’s going to be PIPEDA reform coming up sometime fairly soon, which is rumored to include data sovereignty provisions. Back in November, the government introduced the Digital Sovereignty Framework. For a Canadian MSP who hasn’t been tracking all of this closely, what’s the picture they need to have in their head right now of the regulatory scene? Robert Falzon: Well, like you pointed out, there’s no comprehensive federal law just yet. As you mentioned, there are a number of things on the table and we have some direct focus now from the federal government. There’s a minister assigned specifically for AI that’s taking a very close look at how Canada is managing that. We also have this provincial patchwork. Ontario probably has the most established AI-specific roles so far. Alberta’s Privacy Commissioner also has a report they released last year talking about Alberta creating its own AI law and updating its privacy legislation. All of these changes are happening fairly quickly right now, and it’s incumbent upon MSPs to make sure they’re aware of what these changes are and where they are operating their businesses. There are two aspects to this. The first is the business side: if you have customers that want to consume your services, you need to make sure your services are consumable by them—that you are meeting their data regulation requirements and that the residency and sovereignty requirements these new pieces of legislation introduce are met by whatever services you’re providing. The challenge is that there’s not a lot of clarity right now around what these actual services are. Maybe AI is touching it, or some security component is touching it, but maybe it’s a different type of service related to marketing. This is going to be a challenge for MSPs to make sure they understand their compliance obligations and to closely look at their service offerings. They need to start to decouple what we used to think was an accepted understanding—that if it was okay for the U.S., it was okay for us. It’s not going to be the same anymore. Robert Dutt: There’s another piece of legislation, not necessarily on our side, but the CLOUD Act hanging over all this. Can you walk us through how the CLOUD Act changes the calculus for Canadian organizations using a U.S.-headquartered cloud or security provider? Robert Falzon: There are a few things here to unpack. First of all, it’s not finalized; there are still a lot of negotiations underway. This started back in 2021 or 2022, and obviously, when that started, we were in a completely different geopolitical context than we have today. That’s transformed things into a more complex policy debate and even, to some degree, a national security debate. For us, we’re going to have to start looking very carefully about what regulations we put in place at the federal level that impact us from a legal compliance perspective. Is your CISO well aware of what your obligations are under this? I think if I look at what’s going to change, we’re still going to have to start hosting much of the information we work with in Canada. Anything related to security rule sets, business transaction information—all of this is going to have to be stored in Canada. If you are still leveraging contracts that you might have in the U.S., you’re going to have to look at how you separate out those specific types of data that are protected by law and have them processed and stored in Canada. You may not be able to get out of some of these hosting contracts in the U.S., but the fact is, if that data is in the U.S., it’s going to be available to the U.S. government. If that availability contravenes any legislation we have here, it’s something you’re going to be liable for. Robert Dutt: A lot of times, maybe at the customer level and the partner level, there’s some conflation between data residency and data sovereignty. Can you break that apart? I think when a lot of people hear, “We have a Canadian data center,” they assume the compliance checkbox is checked. Robert Falzon: Yeah. The difference fundamentally is essentially data at rest versus data in motion. If you are storing databases or static information about customers, that data must be resident in Canada. Data sovereignty is essentially the entire chain. Any processing has to be done in Canada, storage has to be done in Canada—the data cannot leave the country or its control sphere the entire time it’s in your possession. I think that’s a critical differentiation because they are often, as you say, conflated to be the same thing. Robert Dutt: What does a sovereignty-defensible architecture actually look like? What are the non-negotiables to make sure you’re covered off there, especially as a service provider? Robert Falzon: You have to look at all of your vendors. You have to make sure that not only are you managing your data effectively yourself, but that all of the vendors you interact with are also following the same guidelines. The challenge here is that we are so integrated with U.S. providers—cloud providers, data center providers. All of those things need to come together, and we need to be aware at all times where this information is stored. Our understanding of where that data is has to improve, so we need better tools to manage that visibility. But we also need to start making actual changes in our infrastructure to make sure it physically resides in Canada. And then we need to look at the rule sets you’re using to manage that data. Do you have the proper security context to store and manipulate that information strictly in Canada as per data sovereignty regulations? Robert Dutt: Let’s bring this to the partner level. There’s a recent survey from Kiteworks that shows 23% of Canadian organizations experienced a data sovereignty incident last year. Mid-market firms lag enterprise by 15 to 25 percentage points in maturity, but they face the same penalties. For an MSP serving that mid-market space, where’s the actual opportunity in terms of educating and compliance? Robert Falzon: Well, if MSPs are at the stage where they’re concerned and trying to get information, imagine where many of our customers are standing. Customers are trusting their partners to provide them with guidance and leadership. If we think about verticals like healthcare, financial services, or the public sector—these are not organizations that typically have heavy internal services or the skill sets to make these decisions about where their cloud data is processed. They’re relying on partners for that. If there are issues, the buck stops with the customer themselves. By helping to educate their customers—making them aware of coming changes, understanding the differences between sovereignty and residency, and looking at their other vendors—partners can take a leadership position. There’s a bit of a vacuum right now in speaking with both partners and customers, where everybody’s just going, “I wonder what’s going to happen next? Am I even ready for this?” It’s a great opportunity to improve their business. Robert Dutt: Is the first question to that customer the general, “Do you know where your data is living and who has access to it?” Or what’s the first concrete question an MSP can take to their customers? Robert Falzon: Well, there are a whole lot of things. First, partners are going to have a better understanding of their customer profile. If they have customers with significant multi-cloud complexity or exposure to the CLOUD Act, they’ll want to start by talking to them about their immediate risk. The challenge we often have is that we want to go in and talk about how a product or service is going to make a difference. Ultimately, what we really need to do is share the conversation about risk. The risk conversation is often overlooked in favor of saying, “I’d like this customer to buy some more Check Point.” But at the end of the day, all of that comes back to their understanding of what the risk is. I would start with risk: talk about what’s in the CLOUD Act, talk about complexity, and talk to them about AI data exfiltration and how that impacts leakage from a legal perspective. Stay away from conversations about specific products and focus on the business outcomes for the customers. That’s what’s going to get you the traction. Robert Dutt: Check Point launched a dedicated Canadian region for CloudGuard Web Application Firewall in March at the Victoria Privacy Summit. What’s driving security vendors specifically to put in infrastructure in Canada right now? Robert Falzon: This is an interesting question because it’s really not a “right now” thing. This is something we’ve been actively looking at for some time. It’s not as easy as just saying, “I’m going to do this in Canada only.” There’s a lot of backend stuff that has to happen. Five years ago, the technology and infrastructure available were somewhat limited. You have to be able to trust the infrastructure you’re placed in. It’s taken years to get here, and we’re quite confident in our ability to deliver the exact same level of quality as we did when it was solely based in the U.S. Countries around the world are starting to take a close look at their most important assets—data and intellectual property—and seeing how easily technology is being used to gain access to private information. Companies would be well-served to understand that this has been a long cycle; it’s not something that just happened overnight. Robert Dutt: For a partner who’s already selling Check Point solutions, what practically changes for them now that this Canadian data region is in place? What deals or conversations does it unlock? Robert Falzon: Certainly anywhere where privacy is paramount, it’s going to have a huge impact because you can start the conversation with the understanding that anything we’re talking about today is going to be data resident and data sovereign to your Canadian customers. That immediately sets you apart from many other vendors who cannot make that claim. If you can address the concern of privacy legislation right out of the gate, then you can focus on the actual business outcomes. It’s going to open doors with agencies very sensitive to this—government entities at the municipal, federal, and provincial levels that might have been off-the-table to a partner that didn’t have solutions meeting those criteria. Robert Dutt: For the MSP who’s a little earlier in the process, what’s the first practical step internally to make sure you’re building this out as an opportunity? Robert Falzon: You have to be extremely well-educated in the legal aspects because you’re going to want to make sure you have a compliance story and accountability you can speak to with your customers. But looking at all the uncertainty relating to AI and machine learning, being able to tie data residency and sovereignty into how that impacts their ability to utilize these new technologies would be a real door opener. There’s a tremendous amount of misunderstanding and lack of information available to customers currently running these solutions. If I were a partner today, I’d be looking at how I have the conversation about security, privacy, and data sovereignty in terms of their ability to be more competitive in the future by leveraging these advanced technologies in a secure way. Robert Dutt: What’s the risk of doing nothing? If I’m a partner and I decide to just keep selling the same way and assume data sovereignty is someone else’s problem, what does that look like 12 months from now? Robert Falzon: Hopefully your customers are already taking a zero-trust approach, so it might be easy to say, “I’ll wait until this settles a bit.” It’s not crazy to think that could still be effective. But if one waits too long and it becomes legislation, now you’re playing catch-up. You won’t be perceived as a leader in the space, and as we know, it’s much harder to win business away from someone else than it is to keep business you already have. Robert Dutt: Last question: what’s the thing about data sovereignty in Canada right now that you think isn’t getting enough attention? Robert Falzon: I think honestly, the conversation about data sovereignty and residency itself is not mentioned enough. It seems to be addressed after the fact. I’m starting to see it come to the forefront, but I still don’t have conversations on a daily basis about this. Even though this announcement was made, I’m still not getting a lot of phone calls about what this means for me, and I would have expected to get a lot more. If we look forward five years, we’ll look back at this and go, “Wow, I can’t believe we only just got that then.” Things are moving so rapidly. If we look at the adoption of AI internal to large corporations—I’ll ask them if they are using AI services, where those services are based, and what the legal ramifications are. Nobody is talking about where the data from ChatGPT lives. There was a legal judgment in the U.S. a couple of weeks back where it was agreed that all data entered into ChatGPT belongs to them—it belongs to OpenAI. Imagine if that’s your company’s data, and you don’t even know it’s leaving because the services you’ve invested in are hosting data all over the world and not in Canada. That’s a risk that’s really not being discussed in an appropriate way. Robert Dutt: It’s an interesting indicator. If the conversation isn’t happening early, it suggests we’re still early in the cycle, and that’s an opportunity for an MSP to stake out a brand in this space. Robert Falzon: Exactly. At this very moment, anyone in the partner ecosystem should be looking at their internal systems and processes and finding out how compliant they are personally. If you don’t understand your internal architecture and what partnerships you have in your own pipeline, you’re going to be well behind when it actually comes to implementation. Robert Dutt: Great insights. Thank you very much for your time, Rob. Robert Falzon: Thank you so much. Robert Dutt: There you have it, Rob Falzon from Check Point Software Technologies. I’d like to thank Rob for his time and for a conversation that I think went well beyond the usual talking points. Thank you for listening. Here’s a few things that stood out for me from this conversation. First, there’s a really important distinction between data residency and data sovereignty that Rob laid out cleanly. Residency is about where the data sits at rest. Sovereignty is about the entire chain—processing, storage, the works—and making sure none of it leaves the country’s control sphere. If your customers think having a Canadian data center checks the compliance box, that’s a conversation worth having with them. Second, there was that striking point about AI data exfiltration. A recent U.S. legal judgment held that all data entered into ChatGPT belongs to OpenAI. If your customers are using AI services and don’t know where that data is going and who owns it once it gets there, that’s a risk that most people simply aren’t talking about yet. And that brings me to what I think was the most telling moment: Rob’s candid admission that even after Check Point’s Canada data region announcement, he’s not getting a lot of calls about data residency. That tells me we’re still early. The regulatory picture is coming into focus, but it’s not fully formed yet, and a lot of partners and customers are in wait-and-see mode. That’s actually an opportunity. If you’re an MSP who moves now—gets educated on the regulatory landscape, audits your own internal compliance, and starts leading the sovereignty conversation with your customers—you have a chance to stake out real expertise and become the trusted voice before this becomes urgent and everyone’s scrambling. Follow or subscribe to the show. You can find In The Channel on Apple Podcasts, Spotify, YouTube, and most podcast directories. Ratings and reviews are always appreciated—they help other folks in the channel find us. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
JoeAnne Hardy, president of WBM Technologies In this episode of In The Channel, I'm joined by JoeAnne Hardy, president of WBM Technologies. WBM is a fixture on the Canadian channel landscape, but its story is one of constant, deliberate reinvention. Founded in 1950 as Western Business Machines in Saskatoon, the company has evolved from a local typewriter and copier shop into a sophisticated managed services provider with a team of 527 professionals across Western Canada and the US. JoeAnne shares her personal journey from starting as a sales assistant to leading a management buyout and eventually taking the helm as President. We dig into the “curse” of the entrepreneur—that moment when a thriving business begins to take a toll on personal well-being—and the specific leadership shift WBM made to ensure that as the company grew, life got better for its people. We also tackle the big questions facing MSP owners today. JoeAnne walks through WBM's strategic decision to partner with Westcap Mgt. Ltd. for growth capital, offering a masterclass in how to evaluate private equity without losing your company's soul. We also discuss the current supply chain volatility, the “RAMmageddon” memory crisis, and how WBM uses its patent-pending Enterprise Experience Platform to turn abstract managed services into measurable end-user outcomes. From the importance of values-based hiring in a competitive talent market to the impact of major regional developments like the Bell AI data center in Regina, this conversation is packed with actionable insights for any channel leader looking to scale with purpose. Read Full Transcript Robert Dutt: Hello and welcome to In the Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. My guest today is JoeAnne Hardy, president of WBM Technologies. WBM is one of those companies that if you’re in the Canadian channel, you’ve probably seen on the lists—the CRN Elite 150, nine years running, FastRiser on the SP500—but the story behind those rankings is more interesting than the rankings themselves. WBM started in 1950 as Western Business Machines, a storefront in Saskatoon selling typewriters. 75 years later, it’s a managed services provider with more than 500 IT professionals across five cities in Western Canada and a growing US operation. JoeAnne has been there for more than 20 years. She started as a sales assistant, worked in virtually every department, led a management buyout, and today runs the whole show. We talk about what it actually feels like to reinvent a company across multiple technology eras; the moment she realized her own success was making her life worse and what she did about it; building and keeping a team from a prairie base; the decision to take growth capital from Westcap; and what’s ahead in a market where supply chains are under serious pressure and AI is reshaping what managed services even means. Let’s get right into it. My chat with JoeAnne Hardy. JoeAnne, thanks for taking the time. I appreciate it. JoeAnne Hardy: Good to be here. Thanks for having me. Robert Dutt: WBM opened its doors on May 1st, 1950 in Saskatoon as Western Business Machines, obviously pre-computer by any definition we know. Now you’re a CRN Elite 150 MSP for nine consecutive years. What does it actually feel like from the inside to lead a company through that many transitions, and how do you decide when it’s time to let go of something that’s still working? JoeAnne Hardy: Well, what a big question to start with! Full disclosure, I have not been here since 1950. My journey at WBM started in 1996, but it is really a privilege to be part of an organization that does have this tremendous history in Western Canada. I think our history is really a testament to evolution around the right things. For us, that evolution has been evolving around our customers and our customer needs. We’ve got a picture that hangs in our Saskatoon Operations Centre from the 50s. The shingle says Western Business Machines and in the window there are posters for typewriters and adders. If we had clung to being experts in typewriters, we wouldn’t be here today. What we know with certainty is that we existed before the internet, and our business is not centered around technology evolutions—it’s centered around our client community. That makes sure we’re relevant, whether what we do today exists in 18 months or not. Robert Dutt: You mentioned the anxiety that can come with some of these pivots. Was there ever a pivot point that was scarier or one where you’re looking around the table like, “I don’t know what the outcome is going to be here”? JoeAnne Hardy: There is one thing that comes to mind. In 2008, myself, Brett Bailey, and Bob Hardy did a management buyout. We closed our deal right before the financial collapse. We reached a point where we had our partnership meetings on Tuesday mornings, and the business was doing great. But I came to one of those meetings and I wasn’t feeling so great. I felt like something was really upside down—that the better the business did, the worse my life was getting. It’s the “curse of the entrepreneur.” I didn’t know if I had another hour in the day to give. I said that out loud, and both Bob and Brett felt the same way. We decided in that moment that we wanted to create an environment where the better the business did, the better our lives got. The secret was building a leadership team around us. Since that point, we’ve completed nine acquisitions, expanded across Western Canada, opened a US entity, and taken on a private equity partner. And we’ve had fun the entire time. Robert Dutt: How has that been reflected throughout the ranks of the organization since you made that change? JoeAnne Hardy: We see it in all different ways. A number of years ago, we set a goal to contribute a million dollars back to the communities we live and work in over a five-year period. We hit that goal in 2025—which was our 75th anniversary—just three years in. These initiatives aren’t decided in a boardroom; they come from the connections our team members have in the community. Robert Dutt: You worked your way up from being a sales assistant. How does having been throughout the business in different roles shape how you lead it now? JoeAnne Hardy: I grew up on a cattle ranch in Maple Creek, Saskatchewan. I learned the value of hard work and understanding how things work. Because that was my upbringing, it felt natural at WBM to be curious. Probably the biggest way it impacts my leadership is that when we have a problem, you have to go right to the people doing the work. They’re in front of the customers. Decisions shouldn’t just be made by “smart people in a boardroom.” You have to maintain that curiosity about what the frontline roadblocks are. Robert Dutt: You have offices in Regina, Calgary, Vancouver, and Winnipeg, with headquarters still in Saskatoon. Is being outside the big city tech hubs a disadvantage, or is it part of the value proposition? JoeAnne Hardy: I think it’s part of the value proposition. When we sit down in a governance meeting and we’re telling stories about a local restaurant in their community, it’s a differentiator. One of our customers, Federated Co-op, has retail locations far and wide. When the team supporting them through our enterprise service desk showed up for their first meeting, they introduced themselves by their local Co-op member numbers. Robert Dutt: When you’re hiring, how do you think about values or gut-based “feel” versus technical credentials? JoeAnne Hardy: It has to be a fit on both sides. Hiring isn’t an individual sport; it’s a team sport. It’s important for many members of our team to be involved so they can give an honest assessment of how an individual would thrive here. We want to live up to being a great place to build a career. Robert Dutt: Let’s talk about right now. Your monthly procurement update has become must-read for me. You’re telling customers to “buy the RAM” for the life of the system right now. What are you seeing day-to-day on that front? JoeAnne Hardy: Our customers look to us for expertise in supply chain management. Our role is helping them manage their lifecycle, and that insight comes from deep relationships with manufacturers and distributors. Our ability to help our customers be insulated from the impact of these things is a big differentiator. We have warehouses across Western Canada, so we can help customers think proactively. Our job is to make our customers heroes in their own organizations so they can take that information to their leadership teams. Robert Dutt: In 2022, Westcap made a growth investment in WBM. Walk me through how you thought of that as a leadership team. JoeAnne Hardy: We cast a wide net to see what opportunities were available. We had clear goals: Bob’s retirement, fueling acquisitions, and staying in control of the organization. Before we started the process, we were rooted in what our goals were. That gives you a framework to evaluate everything from strategic takeovers to private equity. We chose Westcap because their value proposition was that they invest in management teams they believe in. They proved it through the process. My advice to other MSPs is to be rooted in what you’re trying to accomplish before you turn the page to looking at options. Robert Dutt: Bell just announced a $1.7 billion AI data center outside Regina. Does that change the opportunity for WBM, and what does AI look like as a service line for you? JoeAnne Hardy: AI has been part of our world for many years, so a news release about a data center isn’t the “turning point.” What’s different now is the rate of acceleration. We’re excited because this is now a conversation in every boardroom. Every CIO has AI initiatives underway, and we’re helping them enable technology they likely already own but need to understand how to leverage. Robert Dutt: You have a patent-pending Enterprise Experience Platform. How do you think about that kind of proprietary IP? JoeAnne Hardy: It takes all the individual service items we offer and looks at them through the customer lens—the end-user experience. If you have disconnected services, the end user feels it. Why doesn’t the service desk know I’m a new employee? Why is there no plan for my old device? The platform allows us to create a governance model built around making that experience seamless. The “end-user” isn’t just the person at the computer—it’s the IT department, the finance department, and the HR department. Robert Dutt: Last question. If you could go back to the JoeAnne who was just starting as a sales assistant and tell her one thing about what this journey was going to look like, what would it be? JoeAnne Hardy: I would say that everything that doesn’t work out is just as valuable as the things that do. As a young woman starting out, I had a fear of making a mistake. But I reached a point where I realized the “butterflies” in my stomach were just the feeling I got before something awesome happened. Those mistakes are the growth moments. They’re way more valuable than the days everything goes exactly as planned. Robert Dutt: “We win or we learn,” right? JoeAnne Hardy: Yes, exactly. Robert Dutt: JoeAnne, thank you so much for your time. JoeAnne Hardy: Thanks, it was great to visit with you. Robert Dutt: There you have it, JoeAnne Hardy from WBM Technologies. I’d like to thank JoeAnne for her time—and for her candour. It’s not often you hear a company president talk openly about the moment they realized the business was winning but they were losing, and then walk you through exactly how they fixed it. A few things I’m taking away from this one. First, the idea that growth should make your life better, not just your revenue bigger. Second, her framework for evaluating outside capital—know your non-negotiables before you start the conversation. And third, the way WBM thinks about the end-user experience as a platform. If you’re enjoying the podcast, find us on Apple Podcasts, Spotify, and YouTube. Follow or subscribe so you don’t miss an episode. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Dan Candee, CEO of Cork Cyber When Cork Cyber first showed up on the radar a few years ago, it was easy to file under “cyber warranty” and move on. But Dan Candee, who came in as CEO in mid-2024 from AWS and Dell, has been pushing the company well beyond that starting point. What’s emerged – a risk visibility platform, a scoring system, and now active remediation tools – looks less like a warranty company bolting on features and more like a deliberate platform play built on a foundation most vendors don’t have: financial skin in the game. Candee positions the warranty as Aflac for cyber insurance – a fast-response layer, not a replacement. But the more compelling moment was his account of a Canadian construction company that had every security check mark green and still got hit through a BEC attack because someone didn’t verify an ACH change by phone. Cork paid out. The MSP kept the client. The Cork Score is where things get practical for MSPs. Candee walked through showing a client they’re at a 350 because of incomplete MFA adoption, then demonstrating that three specific changes move them to a 700. It’s a QBR weapon, and the Credit Karma comparison holds up. On the business side, Vantage starts at a dollar per endpoint and scales to 35 cents. Financial protection comes in four tiers ($25,000 to $500,000), with the lower tiers designed for MSPs to absorb and bundle as a retention tool. Cork is active across Canada excluding Quebec, available through Pax8, and runs entirely through API integrations with no agent required. Candee teased an autonomous remediation engine for summer 2026. Whether Cork can deliver at the pace they’re promising is worth watching. Read Full Transcript TRANSCRIPT TO COME
In Case You Missed It for the week of April 13, 2026, for Canadian IT solution providers – and the final episode of ICYMI before The Buzz launches April 20: Cisco compute prices jump April 18 – and it’s not just Cisco. WBM Technologies’ April 2026 procurement update flags list price adjustments taking effect April 18 on Cisco compute hardware, driven by ongoing memory market volatility. HPE saw 24-30% list price increases in March alone. HP, Intel, AMD, and Fortinet have all announced increases of their own. SK Group’s chairman says the memory shortage could last until 2030. WBM’s recommendation: pull purchases forward now, and lock in any Cisco compute quotes before April 18. AWS begins paying partners direct cash for managed services – but requires revenue tagging by summer. In its most significant partner program update in years, AWS announced it will pay cash benefits to partners for delivering managed services – a first. A new Partner Revenue Measurement system uses resource tagging to attribute partner-generated revenue, even on AWS-booked deals. By end of 2026, all AWS programs will depend on this measurement; partners are asked to adopt it by July. The update also includes a revamped agentic AI-powered Partner Central hub (cutting admin time 30-40%), an AI Assessment Fund, and a new Greenfield Program for net-new customer incentives. Full CRN breakdown of all eight new AWS partner programs. Nutanix delivers complete agentic AI platform at .NEXT – and a Toronto partner wins the Americas. Nutanix used its .NEXT 2026 conference in Chicago to announce the Nutanix Agentic AI solution – a full-stack platform for building and operating AI applications on Nutanix Cloud Platform across hybrid multicloud environments. Currently in early access; GA expected H2 2026. Expanded hardware ecosystem integrations with Cisco, Dell, AMD, NetApp, and Lenovo were also announced. Toronto-based Arctiq took home the 2026 Americas Reseller Momentum Award, recognized for exceptional growth and technical depth in the Nutanix ecosystem. Canada’s unicorn list is longer – and more established – than you think. Various trackers now count 30-35 Canadian tech unicorns, including channel-familiar names like 1Password ($6.8B valuation) and eSentire. The list is a useful reality check on the depth and maturity of the Canadian tech ecosystem – and a handy reference when making the case that buying Canadian is a genuinely viable option across a wide range of technology categories. This is the final episode of In Case You Missed It in its weekly format. Starting April 20, In The Channel launches The Buzz – three things Canadian IT solution providers need to know, every weekday morning at 7 a.m. ET. Read Full Transcript Hello and welcome to In Case You Missed It from ChannelBuzz.ca, your weekly roundup where we pull the signal from the noise and bring you the stories that matter most to Canadian IT resellers and MSPs. I'm Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. And this one is a bit of a milestone, because it’s the last one – at least in this format. Starting Monday April 20th, In The Channel is launching The Buzz, a daily five-minute briefing every weekday morning with three things you need to know. Same editorial commitment, sharper cadence. More on that at the end. But first, we’re going out on a full week of genuinely important news. Let’s get right into it. Lead story this week has a hard deadline attached to it, so let’s not bury the lede. Cisco is implementing list price adjustments on April 18th – that’s a week from this Saturday – and those adjustments are focused primarily on compute hardware. The reason, as WBM Technologies laid out in their April 2026 procurement update, is the ongoing volatility in the memory market and broader cost pressures hitting the global IT supply chain. And Cisco is just one data point in a picture that WBM’s Director of Strategic Procurement, Ashley Schell, paints pretty vividly in their latest update. HPE saw a 24 to 30 percent increase in list prices in March alone. HP is raising prices by at least 10 percent on personal systems and Poly products, effective April 1st. Intel and AMD have both confirmed CPU price increases for OEMs. Fortinet is implementing monthly price increases averaging around 10 percent. Lenovo is warning that custom orders are being pushed out by 20 weeks or more on certain configurations. And Dell has cut quote validity to 14 days. The driver, as we’ve been tracking all year, is AI data center demand consuming memory capacity at a scale that’s pulling supply away from traditional commercial and channel products. Industry forecasters are now talking about this continuing well into 2027, and the chairman of SK Group – one of the largest memory manufacturers in the world – said this week that the shortage could last until 2030. WBM’s recommendation is clear: if you have upcoming technology requirements, evaluate opportunities to pull those purchases forward now. If you have Cisco compute quotes in flight, get them locked before April 18th. And take a hard look at the rest of your pipeline – the rolling increases across vendors are not slowing down. Shifting gears – this week AWS dropped its most significant partner program update in years, and for MSPs in particular, it changes the financial equation. For the first time, AWS is paying direct cash to partners for delivering managed services. Not credits, not MDF – cash. AWS VP of Partner Core Julia Chen told CRN that AWS data shows MSP-supported customers demonstrate 3.4x higher cloud spend, 58 percent better retention rates, and 5.1x customer growth. The message is: managed services creates better customer outcomes, and AWS is starting to reward that directly. But the bigger structural shift underneath this is what AWS is calling Partner Revenue Measurement. It’s a resource tagging system where partners tag workloads inside customer environments – so AWS can track and credit the revenue associated with partner-delivered work, even when the AWS seller is the one who books the deal. Chen was direct about the timeline: by the end of 2026, all AWS programs will depend on this measurement system, and she’s asking partners to have it in use by July. The full update includes eight major changes – but the other headline items are: a revamped Partner Central platform with agentic AI that AWS says can cut admin time by 30 to 40 percent, a new AI Assessment Fund to help partners fund the initial risk of AI proof-of-concept engagements, a new Greenfield Program for incentivizing net-new AWS customer acquisition, and an upgraded AI Competency framework based on real outcomes rather than just credentials. For Canadian MSPs on the AWS path: the program is getting more generous. But it’s also getting more measurement-driven. If you want the cash, you need to tag your work. Nutanix held its annual .NEXT conference in Chicago this week, and the headline announcement was what Nutanix is calling a complete platform for the agentic AI era. The Nutanix Agentic AI solution – first teased at NVIDIA GTC back in March – is now in early access, with full general availability planned for the second half of this year. It’s a full-stack platform designed to let enterprises build and operate AI applications on Nutanix Cloud Platform, integrating compute, storage, networking, and Kubernetes across hybrid multicloud environments. The timing of Nutanix’s broader pitch is not accidental – “run anything, anywhere, on whatever hardware you’ve got” is a message that lands differently in a market where HPE list prices just went up 30 percent in a month and Cisco compute is about to get more expensive. The company is explicitly positioning itself as the flexible infrastructure alternative for customers simultaneously reassessing their VMware dependency and trying to navigate a constrained supply chain. The partner ecosystem angle at .NEXT was notable too – this is the first year with more than 100 partners at the event, and Nutanix announced a significant expansion of its hardware ecosystem, adding or deepening integrations with Cisco, Dell, AMD, NetApp, and Lenovo. And for some Canadian content: Toronto-based Arctiq took home the 2026 Americas Reseller Momentum Award at .NEXT, recognized for exceptional year-over-year sales growth, customer success, and expanded technical certifications across the Nutanix platform. Arctiq has had a busy year on the M&A front as well – they announced acquisitions of both Verinext and Shadow-Soft in recent months, building out their hybrid cloud, security, and observability capabilities. A Canadian partner winning a global award on a stage like this is always worth noting. Well done, Arctiq. For our closer this week – a bit of perspective on the Canadian tech ecosystem. Various trackers now put the count of Canadian tech unicorns – companies valued at a billion dollars or more – somewhere between 30 and 35 depending on your source. And when you look at that list, a couple of things stand out. First, you’ll find companies we cover regularly in a channel context. 1Password is sitting at a $6.8 billion valuation. eSentire is on the same list. These are not scrappy newcomers – these are mature, established companies with deep enterprise footprints and real track records. The unicorn label sometimes makes everything sound like a startup story, but what this list actually tells you is that the Canadian cybersecurity sector in particular has been compounding quietly for a long time. Second, it’s a useful reference point. The next time someone frames Canadian tech as a branch plant, or treats buying Canadian as a compromise – this list is your answer. Thirty-plus billion-dollar companies across security, fintech, SaaS, and infrastructure. Worth bookmarking. And that’s a wrap – on this episode, and on the In Case You Missed It format. I want to take a genuine moment to thank you for tuning in to ICYMI over its run. The goal was always the same: surface the stories that actually matter for Canadian IT resellers and MSPs, connect the dots across a noisy week of news, and give you something you could act on. I hope it’s done that. Looking back at the arc of just the last few weeks – the Broadcom deadline forcing VMware decisions, the memory shortage turning into a full-scale supply chain crisis, agentic AI moving from vendor talking point to actual shipped product across Ingram Micro, AWS, Rewst, and now Nutanix – it’s been a genuinely consequential stretch of time for this industry. Lots to keep track of. That’s not slowing down. Which is exactly why we’re evolving the format. Starting Monday April 20th, In The Channel is launching The Buzz – a daily five-minute briefing published every weekday morning at seven a.m. Eastern, covering three things Canadian IT solution providers need to know that day. Same editorial standards. Tighter format. Every morning. I’d like to thank you for your support of In The Channel and ChannelBuzz.ca. You can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories – and if the show has been useful to you, a rating or a review always helps more people find it. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Michael Khoury, vice president of Global Ecosystems Programs at Palo Alto Networks When Palo Alto Networks announced the first comprehensive overhaul of its NextWave partner program in more than three years this February, it raised a lot of questions for partners. What does the shift from transactional incentives to platform adoption rewards actually look like day to day? What happens to loyal, firewall-heavy partners who now face a diversification requirement? And is the promise of dramatically improved economics real, or is it marketing math? Michael Khoury, vice president of Global Ecosystems Programs at Palo Alto Networks, is the architect behind the changes. He joined the company, conducted an extensive listening tour with partners across markets, and built the revamp around the specific frustrations he heard: over-reliance on Palo Alto staff for routine tasks, managed services being valued like resale, incentive structures that looked good on paper but didn’t pay out, and training that wasn’t keeping pace with the platform’s evolution. In this conversation, Michael walks through the mechanics of the new program in detail. He explains why Platinum and Diamond partners will need to generate 20 and 30 percent of their business, respectively, from non-firewall product lineswithin 18 months, and why he believes most strategic partners are already within striking distance. He shares data showing the elimination of discount caps has resulted in 2-to-4x earnings improvements based on modeled past bookings, and explains why they timed the rollout to prevent partners from holding back orders. He discusses how the $25 billion CyberArk acquisition creates a new identity security practice path that counts toward diversification targets, the new Partner Development Fund that reinvests rebate earnings into partner growth, and what Canadian partners specifically should know about how their market stacks up. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. If you’re a Palo Alto Networks partner, or you’ve been thinking about becoming one, you’ve probably been hearing about the NextWave Partner Program revamp that launched in early February. It’s being called the first ground-up redesign of the program in about three and a half years, and the changes are significant. A shift from rewarding transactional volume to rewarding platform adoption, the elimination of discount caps that were leaving money on the table for partners, new diversification requirements, and a whole new approach to how Palo Alto thinks about managed services. My guest today is Michael Khoury, Vice President of Global Ecosystems Programs at Palo Alto Networks. Michael is essentially the architect of these changes. He joined the company, did a listening tour of what partners were actually frustrated about, and the revamp is his answer to what he heard. We got into the details of what changed and why, the real economics of the new incentive structure, what the 30% non-firewall requirement means for partners who’ve built their business around firewalls, how mid-market MSPs and resellers fit into a program that could easily be optimized for global SIs, and what the recent CyberArk acquisition means for the partner ecosystem going forward. Michael brought real data and real candor, and I think you’ll find it genuinely useful. Let’s get right into it, my chat with Michael Khoury. Robert Dutt: Michael, thanks for taking the time. I appreciate it. Michael Khoury: Thank you, Rob. Great to be here. Thanks for having me. Robert Dutt: It’s been about three and a half years, I guess, since the last major partner program update for you guys. What changed in the landscape, or in what you’re hearing from partners, that made this the moment to do a kind of ground-up revamp rather than a refresh and update kind of motion? Michael Khoury: Yeah, great question. Rob, I joined Palo Alto Networks about 18 months ago, and what I did, in addition to getting the internal feedback obviously from the various team members and various stakeholders, I made sure to go out on basically a tour, a listening tour, meeting with partners and getting their input frankly about our program at the time and what are the areas we needed to address. It was obvious to me in a lot of areas we had some challenges that we needed to address as a company. I’d put these things in a way – it’s not like what we had was necessarily bad, but it just didn’t evolve with the way the business kept transforming and evolving. So we needed to update. And if you’ve seen this, probably you’ve seen it with other vendors – it’s kind of common in our industry that every few years you need to evolve the program to keep pace with the business needs ever changing. And as I met with partners – and I met with partners across the globe, various regions, some of them were virtual, other meetings were in person, some of the meetings were larger like partner events that we hosted – the consistent feedback that I kept hearing was this. Number one, it was around “Hey Palo Alto Networks, that’s great that you have a program, but it feels like we need you for everything. We need someone at Palo Alto Networks to do anything with you. So we’re always relying on you to get things.” And those things can be as simple as if we needed to get a quote, if we needed to get a price, if we needed access to more training – we always needed someone at Palo Alto to give us that access. That was consistent feedback number one. Number two, obviously when we got into the program it was particularly with the managed services motion, because that motion has been growing for us at a much faster rate – and I’ll give you some percentages in just a minute – but that motion has been growing at a much faster rate than the traditional VAR motion. So when we discussed with the managed services partners, they were like “Hey, you kind of have a managed service program, but it kind of works like resale, not like truly like a managed service.” So we needed to revisit that. And then obviously the other areas that our partners care about – for partners who provide services, how do we ensure we’re leveraging more of their capability and training them and giving them the right support from a training and enablement perspective so they can build not just a go-to-market motion but also their services around Palo Alto Networks. And lastly, the last area was around the incentives. It was only two years prior to me joining the company that the company – and you’re right, you said three and a half years ago – which was the time when the company launched their first rebates program to partners. However, the feedback that I heard from partners, they said “Michael, you have rebates, you have these incentives for us, but they’re mostly on paper. It seems like it’s very hard for us to earn these incentives.” So we had to open that up and revisit that. So overall, Rob, those were the big themes that I heard from partners and why we needed to evolve the program with bigger changes, and why we did the things that we did and we launched the recent program. Robert Dutt: You’ve talked about moving from rewarding transactional volume to rewarding the platform and selling across that. Can you walk me through what that shift looks like concretely for a partner? If I’m a reseller who’s been doing well selling Palo Alto firewalls, what’s different about how I engage with you guys under this new program versus the old one? Michael Khoury: I found – and this is by the way common across the industry – because sometimes a vendor builds a program and sometimes they look at it almost like a static thing. “Oh, we built it, here’s the requirement.” And sometimes you have to also look at where your own field sellers are measured on and what they need to do. Because if you have the company field sales organization and the partner organization that are not in perfect harmony in terms of what they focus on and what they need to work on, then you end up having more friction. So as we evolved the program, we looked at our expectations from our sales teams and we said “Look, we expect our sellers not just to sell our firewall, but we expect them to support the platformization strategy,” which Nikesh talked about a few years ago. And now every company says “Oh, I have a platform too.” But if you think about that concept of we’re not just a firewall company – yes, that is our history, that’s our legacy, that’s where the company started – but when you evaluate our business, when you look at our next-gen security growing around 34-35% year on year, that’s been a big growth engine for us. So as our field sales organization started to focus on embracing the platform, which means if you look at our product platforms, you have the network security, the NetSec part of the house, where you have the firewall, but you also have SASE, which includes SD-WAN and Prisma Access. And also you have what we call our SOC transformation, which is our Cortex product, which is also part of our next-gen security. And under Cortex you have XSIAM, which is the next-generation SIEM. You have XDR, which is around endpoint detection. And then recently we added identity as well, as you know, with the CyberArk acquisition closing last month. So as we looked at all these things that our field sales organization is going to be measured on, when I looked at our program, there were no requirements toward those next-gen security platforms. It was mostly like if you can do firewall and keep doing firewall – which is not bad, it’s totally fine, we love those partners who continue to embrace us on the firewall side – but we also said in the new program, if you want to be driving bigger growth with us and being more aggressive, you need to do more across the platform. Meaning you need to embrace our SASE, you need to embrace next-gen security around Cortex, you now need to also embrace identity. So now the partners who play with us across the platform can unlock better benefits and have more leverage. And we continue to say, look, if you focus only on one area of the business you can excel, whether you focus on identity or you focus only on firewall, you can excel with us, but that will be your lane. That will be kind of your swim lane. Obviously the partners who are more strategic, who embrace the platform, will be able to unlock more. So what we simply did in the program, Rob, is we said now partners have requirements where they have to meet toward the next-gen security, where in the past there were no requirements. We put specific requirements. It’s very clear what they need to do. And then secondly, what we also did in addition to requirements, we also built the incentives and the rebates that support that motion. So we’re basically telling our partners we’re looking at both sides of the puzzle. And I’ve always talked about programs – people ask me “Michael, what is a partner program?” Frankly, for me it’s a value exchange. On one side you have the requirements of what we expect as a vendor from our partners. And on the other side, what do we offer them in return? What’s in it for them? And the way I look at this, where the two meet in the middle – where the requirements meet the benefit and the incentive – that’s the program. So every program, in order to be successful, needs to have both sides. We made sure in our program we updated the requirements, but we also updated the incentives that go with that. Robert Dutt: A couple of things coming out of that in different lanes. You mentioned setting those goals that folks have to reach outside of firewall and making that a requirement for the first time. You’ve said that 30% of revenues need to come from non-firewall lines of business within 18 months for you to reach both Platinum and Diamond, if I’m remembering correctly. That’s a real requirement. What happens to a longtime, loyal firewall-heavy partner who can’t or doesn’t get there? You say they have their lane, but what does that path look like? And the other side of that – is 18 months realistic for partners who need to build new practices around Cortex or Prisma or the other next-gen areas? Michael Khoury: So look, we’ve done the analysis across our partner ecosystem. And what I found when we did the analysis, even over a year ago versus when we did it recently, we already saw a shift. We already saw an increase over just the first year, even before we launched the program, because we started to signal especially to our key, bigger strategic partners. And you’re right – at the Diamond level we require 30% of their business to come from next-gen security. But the Platinum level is a little bit lower, it’s 20%. So it’s not as high of a bar. And obviously for the Innovator level, we did not put a specific requirement. We felt those partners are smaller in nature, maybe they’re focused on a specific area, they’re still building their business model. We didn’t feel we needed to necessarily be very prescriptive with our requirements in that area. In terms of the 18 months, when we looked at our partners – if I have a partner who’s already, let’s say, a Diamond and doing 20% of their business toward next-gen security, and now by adding identity as well, that adds to that percentage. So some of them actually have an identity practice that they can leverage as well. We know the vast majority of our strategic partners are within striking distance. Yes, they may need to stretch. Yes, they may need to do a little bit more work to get there. But look, this is why we gave the 18 months. This is why we enable our CBMs, our field team, to work with these partners early on to start having those plans. And I think overall, the partners who are committed to us, who are not ad hoc, opportunistic – “Oh, this deal I’ll work with Palo only, I’m not fully invested in them” – I get it, those partners may not get there. But frankly, those partners in the first place, they were not driving that much business and that much impact for us to begin with. They were opportunistic, they were bringing some deals, which is totally fine, but we’re not going to necessarily limit our program evolution and requirements based on those. Overall, I feel pretty confident that our strategic partners will be able to meet those requirements come the 18 months. And here’s what I’ll say – last time I did this when I was at ServiceNow and I evolved their partner program, it’s funny how things happen sometimes in the same way. I was there about 18 months before we launched the program. Somehow it worked out to be about 18 months. I don’t know why, it seems like that’s the magic number. And I recall at the time we gave about 18 months and the vast majority of partners ended up getting to where we expected them to go. Yeah, we had a few we had to work with and figure out a way how they can get there in a few more months, but overall it ended up moving that ecosystem in that direction. Now I understand cybersecurity is different than a workflow optimization company, but at the same time, I’ve done these things when I was at Cisco. I’ve done them at ServiceNow and I feel like this is the right move for us at Palo Alto. And I’m encouraged by what I’m seeing early on. The feedback from our partners seems like “Okay, we like this because it’s going to allow our unique partners to stand out.” And if you have too many that are all special, then no one is special. You know how that goes. So we believe 18 months is the right time and the early indication seems to support that. Robert Dutt: It’s funny how, as they say, history rhymes with the 18-month cadence for you across new roles. Switching to the incentive side of things, you’ve eliminated the discount caps that used to lock partners out of earning a rebate on heavily discounted deals. That sounds like a pretty big one for partners. Can you give me a sense of the magnitude here? You’ve said that some partners could be earning two to four times what they were earning before. Is that the aspirational number, or is that broadly achievable? Michael Khoury: That is the actual data. When I said that two to four times, it was actually based on actual data that we modeled based on last year’s performance. So as a matter of fact, when I’m looking at partners, we are more than halfway into our fiscal year ’26, which you know will end in July. So fiscal year ’27 will start August 1st. When I look at our performance for FY26, which we launched the program only in February, so we’re talking about only the second half of the year where these things are making an impact – as a matter of fact, when it comes to the rebates, we changed it in the last two weeks of the second quarter. We didn’t want to finish the second quarter where partners may be holding back on some orders to wait for Q3 where they can earn more rebates. So we made a decision to say “Hey, we’re just going to do it in the last two weeks of the quarter so we don’t hurt our Q2 numbers.” And it turned out to be a good decision because our data was very strong in Q2. So that was great. But it’s a great question. It’s not aspirational. It’s the actual data on past bookings. And what’s really exciting about it – when you look at our next-gen security, around SASE, Cortex, and obviously identity we’re going to address later – but when you look at SASE and Cortex, for us there were a lot of deals our partners were driving but they were not earning those incentives. And here’s one interesting fact. As we started to make that shift and we started to talk about it, all of a sudden in our deal registration – which means mostly the business that our partners obviously source and bring to Palo Alto – our next-gen security deal registration percentages were not as high. And once we started to make that shift and we’re tracking this, you won’t believe it, all of a sudden we’re starting to see an increase in our deal registration and partner-sourced business for us. So that tells me, even though with only one month or one month and a couple of weeks, because we did that change two weeks into the quarter, I’m starting to see the pipeline. I’m starting to see more booking toward that next-gen security. So it’s a good early indication. Obviously I need to wait a couple more quarters. I’m not going to claim victory only in six weeks that we’ve had this. But the early indication, Rob, seems to show that as we made the changes toward these incentives, especially with next-gen security – because in the past a lot of partners, because of the market and competitive dynamics and the way our list pricing model was set up, they were not able to earn incentives on next-gen security – but now they are. So that’s starting to show early indication of pipelines, early indication of deal reg percentages, and so on. So I’m encouraged by where we’re going to finish the year, but I’m more encouraged for next year. Because it’s funny, every time we do these things, when you launch something new it takes about a couple of quarters for the ecosystem to kind of understand, fully adopt, embrace, and put it into an operational vehicle so they can execute on it. And then you start to see in that third and fourth quarter it starts to get much better, and by the fifth and sixth quarter, that’s when you start reaching a higher level. So again, I don’t know why, but somehow things always end up working toward that 18-month kind of trajectory. Because you’re right, the ecosystem cannot pivot right away. They need time to adjust. But that’s what I’ve seen over the years dealing in this for a long time. That’s typically what it takes to get to a higher level. So I’m really excited about where we’re going to end up in ’26 and even more in fiscal year ’27. Robert Dutt: A lot of the audience are mid-market MSPs and resellers, the 15, 20, 50-person shops. When you designed this program, how much were you thinking about that sort of long tail of smaller partners who aren’t at global SI scale? The platform approach – I understand it, it sounds good in theory – but building specializations across the different areas, across network, across cloud, across SOC, requires investment that might be a reach for a smaller partner. What’s the path for that small partner MSP? Michael Khoury: That’s great. First of all, I said it earlier but I didn’t share the percentage with you. I will share it now. Our managed services route to market is growing over 60% year on year. So I can tell you that that’s where we’re seeing a lot of growth. Even traditional VARs, a lot of the traditional VARs are starting to build and deliver managed services. So the business has shifted from just resale, traditional VAR, to managed service. Regarding what we’re offering to that smaller VAR – or that smaller managed service partner, I should say, but it also applies to even our resellers if they want to build a business and go-to-market motion around Palo Alto Networks – we just launched, actually, as part of this program redesign, the ability to have access for all of our partners with on-demand learning experience. Not just for pre-sales and technical sales, which we had always available as on-demand learning, but we just expanded it for post-sales. So now if you’re a smaller partner, you’re going to have access to on-demand learning experience across sales, technical pre-sales, architect roles which are kind of more pre- and a little bit post-sales, across engineer roles for delivery, and across analyst roles for support. So now they have access to on-demand learning experience across all products, which we started with this quarter, and we’re adding more products within the next quarter as well. So that’s number one. Number two, we now incorporate as part of our training for partners an AI roleplay that is also available to them. And the early feedback from partners – we had solution architects from partners come in and do this AI roleplay not prepared. And their feedback initially was “Michael, it kicked my butt, I wasn’t ready.” And now they feel like it gave them an indication of what they need to do better. The new AI roleplay is enabling our partners’ sellers and technical pre-sales to help them position the product. And it’s also enabling the post-sales engineers, architects, and analysts as well. So we’re giving them access across all of that on the portfolio. In addition, once they have access to the on-demand learning experience, part of the ongoing certification model now includes a roleplay. But they also now have access to labs across the entire portfolio. That’s also available to them through that on-demand learning experience. And in addition to that, we just launched Demo Zone, which is also available through the Learning Center. So they can do demos across the product line, they can come in, get training for about an hour, hour and a half, and be able to do demos for customers, really without needing help from a sales engineer or solution consultant at Palo Alto Networks. I touched on this early on when we started – that was one of the key changes we needed to make. Sure, our partners need to have access to the right training, to the right enablement, so they can be self-sufficient. So technically, if you have a smaller partner who’s embarking on their journey with Palo Alto, they’re going to have access to really a lot of content, training, and capability across all roles, available to them on demand. It’s going to allow them to invest and grow and drive that business growth like never before. And obviously with MSSPs, we provide them with programmatic front-end discount that helps them win in that commercial segment, that mid-market that you touched on, without needing a lot of help from Palo Alto. So in a way, we’re giving them access to the training, the enablement, the tools, and also to the programmatic element from a front-end discount, and to the back-end rebate as well, to ensure they can grow and develop that go-to-market motion. So I’m really excited – even though our managed services was growing at 60%, I’m really excited about where it’s going to go a year from now, because I don’t think we’ve touched its full potential. A lot of those managed services partners are going to be able to reap a lot of benefits across the board, across the entire portfolio. Robert Dutt: The AI roleplay tool – that’s something that I thought was really interesting, really fun to see in there. It’s been interesting seeing AI start to find its way into partner programs. Sticking with the sort of idea of resources and smaller partners, are there any Canadian-specific resources or team support that smaller Canadian partners of Palo Alto should know about? Michael Khoury: Look, in Canada we have a very strong managed service motion with partners. And when I look at just the ratio of percentage of Canadian partners and the investment, I see that our Canadian partners actually invest – just from a percentage of resources to booking and revenue – I see our Canadian partners invest more in technical pre-sales roles and training for individuals than in other markets. So I’m very encouraged to see that in Canada, not just are we driving a strong managed service motion, but we also have more investment from a resources perspective. Because when I look at a partner, I don’t just look at how much booking you did with us, because to me booking is more of a lagging indicator. I look at the investments, and not just by the number of certifications they have – I look at the number of individuals. Because obviously you can have one individual sometimes accumulate multiple certifications. So I do look at the number of certifications by product, but we also look at the number of individuals that a partner has invested in. And I’m encouraged to see that in Canada, particularly in our managed service motion and even in our resale motion, I see more and more partners investing in sales and technical and obviously post-sales as well. I found that was interesting data that I uncovered as I was comparing, for example, US partners to Canadian partners. So that’s encouraging. That means our partners in Canada will be able to have, over time, as they leverage the new program, even bigger market share and better representation. Because the data is very clear – partners who invest more in their enablement and their certification, who really go on that journey, their revenue tends to be much higher than partners who don’t make that same commitment. And that’s why we have something that we’re now making available – it’s called our Partner Capacity Dashboard, something brand new. We’re making it available to our Channel Business Managers first for this year. Next year we’ll make it available to partners so they can have clear visibility on all the individuals, the training, the demos, the AI roleplays, all the things that their people are doing. And we also look at their projection for the year’s business and give them guidance on whether they have enough individuals, enough people who are certified. So it’s going to help them really with their business planning for the future. I’m excited about giving this first to our Channel Business Managers. We have a few things to work through, and then by beginning of ’27 we’re going to make it available to partners to help them on that journey. So that’s another one of those things that we’ve evolved and changed. Robert Dutt: You touched on this a couple of times, let’s discuss it now. The CyberArk acquisition closed in February, $25 billion, added identity security into the fold. And that’s something that we’re hearing a lot more about across the industry and throughout the channel. What does CyberArk being in there mean for partners right now? Is there a NextWave path for identity? And how quickly do you think partners are going to be able to build their capability there, particularly with Palo Alto? Michael Khoury: So this was my message probably a week before we closed the CyberArk deal. I went to a CyberArk event, their global sales kickoff, where we had about 200 or so partners. And one of my messages to those partners in the room, I said “Look, if your business is resale, managed service, or consulting implementation on identity only, that’s totally fine. That is a home for you at Palo Alto Networks.” Now it turns out, when we looked at the data, the vast majority of our partners are joint partners, meaning they are both a CyberArk partner and a Palo Alto Networks partner. We had a very small number of partners who are CyberArk-only partners. And those partners, we were in the process of ensuring we onboard them in the next few months before the new fiscal year starts. So the journey for those partners is, if you’re going to continue with identity, we’re going to give you all the support, all the things that I talked about earlier – from access to training, enablement, demos, AI roleplay, tools – all of that is going to be available for identity. All the incentives that I talked about, which today are not available in the CyberArk portfolio, we are going to be working on that for identity for the new year as well. So partners can be even more profitable when they do business on identity. And both CyberArk and Palo Alto, we both embrace partner delivery and support services as well. Between us and them, we have over 90% of the delivery on CyberArk – and a similar thing on Palo Alto – done by partners. So it’s not just the managed services motion or the support motion, but even the delivery motion as well is done by partners. So there will be a path if you just do identity – and again, those are a small percentage – there’ll be a path for those partners to be able to continue to invest in identity. And they’ll have plenty of time to adjust. And if they don’t ever want to go beyond identity, that’s fine. But again, the majority of our partners are actually joint partners between the two companies. So there is a lot more synergy there. When you start looking at data, you start looking at which partners drive the TCVs and the bookings on Palo Alto, there is a lot of overlap. And we’re rationalizing the rest of our ecosystem as well. But I’m excited about adding identity and being able to incentivize and give more support to those identity partners. And I’m glad to say, by having such a large joint overlap, I think that in itself will open up more business for them and more opportunities for us. And frankly, for the Palo Alto partners who do not sell identity – because we have more of those, Palo Alto partners who do not sell identity – this is going to be a great opportunity for them to embrace identity, get the right training, get the right certification and specialization, and be able, if they want to expand beyond what Palo Alto offers, into the identity space. That’s the bigger area of opportunity. Because as I said, the joint customers – all of the CyberArk partners are actually Palo Alto partners – but we had more Palo Alto partners who are not CyberArk, who don’t sell and support identity. And that’s where I feel there is a big potential for growth in that area. Robert Dutt: Do you have any kind of feel for how many of those partners that you describe, who are Palo Alto but not CyberArk, have made identity bets elsewhere? Michael Khoury: That’s a great question. I don’t have that top of mind to share with you as a percentage. Identity tends to be an area where you need to invest deeper. Let me give you an example – a certified delivery engineer at CyberArk is a minimum six-to-nine-month type investment. So it’s not as easy for a partner to pick it up overnight and say “Yeah, I’m ready to go down that path” unless it is part of their go-to-market motion and they have a plan for it. Now, the way we see the future, with more agentic AI and privileged access going to play a bigger role, we believe identity and the privileged access space is going to be an even more key component of that. So I’m going to see more and more partners – not just the joint partners, but more and more partners are going to start to embrace that. But I don’t have the exact percentage top of mind of, hey, if you are Palo Alto only, have you invested with another company versus us. I think they’re going to find very quickly, with all the things we’ve changed in the new program and implementing those with identity and incentivizing more on identity, I think it’s going to be very difficult for them to turn away, even if they were investing with another vendor, not to come to Palo Alto Networks and invest with our identity solution. Especially as we integrate the products and there’s going to be a lot more capability from a platform perspective by having identity. I think it’s going to be more and more difficult to say “Oh, I’m just going to keep working with another company on this one product only.” I think they will see the value, even if I don’t do all the great things I talked about in the program, which we are doing for identity. But from a product and a technology perspective, I think there is a lot of value there. Robert Dutt: My last question – if we’re sitting here a year from now, what does success look like for this program? What’s the metric or the outcome that tells you this revamp worked? Michael Khoury: Yeah. I mean, if I look at the key metrics that we’re looking for – and I think you heard me talk about them already – I’m going to look at how many more partners have trained individuals on Palo Alto Networks, how many more certifications across next-gen security, how much more booking is coming from that side of the house, what percentage more of deal reg is initiated by partners. I’m going to look across various elements to say, did we actually hit the mark? And obviously the other piece is we’re investing in those partnerships as well. All these things that I talked about to make available for partners, it’s an investment on our part. So I need to have that direct correlation to all these key success metrics. And so far the early indication says we’re heading in the right direction. There is one item we haven’t talked about and I want to mention this. Part of our incentive redesign, we also created a program called the Partner Development Fund. So partners will not just be able to earn rebates from us, but also part of the investment they earn will go into a Partner Development Fund that helps them invest in their future growth. So when I look at that future growth and all the activities that partners can drive with us – whether it’s investment in training, investment in headcount, investment in migration services, competitive takeout, whatever the case may be – they’re going to have funds available to them to make that investment in future growth. So one metric I’m going to be looking at is all these partners – how fast they’re growing, where were they growing with Palo Alto Networks as a percentage of business with us, and how fast that is growing now a year later, as we launch this new program with basically adding fuel to that fire and having a flywheel effect. The better job you do, the more we reward you. And the more we reward you, you have more funds to help you reinvest more in that growth. That part is really going to be a key differentiator for us and for those partners. In addition, frankly Rob, our platform strategy across these different products is going to give them a very real competitive advantage. So when you take all that holistically – from a technology perspective, from a program strategy, from a go-to-market motion – all of that combined with access to more training, more enablement, more funds, more support, I think the story is going to look a lot more positive across all these metrics. So I’m looking forward to, by end of fiscal year ’27, which will be the 18-month mark, seeing how this is going to play out. Robert Dutt: All right, I appreciate that, and certainly a lot going on with the NextWave redesign. I appreciate your walking us through some of your thinking around building the program and getting it out there. Michael, thank you. Michael Khoury: Thank you, Rob. Thanks for having me and great to be here. Appreciate the time. Robert Dutt: There you have it, Michael Khoury from Palo Alto Networks. I’d like to thank Michael for his time. He was generous with it, and more importantly, he was generous with specifics, which is not always the case when you get into a partner program conversation. A few things that stuck out for me with this one. First, the listening tour approach. Michael came in, asked partners what was working, and built the revamp around those answers. That sounds obvious, but it’s rarer than it should be. The four pain points that he identified – partners over-relying on Palo Alto staff for basic tasks, managed services being treated like resale, training and enablement that wasn’t keeping up, and an incentive structure that was, in his words, “mostly on paper” – those are complaints I’ve heard from partners across vendors over the years. The question is whether the new program actually fixes them, and the early signals are encouraging. The two-to-four-times earnings improvement isn’t a projection – it’s based on actual past booking data, and they’re already seeing increased deal registration for next-generation security lines within weeks of launch. Second, the diversification requirement. If you’re a firewall-heavy partner, the 30% non-firewall threshold for Diamond level is real, and the clock is ticking. But Michael made a reasonable case that most strategic partners are already within striking distance, and the CyberArk identity practice now counts toward that number, which opens up a path that didn’t exist six months ago. And third, for the audience here in Canada specifically, Michael noted that Canadian partners invest more per resource in technical pre-sales and certifications than partners in other markets. That’s a competitive advantage worth knowing about and leaning into. Thank you for listening. If you found this one useful, I’d appreciate it if you’d follow or subscribe. You can find the In The Channel podcast on Apple Podcasts, Spotify, YouTube, and most podcast directories. And if you have a moment to leave a rating or a review, that goes a long way to helping other channel pros find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Adam Ostopowich, country manager for Tanium Canada Tanium has long been known as a platform for managing endpoints at massive scale – federal governments, Fortune 500 environments, organizations with hundreds of thousands of devices. But the company’s newly appointed Canada country manager, Adam Ostopowich, says the mid-market represents Tanium’s biggest untapped opportunity in Canada, and the plan is to get there entirely through partners. In this episode, Ostopowich explains what changed when Tanium unified its Canadian operations under a single national structure covering enterprise, mid-market, major accounts, and public sector. Previously, partners worked with segment-specific contacts; now there’s one channel organization for all of Canada, designed to simplify engagement and open up new customer tiers for solution providers. We also dig into Tanium’s significant Government of Canada win through the EVAS program, which delivers real-time endpoint visibility across federal departments via Shared Services Canada and partner Computacenter. Ostopowich discusses what that means for the broader partner ecosystem and addresses the data sovereignty question head on, describing Canadian data residency as a “core requirement rather than an optional one.” The conversation also covers Tanium’s strategic shift from autonomous endpoint management to a broader autonomous IT platform vision, unveiled at Converge 2025, including agentic AI capabilities and ServiceNow integration. Ostopowich clears up a common misconception – Tanium is not an EDR and doesn’t compete with endpoint detection tools, but rather augments them with real-time operational intelligence. He also shares a striking data point: proof of concepts routinely uncover 10 to 25 percent more endpoints than organizations even knew they had. Named a Leader in the 2026 Gartner Magic Quadrant for Endpoint Management Tools and a five-time 5-star CRN Partner Program Guide recipient, Tanium is betting on doubling its Canadian footprint in two years – 100 percent partner-driven. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. Tanium has been a name that most people in the IT space associate with large-scale enterprise endpoint management. Think hundreds of thousands of endpoints, federal government deployments, Fortune 500 environments. But the company has been making some moves in Canada that are worth paying attention to. They recently appointed a new country manager, unified their Canadian operations under a single national structure, and are talking openly about going after the mid-market, and doing it entirely through partners. On top of that, they’ve landed a significant Government of Canada win, they’ve achieved Protected B certification, and they’re expanding their footprint with boots on the ground from Calgary to Ottawa. My guest today is Adam Ostopowich, the new country manager for Tanium Canada. And we’re going to talk about what this restructured approach means for Canadian solution providers, where the Canadian partner opportunities actually are, and how Tanium’s vision of autonomous IT fits into what’s happening in the Canadian market right now. Let’s get right into it. My chat with Adam Ostopowich. Adam, thanks for taking the time. I appreciate it. Adam Ostopowich: Thanks a lot for having me, Rob. I’m really excited to be here. Robert Dutt: So you’re just stepping into the role, heading up Tanium Canada. Tell us a little bit about the priorities in your new role, sort of where you’re investing your time and effort, particularly when it comes to partner-facing things. Adam Ostopowich: Yeah, that’s a great question. So it’s an exciting time to be at Tanium. It’s also an exciting time to be Canadian. You know, with the way the market’s headed right now, there’s a ton of opportunity. Really, our vision is to help build a more secure, resilient, competitive nation by empowering organizations with real-time visibility, control, and autonomous IT capabilities to become unstoppable. Now, where this becomes critical in partnering is we really do need to work closely with our partners in order to strengthen the cybersecurity backbone of Canada. And it’s really about protecting Canadians and the companies that drive our economy. Partnering has never been more important in technology. It’s really about bringing platforms together, integrating multiple solutions together, and really, we need our partners to help drive that with us. Robert Dutt: You guys recently rolled out a new unified national structure across Canada. Can you tell me a little bit about what that means in practice? What did the organization look like before, and what changes with this for a partner in, say, Calgary or Ottawa or Montreal or wherever? Adam Ostopowich: So historically, Tanium’s definitely invested in the Canadian market, but it’s been in definitely a little bit more of a unique way. We didn’t have as many dedicated resources located in Canada. That’s really shifted over the last couple of years. And more recently, with February 1, the start of our fiscal year, we really had to make a strategic decision to bring all those resources together under one umbrella and continue to invest in having dedicated resources on the ground supporting our customers, but also interfacing with folks like product marketing, customer success, and so on, across the board. Partnering also became extremely important with the strategy. In the past, we had multiple partner managers focused on different market segments of our business. Now we have one channel manager focused across the board on every market segment, and that’s so important for Canada, especially as a lot of the partners we work with, they cross all market segments. It’s very rare that you’ll come across a partner that’s just focused in one place. So having that unified approach, especially in the channel, has never been more important in Canada. Robert Dutt: So they were previously focused vertically or geographically, how was that? Adam Ostopowich: So primarily focused on – Tanium segments the market based on endpoint potential, and so it was based on the bands of endpoints that our customers would be. So that could be commercial, it could be mid-market, it could be enterprise, and then of course we’ve got our public sector and federal business as well. So now we’re pulling that all together and saying, “Hey, we need to go to market in a more unified way, and we need to pull in our customer success stories, make sure that our partners are aware of every stream of business that we do,” because a lot of that crosses into multiple organizations across the board. Robert Dutt: The EVAS win with the Government of Canada, obviously pretty significant for you guys. What does the partner ecosystem around that look like? Is there room for solution providers beyond Computacenter, who’s kind of the go-to partner there? Adam Ostopowich: Yeah, so we’re definitely partnered closely with Computacenter Canada. There’s potential opportunities across the board. I mean, ultimately, we’re servicing the Government of Canada, but there’s also the contracting in place with Shared Services Canada that’s ultimately going to be touching any organization that buys through that mechanism. So there’s a good chance that many of those organizations will already work with other partners that potentially are already working with Tanium, or there’s an opportunity to expand our partnerships in those spaces. But for the most part, right now we’re heavily invested in Computacenter and how we’re supporting that contract across the board. Robert Dutt: Historically, Tanium has been an enterprise and government play. With the mid-market now under the same national umbrella and building sort of across those bands, as you describe, in endpoints, are you actively trying to reach a different class, a different size of customer in Canada than you were in the past? Adam Ostopowich: Yeah, absolutely. Tanium’s roots are absolutely in the large enterprise space, and we define that as hundreds of thousands to millions of endpoints. Now, Tanium was built to handle the most complex environments in the world. However, what we’re learning very quickly is there’s a massive opportunity down market as well to use the same technology in a rapid way. And really, it’s never been more important as we think about autonomous IT and AI. Ultimately, Tanium’s platform is best positioned to deliver data in real time. And that’s where going into the mid-market space really does help strengthen our growth strategy across Canada. Robert Dutt: As you look at that mid-market and even below kind of level in terms of customer size, how does that change in terms of go-to-market, who you’re working with on the partner side? Basically, what does the channel look like for that space? Adam Ostopowich: Yeah, so right now we work with a multitude of channel partners. Everything from your SIs to your technical partners like Microsoft and ServiceNow that we’re deeply embedded with. But there’s also a lot of VARs and MSPs that we work with as well. And ultimately, especially in the mid-market, we’re often working with more boutique service partners that help us to get into existing customers they’re already with or help us to service customers that we already have in a better way. So that’s a more localized and near experience for them. Robert Dutt: For somewhat obvious reasons, data sovereignty is a huge issue in Canada right now. How much is that driving the conversations that you’re having with customers and how does that translate into partner-led opportunity? Adam Ostopowich: Yeah, so data sovereignty has never been more important. It’s definitely been important over the last decade, but it’s absolutely critical now. I’ll call it a core requirement rather than an optional requirement. And so with that being said, in all of our conversations, it’s kind of set up as it’s almost assumed that that is the way it is. In the conversations, absolutely, we need to position it in a way that Tanium has all the architecture and the delivery of the solution in Canada. And that even goes as deep as our AI modeling. All of that is regional model availability. And our product team is deeply focused on making sure that all of our customers in the region have all the data sovereignty requirements in place. Even when we think about the Government of Canada, we needed to obtain Protected B status to really make sure we align to the criticality of that. Robert Dutt: Is that a structure that’s been in place for a while now, or is that something that’s kind of come together with the Shared Services and the Government of Canada wins? Adam Ostopowich: Yeah, so it’s two separate things. The Protected B is dedicated for the Government of Canada, and that’s their own environment. With the rest of the Canadian regional environment, that’s been around for quite a while. I don’t have the exact timing on that, but when I joined Tanium, that was one of the first questions I asked in the interview process. I’m like, “Do we have all of our environments in Canada?” Because I know how critical that is, and it’s absolutely a bare minimum requirement for us to be successful in the market. Robert Dutt: At last year’s Converge event, you shifted the messaging and the overall structure from autonomous endpoint management to autonomous IT. What does that actually mean for partners? Does it change how they sell, what they sell, who they sell to? Adam Ostopowich: Yeah, so fundamentally, autonomous endpoint management is still a core solution. It’s absolutely part of the DNA of it. Where the message change came from at Converge is really around broadening the scope of what autonomous IT means and connecting it into various enterprise layers. So we can think about our partnership with ServiceNow as an example, or we can think about our partnership with Microsoft. It’s really about how we tie that whole ecosystem together and make sure that our customers can operate in an autonomous way. So with that, really the platform as a whole is really about managing and securing endpoints through a single unified platform driven by AI as real-time endpoint intelligence. And autonomous IT as a whole is bringing that outside of just the Tanium platform as well. So it’s extending it to things like mobile device management, extending it to other enterprise platforms as well that can really help our customers truly become autonomous in the modern day and age. Robert Dutt: That’s, I guess, four or five months ago now that rolled out at Converge. How has traction gone in getting that out to Canadian partners and getting them to understand the vision, the direction, and where things are going? Adam Ostopowich: Yeah, candidly, it’s gone way better than I think many of us expected. It uniquely aligns to everything that’s happening in the market right now where it’s never been more important for customers and organizations to really think about how do they create a more scalable, sustainable business through automation. And ultimately, it really does help our partners to bring that strategy into their visions with their customers that are asking for us to solve these complex business outcome-related solutions. And so with autonomous IT, there’s a number of ways that it ties in. For example, if we think about partnering with ServiceNow, there’s several service companies that manage the entire ServiceNow footprint for a customer. So autonomous IT nicely fits into that channel model there where we’re now augmenting the data that gets delivered to ServiceNow. It’s helping all their downstream workflows. And in several cases, it’s literally automating a help desk ticket process where something as simple as, “Hey, my laptop’s slowing down.” An employee can submit a ticket. Through ServiceNow, it can push or request Tanium to pull all the endpoint data. Then the AI model can run against that, and then it can push the action back to the end device without human interaction. And of course, there’s always going to be the controls in place to manage this, so that we can make sure that it’s effective and not doing anything haywire. Robert Dutt: The big event of summer 2024 kind of brought to light platform concentration as a risk. I’m curious if you hear that kind of idea in conversations from Canadian customers in terms of wanting to stay away from that kind of platform concentration. Adam Ostopowich: Yeah. So we’re actually seeing a trend more towards platform at the moment. And I think it depends on how the platform is defined. For Tanium, the important thing is we’re often connecting into existing data sources. We’re not like a large store of data, for example. So we’re tapping into existing data that’s already there, and we’re able to grab it in real time and deliver it to where it needs to be. And so with that, there’s already backups in place, so to speak, where the platform itself isn’t like a one-stop shop, if that makes sense. So with that, we’re actually seeing a lot of customers wanting to consolidate a lot of their tooling and leverage a platform to help rationalize IT spend, increase efficiency, be able to increase automation and leverage multiple data sources to feed AI. Robert Dutt: You’re currently hiring a director of strategic accounts in Calgary. What’s the western Canada play for you right now? What does that look like today and where do you see that going? Adam Ostopowich: So yeah, we’re actively hiring somebody in Calgary, and it’s really to focus on new customer acquisition. And I’ve been interviewing constantly for that role, as you can imagine. So the biggest topic actually that will be interesting for here is we’re always assessing, how are they plugged into the channel? How are they working with the ecosystem today? Because ultimately, that’s what’s going to drive our success in western Canada. We’ve already got a number of directors of strategic accounts, or DSAs as we call them, in the western Canada market. This is really a new business development role to continue to grow in the region. Robert Dutt: You mentioned earlier you’re working with the big SIs, you’re also working with VARs and MSPs. Particularly in that mid-size solution provider space, the VAR and the MSP, what’s the profile there that works? What are some common threads that make for a good Tanium partner? Adam Ostopowich: I think it spans a couple of different layers, depending on what the partner really specializes in. Like, for example, if the partner specializes in Microsoft, then we absolutely go in hand in hand with that whole story and how we integrate the whole stack together. There’s other situations where a partner might be focused more on a dedicated area, like patching, for example. Ultimately, the profile of the partner itself can definitely vary, but it really comes down to ensuring that they’re aligned with what autonomous IT is capable of, whether it’s use cases around patching, real-time asset visibility, or it could also be about vulnerability management and things like that. Robert Dutt: What’s your biggest untapped or under-realized opportunity in the Canadian market right now, and what can partners do to get access to that, to get into it? Adam Ostopowich: That’s a great question, and it’s absolutely mid-market. That’s an area where we’re really leaning in with partners to have them obtain the sales certifications, obtain the ability to do demos, obtain the ability to do proof of concepts or proof of values, because we really see that as an untapped opportunity where a lot of partners are already deeply embedded into these customers. And ultimately, mid-market organizations are really looking to get to that next level of autonomous IT. Robert Dutt: What’s the philosophy for building the channel for that mid-market space? On a continuum between sign up a bunch of new partners and get the folks that you’re already working with more active in that space, where between those two extremes do you fall right now? Adam Ostopowich: Right now we’re doubling down on the partners that we already have. That’s absolutely critical. We’re already starting to see a lot of traction, and it’s growing there. Also, with our partner manager that’s dedicated now for Canada, he’s really building out that strategy as to who are the right people, how do we ensure that we’re going to market together in an effective way, ensuring that we’re not spreading ourselves too thin, and that we’re really building out that ecosystem that can help to marry together what we’re both trying to accomplish for our organizations. Robert Dutt: A couple of quick lightning round type questions to wrap up here. First of all, what’s one misconception or misunderstanding you think partners may have about Tanium today? Adam Ostopowich: I think overall the misconception is where we play best. Ultimately, Tanium has for whatever reason been known in some cases as being like an EDR solution, for example. I hear that occasionally, and I’m like, interesting. So Tanium is not an EDR. That’s not an area that we’re trying to play in at all. We’re actually trying to augment EDR solutions and even help to deploy them and make sure that they’re governed in a proper way. So overall, for channel, it’s really about understanding what the platform is fundamentally. It’s really about being able to provide visibility across an enterprise. So whether that’s finding servers that maybe an enterprise didn’t know about or end user workstations that were unknown, it’s very common for us to do proof of concepts and find anywhere from 10% to 25% more endpoints than a company even knew they had. And so they might think that they’re fully protected, but then they realize very quickly that they were, but they didn’t know about all the other devices. Like maybe a server got spun up because it was there for a proof of concept or a point of view, and then it never got updates and patches and things like that. All it takes is for that to get plugged in and you become vulnerable. So Tanium really helps to provide that widespread visibility. And it’s also about being able to manage the endpoints, so seeing but also acting on them. And then being able to handle things like zero-day events, for example, things that get missed by an EDR. A major issue just got released that nobody knew about. Well, now Tanium can be used as that last line of defense to really go in and contain it, remediate it, find the blast radius, what the impact was of it. Robert Dutt: And finally, fill in the blank for me. Two years from now, Tanium in Canada will be… Adam Ostopowich: Yeah, so two years from now, Tanium in Canada absolutely will double in size. We’re extremely focused on the market right now. We’ve got a very clear plan on how we’re going to grow and it’s 100% partner-driven. That’s absolutely an area that we’re going to focus on. And so we really invite conversations with partners. We really want to have those conversations to help deepen the relationships we have, but also expand into other areas that potentially we haven’t thought of yet. Robert Dutt: That’s a great place to leave it at, I think. That’s an admirable goal and good luck in reaching that, both in the customer base and in the channel. Adam, thanks so much for taking the time. Adam Ostopowich: Thanks a lot, Robert. Robert Dutt: There you have it, Adam Ostopowich from Tanium Canada. I’d like to thank Adam for his time, especially as someone stepping into a new leadership role. First podcast, as he mentioned, and he handled it well. A couple of things that stood out for me in the conversation. First, the mid-market piece. When a vendor that’s been known for managing millions of endpoints says the mid-market is their biggest untapped opportunity in Canada and that they want to get there through partners, that’s worth hearing. Whether you’re a VAR already embedded with mid-sized customers or an MSP looking at where the next practice area comes from, that’s worth the conversation. Second, the data sovereignty angle. Adam described it as a core requirement rather than an optional one, and the fact that Tanium’s entire architecture, including their AI modeling, runs regionally in Canada is relevant context in the current environment. And third, I appreciate the honest correction on the EDR misconception. Tanium doesn’t compete with your EDR, they augment it. That changes the math on how a partner might position this in their stack. The goal of doubling the Canadian footprint in two years, 100% partner-driven, is ambitious. We’ll see how it plays out. Please be sure to follow or subscribe in the podcast app of your choice. We’re on Apple Podcasts, Spotify, YouTube, and most other major directories. And if you have a moment to leave a rating or review, it helps more than you’d think. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
The Huntress 2026 Cyber Threat Report found a 277% year-over-year surge in the abuse of RMM tools, which now account for roughly a quarter of all observed incidents. The ConnectWise 2026 MSP Threat Report frames 2025 as the year of “the abuse of trust,” with attackers increasingly exploiting valid credentials, misconfigured remote access, and trusted software updates rather than relying on novel exploits. For MSPs, the implication is uncomfortable: the tools you use to manage and protect your clients are increasingly being turned against you and them. Tony Anscombe, Chief Security Evangelist at ESET, returns to the podcast to dig into how these attacks actually work – from daisy-chaining multiple CVEs for entry, escalation, and persistence, to ClickFix-style social engineering where users are tricked into pasting malicious PowerShell commands through fake browser prompts. The conversation also gets into why attackers are going after MSP toolchains specifically, the patching dilemma MSPs face when every hour of delay is an hour of exposure, and why groups like Akira are now targeting backup infrastructure first to neutralize the recovery path before encrypting. On the business side, Tony is candid about what a breach through your own tools means for trust, reputation, and survival – and offers practical starting points: audit your environment, clean up stale credentials, patch on cadence, and run tabletop exercises with your customers, not just internally. He also introduces the concept of cyber warranties as a potential competitive differentiator for MSPs looking to stand out on RFPs. This is the second in an ongoing series of conversations with Tony. The first, covering the cybersecurity trends MSPs can’t ignore in 2026, is also available. Read Full Transcript TRANSCRIPT TO COME
Gareth Pettigrew, founder of Pettigrew Communications I’ve thought about doing an episode like this for a while, but I kept bumping into the same problem: the “so what” question. Why should a 15-person MSP owner, already wearing six hats, care about communications? Gareth Pettigrew cracked that code in about 30 seconds. As the industry moves from search to chat, non-paid citations and earned media are proving to be critical to how large language models answer queries and surface companies. If you’re not showing up in that landscape, you’re increasingly invisible in ways that didn’t exist two years ago. Gartner is projecting PR budgets to double over the next year. The ground has shifted. Gareth spent years leading partner communications for Cisco and Okta, and what always stood out to me is that he genuinely understands the partner business – not just the vendor talking points. He’s now launched his own consultancy, Pettigrew Communications, offering fractional senior comms leadership and project-based consulting for companies across the channel. In this conversation, we dig into why PR isn’t what most partners think it is anymore – it’s not press releases and pitching journalists. The media landscape has changed dramatically with AI, and the real opportunity for small partners is in thought leadership, LinkedIn engagement, and building an externally wired narrative that positions you as a trusted voice in your niche. Gareth offers a three-week roadmap: week one, listen to the industry conversations and identify one or two niches you can credibly insert yourself into. Week two, build your story – one page, three to five core messages. Week three, identify ten influencers to follow. Then activate on LinkedIn by commenting meaningfully for a month before posting your own perspectives. We also talk about common mistakes – like treating PR as a marketing tactic or relying on internally oriented messaging – and what success actually looks like when you’re starting from zero. This is the first in a planned series. Future episodes will go deeper into messaging, LinkedIn best practices, crisis communications, and more. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last sixteen years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. My guest today is Gareth Pettigrew. Gareth spent years leading partner communications at Cisco and most recently at Okta, and he’s now launched his own consultancy, Pettigrew Communications, offering fractional comms leadership to companies across the channel. I’ve known Gareth for a long time, and what’s always stood out to me is that he genuinely understands the partner business – not just the vendor talking points, but how partners actually operate and communicate day to day. I’ve wanted to do an episode on communications and PR for partners for a while now, but I kept bumping into the same problem: I couldn’t crack the “why should a 15-person MSP care about this” question in a way I thought would actually land. And then I talked to Gareth, and he cracked it in about 30 seconds. We’re going to get into why communications matters more right now than it ever has, why it doesn’t have to be the heavy lift you think it is, and Gareth’s going to give you a practical, week-by-week roadmap for getting started – even if you have zero budget and zero comms experience. This is also the first in what we’re planning as a series. Gareth and I are going to go deeper on specific threads in future episodes – things like crisis communications, LinkedIn thought leadership, working with your vendor’s PR team – so think of this one as the foundation. Let’s get right into it, my chat with Gareth Pettigrew. Robert Dutt: Gareth, thanks for taking the time. I appreciate you joining us. Gareth Pettigrew: Glad to be here, Rob. Robert Dutt: I thought of you to have this conversation because we’ve sat down at many conferences and with many vendor execs when you were running comms around the world, one might say. You know, channel leaders from Cisco and even after you’d moved off the partner beat specifically, I think you always did a really good job of, when talking to us on the channel side, framing up the partner side of the conversation in a way that leads me to believe that you’ve got a pretty good grip on what a lot of these guys are doing, which I think is really important for this conversation. This is something that I’ve thought about doing for a while, doing an episode like this, but I kept bumping into the same problem. Basically the “so what” problem. Why should I care about communications as a 15-person MSP owner? Then when we did our pre-call to discuss the possibility of doing this and where it could go, you kind of cracked that code in about 30 seconds. So let me put it right to you. For that 15-person MSP kind of partner who’s listening to this, they’re busy, they’re wearing six hats. They own marketing. They oversee sales. They probably do HR. They have a business to run. Why should communications be on their radar right now, and what’s changed that makes that even more urgent than you would have said a few years ago? Gareth Pettigrew: Fundamentally, in a word, like almost everything right now, it’s around AI. And perhaps not intuitively, it appears that PR is emerging as one of the big winners of AI. Maybe not for the reasons you think, though. Number one is that non-paid citations, and specifically earned media, are proving to be incredibly important in terms of the LLMs answering their questions. So as the industry shifts from search to chat, we’re seeing PR be much more important in terms of that overall mix. The second thing, and this will resonate with a lot of people, is the amount of AI slop that’s out there. And Rob, as a journalist, I see you laughing. What we see is a lot of content being created, but it’s all generic crap. It’s all the same. What happens is that damages trust, damages customers’ belief in executives, in companies. So increasingly we’re seeing companies, and especially it’s happening a lot at the higher end of the market, executives are really investing in human communicators to help them break through the slop and stand out. So that’s the real reason for why now. I will say though, Rob, I think at the end of the day for PR, you need two ingredients. You need a story and you need a storyteller. And one of the things, why I’ve always been partner-focused, it wasn’t just because I liked the channel. It was self-interested as well, in that I found some of the best storytellers in the industry weren’t the vendor executives, they were the partner executives. So I’ve always been stunned that more partners don’t lean quite heavily into comms as a real big part of their new biz and their marketing mix. A lot of them are really well positioned to raise their awareness through communications. Robert Dutt: So tell me a bit about that. I’m curious what you’ve seen. What sets apart those partners who you’ve sat there and thought, “You know what, you could be doing my exact role here and telling this story.” What is it, and particularly what separates those who do it really well and those who just kind of either go through the motions or leave it on the table, as it were? Gareth Pettigrew: And let’s be clear, everyone isn’t a great storyteller. But what I’ve seen is that in the partner communities, we’re rife with the type of personalities that make for great storytellers. A lot of those people with entrepreneurial spirit who are very proactive sellers, they spend their day not talking to engineers and vendors and all of that stuff, but they spend their day talking to customers. So they know what’s top of mind for their customer. Often with vendor executives, that’s one of the biggest challenges. It’s pivoting from that internal orientation to an external orientation. And a lot of partners are already there. So I’ve really seen some come across consistently. I’ve seen partner executives be on the level with my top executives at the vendor, or even better. So they’re in a great place. Robert Dutt: So for the partner who’s hearing this and thinking, “Okay, I get it. That’s cool. I can tell my story and I understand the customer’s viewpoint, so I should be able to put it in their words and their thoughts. But I don’t have the budget and I definitely don’t have a comms person, nor is that on my roadmap of my next few hires.” I think a lot of people still picture PR as press releases and pitching journalists, and that feels like a lot of work. How would you position what communications actually looks like today for a company at that kind of 15-person size? Gareth Pettigrew: I think the biggest blocker to companies getting involved in PR is they’ve got a legacy idea of what PR is. PR equals press release. That’s 15, 20 years ago. The reality is, especially over the past year and now with AI, we’ve seen the media landscape change absolutely dramatically. The media business model has been disaggregated with Google and others blowing up the advertising business model. And we’ve seen a decrease in some ways in terms of the number of journalists that we have out there. But an increase in some other mediums – things such as podcasts, things such as Substack. We see much more new media, much more niche media. And that’s in the traditional, what we call the earned space. We’ve also seen the social media rise. We’ve seen the advent of owned media, be that executives taking a thought leadership stance on LinkedIn or X as it may be, or in terms of their newsrooms. A lot of vendors do this. They turn their newsrooms into actual content destinations to get their story out there. And finally, there’s a lot of paid options, right? Whether that’s traditional publications offering paid events, paid content, or paid influencers. If we think about political conventions or Apple events, it used to be media dominating the front row. Those are all influencers now. So with that in mind, with the landscape changing, that means there’s a flywheel of options to get your message out there. But that also changes your tactics. And I’d strongly recommend for any partner getting involved, don’t try to boil the ocean. Let’s really make sure you pick one thing, pick two things. Let’s do it well. And if it works for you, then you start to lean in and invest more. Then maybe you bring in the consultant. Maybe you think about hiring a multimedia kid right out of PR or journalism school. Maybe you look to get a freelance journalist to help you write some articles for your website. So there’s definitely a strategy you can follow as a big partner organization. We see Worldwide Technologies and others really investing aggressively in some of these things. But for smaller organizations as well, especially if you’re a strong storyteller. Start small, pick your battles. Robert Dutt: What do you find are some of the common, especially for that smaller partner, some of the common places to start? If you were sitting down with that 15-person MSP, no budget, no comms person, just saying, “All right, I want to give this a shot.” What are the first and second things to think about? Gareth Pettigrew: Let me give you a bit of a roadmap in terms of how I do it. The first thing I’d recommend is let’s think about your story. The single biggest mistake that most technology companies make is that they’re internally wired. “What do we want to talk about?” You’ve got to flip that orientation. So it’s, what are the industry conversations – maximum two conversations – that you can insert yourself into? I would spend your first week listening to the conversations out there. Be honest with yourself. How can we insert ourselves into this conversation? Be very specific in terms of what that conversation is that you want to insert yourself into. Are you a security partner? Is it about securing AI agents? It could be whatever niche you’re in. Be very prescriptive with what that conversation you’re going to insert yourself into. Second week, build out your story. Most companies don’t spend enough time on their story. One page, three to five messages. Build out your messages, build out your bullet points, your sound bites. That’s going to be your foundation. You don’t have to say the exact same thing every time, but you have to know what your general storyline is. It doesn’t mean you’re repetitive, but you do know where you’re going to play and what you’re going to say in general. The final part of that, week three, think about the influencers that you’re going to follow. Pick 10 influencers for that conversation. Who are the journalists? Who are the industry analysts? Who are the vendors in the industry that you admire the most, that have the best perspective? And then finally, let’s activate. We’re going to start on LinkedIn. The first thing you’re going to do is comment. Spend maybe a month not even posting, just commenting. Block 15 minutes, twice a week. Comment on others in a meaningful way. Think about your narrative, focus on your conversation, and then start getting out there with some of your own perspectives, your own posts. You’ll be able to find your niche. Just get started on LinkedIn. That’s the path I would take if I’m a partner and I just want to get my toe in and see how it’s going. Robert Dutt: That makes sense. And by meaningful, I presume you mean something that is not directly self-promotional when you’re commenting, but adding value into the conversation in a way that maps to those messages that you’ve laid out. Gareth Pettigrew: It’s externally wired. Don’t talk about your products. Don’t talk about any of those things. Talk about you as an industry expert. What’s your perspective on this protocol? What’s your perspective on a new product that one of your vendors is putting out there? What’s your perspective on a controversial topic that’s come up? Get your perspective in there. You are not selling. You’re thinking of yourself more as a consultant, not a salesperson. That’s an important flip that needs to take place. The difference between PR and marketing – PR is that thought leadership. It’s very much that top of funnel. You’re about raising awareness. You’re about getting yourself in the door. It’s not the middle or lower part of the funnel in which you’re actually actively selling to that prospect. It’s about raising awareness. Robert Dutt: On the marketing side, I think a lot of partners are used to the idea of leaning on, borrowing from, adopting from vendor resources, MDF-type stuff. Is there a similar motion that can be applied on the communication side, wherein I can take some stuff that my vendors are producing anyway and repurpose or reuse? Gareth Pettigrew: Absolutely. That’s where a lot of the partners may also find where those narratives are that may well fit. Some vendors do it better than others, let’s be honest. Some are very self-promotional. I think you want to stay away from those. But yes, follow those executives. Follow the social handles of your vendors. When you’re at the events, introduce yourself to the PR people. I’ve got to tell you, when I was at Cisco, when I was at Okta, I always had my handful of partners who I knew I could always go to if I needed them to talk to a journalist. One of them, and we’re talking Canadian here, Kent McDonald over at Longview Systems was always one of my go-tos. When I was at Cisco, I knew I could send Kent a text and Kent would always give a great quote. He’d always be responsive. He’d always be friendly. He’d always be positive. That’s one of the other things. Once you build up that thought leadership muscle, don’t be shy about introducing yourself to the PR person. Give them your card. When they call, just be responsive. Robert Dutt: And similarly, I guess there’s an opportunity to not necessarily cold-call a tech journalist such as myself, but think about the niches that your customers are in and reaching out to the journalists who are covering that, establishing yourself as someone that they can go to. Let me tell you, I’m always looking for that Kent McDonald or those other partners who are available, have a take, and can riff with you. It’s something that my peers are certainly looking for. Gareth Pettigrew: I completely agree. But the way to make sure that you’re not cold-calling that journalist is you’re very targeted. Remember when we said identify your conversation and then identify who’s really influential in that conversation? Figure out who those journalists are and comment regularly. And then once they start responding to you a little bit, after a while, maybe you DM them and say, “Hey, by the way, if you’re ever writing a story, I’m happy to chat with you.” I think that’s, as a DIY PR practitioner, how I would approach that. Robert Dutt: So as you start doing this, how do you know it’s working? What does success look like when you’re starting from zero and you don’t have the luxury of an agency sending you a monthly report on what you did, how it hit, where it appeared, those kinds of things? How do I measure what I’m doing? Because obviously that’s something that’s important to partners on anything they’re doing. Gareth Pettigrew: Well, Rob, let’s assume if we’re talking to that 15-person MSP who’s just getting started, primarily your impact is going to be on LinkedIn. And really, LinkedIn is an engagement platform. You want to go in and measure your engagement and see how that’s increasing on a monthly or quarterly basis. The one thing I will say, and I’ll pass on this fabulous little piece of advice – or this story – it starts to become self-evident as well, in that you can have those quantitative measures, but also qualitative. When I started working with Okta, the country manager was a guy who became a good friend of mine, Dan Kagan. I remember our first meeting, we sat down and said, “Okay Dan, one of the things we regularly need you to do is we need you to be engaged on LinkedIn. We’re going to need you to post once a week or once every couple of weeks, and we’re going to have to have you go in and comment.” He said, “Guys, listen, I love this idea, but I’m not going to have time to do it. I’m working 50 hours a week. I’ve got a young family. I can’t make this happen.” After two months, he’s pinging us once a week if we haven’t got anything out. And the reason for that is he’s getting inbound recognition. He’s getting people pinging him saying, “Hey, could you speak at this conference?” “Hey, I saw what you said.” When you talk to CTV News, when you post it on LinkedIn, it becomes somewhat self-fulfilling in that it really is a strong funnel to help build your awareness. So that’s one of the things I’ve seen. There’s the quantitative and the qualitative, but it is important to measure your rhythm. Robert Dutt: We’ve talked about what to do as easy first steps. I’m curious, as you’ve been through this exercise or seen others go through this exercise, what’s a common mistake that organizations, particularly smaller organizations, make when they start to pay attention to comms? Maybe a well-intentioned first step that backfires or ends up being a waste of time? Gareth Pettigrew: Rob, I think the couple of mistakes that I see companies make in this – and by the way, this isn’t just on the partner side, this is all across. Number one is they view PR as a marketing tactic. And ultimately, PR and marketing – there’s a big gray area in between, increasingly right now – but they do have different centers of gravity. Marketing, for the most part, is about demand generation. And PR, its center of gravity is about awareness, building awareness and managing reputation. So while there is an overlap, they’re not the same things. And when you look to apply a marketing lens to a PR strategy, that results in you being typically very internally oriented. “We have a new product, we’ve got to launch a product.” Well, the media landscape has changed. There aren’t many, if any, journalists, certainly not in Canada, that really write on product anymore. So that’s part of the challenge, when you view through a marketing lens. The second one that’s related is executive skin in the game. If you’re going to do this, the executives need to get involved. It’s not something you punt over to your marketing team. Marketing should be an incredibly close partner of comms, but the executives need to have skin in the game as well. Executives are going to be the ones that are out there, the thought leaders. If you get to the point of having spokespeople, they’re going to be the spokespeople. So marketing is a partner, but they can’t be the single driver. And we talked about internal versus external orientation. Being externally wired is absolutely essential, both in terms of your story but also your strategy. Those, Rob, would be the biggest hurdles that I see. Robert Dutt: This is a topic that we could probably go off in many different directions for hours, but I’m respectful of people’s time who listen to this podcast. So let me end it with this. We’ve covered the basics of it, the “what to do” as those first steps, and given some good actionable advice, I think. If we were to keep going and do this on a regular drumbeat and discuss aspects of communications, what are the threads that you think matter most for this audience? Where would you go next in terms of topics? There are so many different things I think we could pull on, but I’m curious what you see as the next steps, or maybe step two for a partner organization. Gareth Pettigrew: In all honesty, if we were to think about future podcasts here, Rob, I think about, let’s dig a little deeper in terms of how you actually architect that externally wired narrative. How do you identify that conversation? Be a little bit more prescriptive. What does a messaging house look like from a PR standpoint? How do media messages differ from marketing messages? That would certainly be one. For me, I’m a storyteller at heart. It should start with the story. But then I think digging a little bit deeper into, “What are some best practices in terms of building up your thought leadership on LinkedIn? How can you, as an executive, up your game? What are the pragmatic steps? What are five things you can do to become a better LinkedIn thought leader?” I think, Rob, those are a couple that I’d start with, but then I’d love to hear from the audience, from some partners out there. What are those challenges that they would love some help solving? Robert Dutt: Brilliant. And that’s not even getting into potentially crisis communications, internal communications, any number of different aspects of this dialogue. I think we’ve set the stage nicely and I thank you very much for taking the time, Gareth. I know you’re setting up your own shop and just getting started with Pettigrew Communications. Do you want to share a little bit about what you’re doing and what the goal is there? Gareth Pettigrew: Absolutely. So Rob, I’m a Canadian boy. Raised in Toronto and I live on Vancouver Island. I’ve spent the last 20 years inside big tech, working with Cisco, working with Okta, and really I’m looking to bring some of that expertise to smaller companies or to tech communications firms. So it’s time for a new chapter, Rob. I’m very lucky. I found a profession I absolutely love, but I needed a little bit of a different rhythm. We’ve heard from Gartner that with the focus on AI putting a bit of a tailwind towards PR, the anticipation is that over the next year, PR budgets are going to double. So hopefully it’s a good time to get into this. And I’m really excited to work with a lot of different companies and help them fix some of the things that we talked about here. I’m very passionate about it, excited to get started, and it should be fun. Robert Dutt: Brilliant. And anytime you’re entering into a market that’s doubling in the course of a year, that’s probably a good sign. Gareth, I appreciate you taking the time. Let’s chat again soon. Gareth Pettigrew: Thanks, Rob. Take care. Robert Dutt: There you have it, Gareth Pettigrew from Pettigrew Communications. I’d like to thank Gareth for his time, and honestly, for making the case I’ve been trying to make to this audience for years, better than I ever could. The idea that earned media is now one of the primary ways that AI and large language models surface information about your company – and that if you’re not showing up in that landscape, you’re increasingly invisible – I think that reframes this whole topic from “nice to have” to “you’re leaving real business on the table.” And Gareth’s three-week roadmap for getting started – listen, build your story, find your influencers, then show up on LinkedIn – is about as actionable as it gets. No budget required, no agency required, just intentionality. We’re going to keep going with this. Gareth and I are planning deeper dives on specific topics – messaging, LinkedIn best practices, crisis comms, and more – and we’d love to hear from you on what communications challenges you’re facing in your business. Drop me a line, I’m easy to find. Thanks as always for listening. If you’re enjoying In The Channel, you can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. A rating or a review goes a long way if you have a minute. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Ryan Sydor, head of Okta Canada When a global SaaS vendor says it’s investing in a national market, what does that actually look like? In this episode, we put that question to Ryan Sydor, Okta’s Area Vice President and Country Manager for Canada. Okta has been making some significant moves north of the border. The company now has over 600 employees in Canada, including an engineering hub in Toronto – not just a sales branch. It recently launched a Canadian data cell based in Montreal with a Calgary failsafe, designed to keep customer identity data in-country and open the door to regulated sectors like government, financial services, and healthcare that previously couldn’t deploy Okta due to data residency requirements. French language support is also part of the rollout, with an eye on Quebec’s public sector. On the channel side, Sydor says Okta is now running over 80 percent of its Canadian revenue through partners, up from roughly 70 percent a few years ago. The company has been bringing select Canadian partners to its internal sales kickoff to train alongside Okta’s own sellers – a tangible sign of how central partners are to the go-to-market here. Sydor’s stated ambition is to triple Okta’s Canadian business within two years, backed by the infrastructure and headcount to support it. This conversation pairs well with our recent interview with Okta VP of Product Jack Hirsch on shadow AI and non-human identity – the global product story alongside the Canadian market story. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. Here’s a question I think about a lot. What does it actually mean when a global tech vendor says they’re investing in Canada? Because there’s a spectrum, right? On one end, you’ve got a vendor that sells into Canada from a US office, maybe sends someone up to a conference once a year. On the other end, you’ve got real infrastructure, real headcount, real commitment to treating Canada as a market with its own needs and its own opportunities. Somewhere in the middle is where most vendors actually land. Today I’m talking to Ryan Sydor, the head of Okta Canada. Okta’s been making some pretty significant moves here over the past year or so. They launched a Canadian data cell, they’ve redesigned their Toronto office, and they’ve now got over 600 employees in the country. If you caught our recent conversation with Okta’s Jack Hirsch about shadow AI and non-human identity, think of this as the companion piece. That was the global product story. This is the Canadian market story – what Okta’s building here and what it means for partners. Let’s get into it. My chat with Ryan Sydor. Robert Dutt: Ryan, thanks for taking the time. Ryan Sydor: Good to see you again, Robert. Robert Dutt: You’re in this role heading Canada at a pivotal moment. New office, new data cell in Canada, new channel chief on the global level. When you look at the Canadian market for identity, what’s the picture that you walked into and what’s the mandate that you’ve been given for the Canadian organization? Ryan Sydor: Well, the market obviously has changed, and there’s been a focus in the last six months that has been dominating every conversation. It’s AI. Every conversation we have with a customer or prospect is around AI. There’s a curiosity around it, there’s an urgency, there is uncertainty. Everyone’s trying to figure out how do we use AI to improve our business and at the same time, protect our business and ensure that we’re safe. It’s this balance of the need for cybersecurity, the need to protect your organization. Cybersecurity attacks have increased 200 percent year over year, and it was on a high baseline as it was. Customers are really focused on how do we stay safe and keep our company and our brand safe. At the same time, AI has changed the way we think about running a business in ways I’m not sure companies fully understand yet. How do we leverage innovation to stay ahead of our competition? The opportunity where you can vault ahead, you can really differentiate, create new business streams, create new efficiencies, and do it at the same time that you’re secure. The mandate that we have is not just a Canadian mandate. The mandate is how do we help our customers along that journey, and how do we do it quickly? Because this is all happening fast. It’s an unpaved road in some respects. No one really knows exactly how it’s going to play out, but we understand the value and the benefit and the risks that come with it. We feel at Okta that we’re really well positioned to help our customers, partner with them, and help keep them safe while still allowing them to be innovative. From a Canadian perspective, our goal is how do we partner with our customers and with Canadian businesses, help paint that picture, sit with them on the same side of the table, and put together our plans so that they can innovate and be safe. And from a channel partner perspective, one of the major pillars that we have as an organization this year is to partner. We’re focused on AI, we’re focused on a better methodology of how we approach our customers, and then it’s about being a partner-first organization. What I’ve seen with our new SVP is a stronger alignment with our partners, making sure that these conversations that we’re having, we’re having together. A lot of this is about relationships, it’s about comfort, it’s about trust, and who better to work with than our partner network. Robert Dutt: Sticking with the theme of the Canadian investment, when Okta looks at Canada as a market, are we at the “we need a flag planted here” level, or is there something structurally different about the Canadian opportunity that’s driving the investment at this point? Ryan Sydor: I think it is AI, and it’s our need to partner with organizations. I think it’s also the opportunity that Okta sees. When we invest in the data cell, it opens up the market to companies that we haven’t been able to sell to in the past. The regulated industries, local governments, provincial governments, federal governments. That presents a great opportunity for us as an organization, and it’s a need for these different levels of government. There are regulations that have come out, C-8 and the need to be more focused on cybersecurity. We as the trusted identity company are a good fit at this time with those organizations. Robert Dutt: You touched on the data cell that went live this quarter. For partners and customers who aren’t themselves deep in the identity space, can you explain what that actually is and what it means in practice? What changes for a customer on day one of being on the Canadian cell versus where they were before? Ryan Sydor: It means the data is hosted in Canada. The data cell is in Montreal. We have a failsafe in Calgary. So it means that those companies that need to have their data in Canada, managed by Canadians, now have the opportunity to do so. Robert Dutt: You touched on how that unlocks government and other areas. Can you explain what are the verticals and what types of deals weren’t on the table before but are now? Ryan Sydor: There’s two kinds. First of all, there’s the federal government. There were RFPs that came through that we couldn’t even bid on, because without data residency, you’re not eligible to bid. So it does open up that opportunity. Then there are companies who are making decisions on where they want their data. It’s a decision around regulation, but also it’s a costing question. It’s about what their customers are comfortable with. There have been customers in the past who have asked to be on the EU cell or have chosen to go with other options. Now they have the opportunity to work with Okta with our workforce product and have their data hosted in Canada. Robert Dutt: A few years ago, you were running about 70% of Canadian revenue through partners with a pretty small direct team. Is that still the ratio today, or how has that shifted? Ryan Sydor: The number has increased. I think that number is over 80% from last year. Our direct team has grown a little bit, but the partnership is meant to help really scale the business. I’ll give you an example of how we’ve prioritized partners to help us grow. We actually invested to have partners join us at our sales kickoff this year, where we went through a new sales methodology, and we wanted our partners to be with us so that we could sell together. It wasn’t all our partners, it was a select group of partners. But it was the company demonstrating that as a partner-first organization, we’re now eliminating the silos. We understand the same language, we think about the business the same way, and we think that’s going to be beneficial to our partners, to our customers, and obviously to Okta as well. Robert Dutt: Expanding on that, with Laura Padilla coming in as channel chief globally, she’s talked about doubling down on partners in every geography and driving more toward partner-led markets. From what you’re saying, it sounds like Canada is firmly in that space. What does that mean practically for an MSP or a VAR who’s working with you or potentially working with you? Ryan Sydor: What I hope it means is, one, as we continue to focus on being partner-first, it means that we should be speaking earlier. That’s the first thing we’re trying to do, make sure we’re aligned earlier. We’re investing in programs and processes to make sure that we’re talking to our VARs, that we understand who the relationships are, and make sure we leverage them. And doing that on a consistent basis where we build trust not only with the customer, but between the partners and Okta. We think this is so important because the customers are talking about AI. As I mentioned, there’s uncertainty, and they’re looking for their trusted partners to help advise them. So the more we’re aligned, the more we have people who are trusted, who have solutions and opinions that can support the customer base, it’s beneficial for all parties. Robert Dutt: Okta’s own data says that something like 93% of Canadian businesses are using AI agents, but a very small percentage, maybe 1%, have a strategy for managing non-human identities. I recently talked to Jack Hirsch, who heads up product for you, about the shadow AI problem from the product side. From where you’re sitting looking at the Canadian business, what are you hearing from customers about this? Is the awareness there, or are people still in the “that’s a tomorrow problem” or “that’s somebody else’s problem” phase? Ryan Sydor: No, I heard the interview with Jack, and I heard your comment about unintended consequences. I think that is the message that we’re hearing from senior-level CISOs and IT leaders at our customers. They understand the need for governance. They understand the need for control. Again, it’s this balance that our customers are facing: how do you go fast, but how do you do it in a safe way? They recognize that it’s an important thing and it’s not something to be overlooked. AI agents become the new attack front, the new point of entry for bad actors. That’s why we’re having as many conversations as we are right now, because everyone is trying to figure it out and trying to figure out what great looks like. Robert Dutt: When you’re having that conversation, where do you see partners fitting in? Is it something partners can lead on, or is it something Okta takes the lead on and partners follow? Ryan Sydor: In most cases, it’s the partner relationship that helps us get to the conversation. And then it is generally an Okta-led conversation. We have a dedicated team that will have those conversations with the customers. What we’re trying to do is figure out what our customers are doing, what is the plan, what’s in place, what initiatives are coming up, how do we align, where are the governance controls that we can help with. But it’s a conversation that comes from the Okta side. Robert Dutt: The federal government has been signaling hard on digital sovereignty. There’s talk of a billion-dollar sovereign cloud investment, procurement requirements are tightening. Is that creating tailwind for you, or is it more complicated than that? Ryan Sydor: Having our own data cell has certainly made it very important. The conversation around data in Canada is becoming, especially for government and these regulated industries, really important. But I think possibly in time you may see more companies who are not required to have their data held in Canada choose to do so. Robert Dutt: French language support also came alongside the data cell launch. How important is that in the Quebec market, and can you talk about how that fits into the Canadian strategy and opens up your partner plays in la belle province? Ryan Sydor: I’ll go back to government opportunities in Quebec. If you don’t have French language capabilities, you can’t bid on many of these contracts and RFPs. So what it’s doing is obviously an investment and a commitment in supporting all of Canada, and it opens up a door for us to focus on helping a very big opportunity. In many of those cases, the relationships with partners are how we have those conversations. Partners who are dealing with the government of Quebec now have the opportunity to work with Okta. Robert Dutt: Just a couple of lightning round quick answers before we wrap up. What’s the biggest misconception you hear from Canadian partners about the identity market right now? Ryan Sydor: I’m not sure I’d call it a misconception. I think it’s perhaps understanding where Okta fits with AI, as everything is happening so fast. But we’ve invested a lot of money in training, not only our partners in our sales methodology, but training them in how Okta supports customers with AI. So I wouldn’t say there’s a misconception. I think there’s an alignment to ensure that we’re having the conversations that our customers want to have. Robert Dutt: What’s one thing that you wish every MSP in Canada would start doing tomorrow? Ryan Sydor: I think every MSP in Canada should be having conversations with their customers about AI, trying to understand what the strategy is, understand where the challenges are, and having Okta join them to help with those conversations. Robert Dutt: What’s the most underrated vertical opportunity in Canada for you right now? Ryan Sydor: I think we have opportunity in lots of verticals. Financial services – I’d almost say underrated, but I think where we want to spend a lot of time, we’re seeing a lot of traction. We see a lot of traction in technology. And clearly we talked about government. I think there is a tremendous opportunity in the public sector – underrated in how things have operated up to this point, but creates the greatest opportunity for us moving forward. Robert Dutt: And finally, fill in the blank for me. In two years, Okta Canada will be… Ryan Sydor: Triple in size. Robert Dutt: That’s a good place for you to be, and that’s a great place for partners, I think. Ryan, I appreciate your taking the time. It’s been an interesting conversation, and good luck reaching that triple-the-size number. Ryan Sydor: Thank you. Appreciate it. Robert Dutt: There you have it – Ryan Sydor from Okta Canada. I’d like to thank Ryan for his time, and thank you for listening. So here’s what I’d take away from this one. Okta is running over 80% of Canadian revenue through partners now, up from around 70% a couple of years ago, and they’re backing that up with real investment – 600-plus employees, a Montreal-based data cell with a Calgary failsafe that unlocks regulated verticals like government and healthcare, and they’re bringing partners to their own sales kickoff to learn the same methodology their sellers use. Ryan says he wants to triple the Canadian business in two years. That’s ambitious, but the pieces are being put in place. For partners, the bigger signal here is that identity is becoming a practice area you can’t afford to ignore. Between data sovereignty, AI governance, and the explosion of non-human identities, this is where real services revenue is going to be built. Keep an eye on it. If you’re enjoying the ChannelBuzz.ca podcast, do me a favour and hit follow or subscribe wherever you’re listening. We’re on Apple Podcasts, Spotify, YouTube, and most major directories. And if you’ve got a minute to leave a rating or a review, that goes a long way in helping other people in the community find us. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Four stories shaping the Canadian IT channel heading into the second week of April. SonicWall’s seven deadly sins SonicWall released its 2026 Cyber Protect Report, reframing SMB security around seven predictable failures: ignoring fundamentals, false confidence, overexposed access, reactive posture, cost-driven deferral, legacy access models, and chasing hype over execution. Key data: 88% of SMB breaches involve ransomware — more than double the enterprise rate. Identity, cloud, and credential compromise account for 85% of actionable security alerts. The average breach goes undetected for 181 days. More on this topic coming in an upcoming In The Channel episode with SonicWall’s Michael Crean. Cisco pulls compute deal registration Cisco eliminated compute deal registration effective immediately, cancelling associated promotional discountsamid rising memory costs. Partners are calling the move out of character, warning of direct margin impact. The latest development in the ongoing hardware cost squeeze affecting vendors across the board. Lenovo 360 bets on services Lenovo updated the Lenovo 360 partner framework with simplified tiers and a new Lenovo 360 for Services pathway launching April 13th, plus a new Tech Connect technical community. ChannelDive frames it plainly: Lenovo is boosting the partner program as a PC sales slowdown looms. The services pivot is the hedge. Canadian cybersecurity data CDW Canada and IDC Canada released the 2026 Canadian Cybersecurity Study based on 700+ Canadian security leaders. Cyberattacks on Canadian enterprises surged nearly 80% year-over-year; enterprise cloud infection rates hit a record 53%. The full study is available at CDW Canada. The report’s “maturity paradox” framing — security investment rising, breach success rising with it — echoes findings from Auvik and OpenText covered in last week’s episode. Read Full Transcript Hello and welcome to In Case You Missed It from ChannelBuzz.ca. I’m Robert Dutt, editor of ChannelBuzz.ca, and this is your weekly look at the stories that matter for the Canadian IT channel community. April 6th, 2026. Four stories this week. SonicWall reframes what security actually means for SMBs. Cisco hits partners in the deal reg. Lenovo bets on services. And some sobering Canadian numbers on the state of cybersecurity. Let’s get into it. SonicWall released its 2026 Cyber Protect Report this week, and the headline is a reframe worth understanding: most SMBs aren’t losing ground to sophisticated attacks. They’re losing ground to seven predictable, preventable failures that SonicWall has named the Seven Deadly Sins of Cybersecurity. Those seven sins: ignoring the fundamentals like authentication and patching; operating with false confidence about your risk level; overexposed access with flat networks and implicit trust; a reactive security posture rather than proactive monitoring; cost-driven security decisions that defer investment until after a breach arrives; reliance on legacy access models like VPNs that authenticate once and trust everything thereafter; and chasing hype over execution — buying tools without actually deploying them properly. The supporting data is striking. SMBs see ransomware involvement in 88% of their breaches, more than double the rate at large enterprises. Identity, cloud, and credential compromise account for 85% of actionable security alerts. The average breach goes undetected for 181 days. The stolen password, not the zero-day, is the attacker’s weapon of choice. The quote from Michael Crean, their vice president of Managed Services, captures it best: “The danger isn’t that AI isn’t working; it’s that we’re using it as an excuse not to do the things we already know we should.” We’ll go deeper on this with Crean in an upcoming In The Channel episode. Watch for that in the coming weeks. Now for something that hits closer to home — specifically, closer to the margin line. Cisco has eliminated compute deal registration, effective immediately. No more deal reg on compute products, no more associated promotional discounts. The driver, per Cisco, is rising memory costs — the same hardware squeeze we’ve been tracking for weeks. Channel reaction has been blunt. Partners are calling the move out of character for Cisco and warning of lost margins. CRN’s coverage makes clear this is not a minor adjustment — it’s a structural change to how Cisco compute goes to market through the channel. This is the latest domino in the RAMmageddon effect. Memory prices surge, vendors absorb what they can, and eventually the cost lands on partners and customers. Intel and AMD both raised prices last week. Cisco just removed the cushion that was softening the impact for partners. Lenovo’s answer to the same hardware headwind looks quite different. They’ve announced updates to the Lenovo 360 partner framework, with the headline being a new Lenovo 360 for Services pathway launching April 13th. The pitch is straightforward: structured resources and incentives to move partners from transactional hardware deals toward managed and professional services. Given everything we just said about margin compression, that direction makes sense. New additions include a Lenovo 360 Tech Connect technical community and an upgraded partner portal. Not flashy, but this is exactly the kind of structural investment that matters when hardware economics are working against you. ChannelDive’s framing is the honest one: Lenovo is boosting its partner program as a PC sales slowdown looms. If you can’t win on hardware margin right now, services is where the conversation needs to go. We’ll close with some Canadian numbers worth paying attention to. CDW Canada, working with IDC Canada, surveyed more than 700 Canadian security leaders for the 2026 Canadian Cybersecurity Study released this week. The headline: cyberattacks targeting Canadian enterprises surged nearly 80% year-over-year. Enterprise cloud infection rates hit a record high of 53%, up from 41% the prior year. The report calls this a maturity paradox — organizations are investing in security architecture, but breach success rates are climbing anyway. It’s Canadian-specific data, which makes it more immediately applicable than most global threat reports for conversations with clients here at home. That’s your In Case You Missed It for April 6th, 2026. Links to everything we covered are in the show notes at ChannelBuzz.ca. If you’re finding this useful, subscribe on Apple Podcasts, Spotify, YouTube, or wherever you listen. Ratings and reviews always help. I’m Robert Dutt for ChannelBuzz.ca. Have a great week, and I'll see you in the channel.
Faraz Siraj, vice president of global channels and alliances at Fortra Faraz Siraj, vice president of global channels and alliances at Fortra, joins the podcast to talk about what it looks like to build a channel program around a cybersecurity platform assembled through more than 20 acquisitions – and why MSPs should be paying attention now. Fortra’s portfolio spans offensive security tools like Cobalt Strike and Core Impact, data protection through Digital Guardian, and security awareness training via Terra Nova Security. It’s a wide footprint, and as Faraz acknowledges, many partners still know the acquired brands without realizing they’re all under one roof. The Fortra Protect partner program, launched in 2025 with guaranteed margins and a single FortraOne partner agreement, is the company’s answer to the fragmented discount structures and multiple contracts that came with all that M&A. The conversation also digs into Fortra’s recent decision to sell its Alert Logic managed detection and response services to LevelBlue – a deliberate move to position the company as a software provider, not a services competitor to its own partners. Faraz is candid about where offensive security capabilities realistically fit into an MSP’s stack and where they don’t, and offers a practical on-ramp for Canadian partners through Fortra’s acquisitions of Ottawa-based Titus and Montreal-based Terra Nova. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. If I say the name Fortra, there’s a decent chance you might not immediately place it. But if I say Cobalt Strike, or Digital Guardian, or Alert Logic, or Titus, especially if you’re in Ottawa, those might ring a bell. Fortra is the company that’s been quietly acquiring cybersecurity companies for the better part of a decade. More than 20 acquisitions in all, and now they’re trying to stitch it all together into a unified platform, pointed squarely at MSPs and MSSPs. What makes this story interesting right now is they’ve recently made some moves that signal where they think they fit into the ecosystem. They sold off their Alert Logic managed services business to LevelBlue, which is a pretty clear statement. We make software, we’re not going to compete with you on service delivery. And they’ve rolled out a new partner program called Fortra Protect with guaranteed margins and a single partner agreement that covers the whole portfolio. My guest today is Faraz Siraj, Fortra’s Vice President of Global Channels and Alliances, and I wanted to talk to you about what it looks like to build a channel program around a platform that was assembled through acquisition, how MSPs should think about the balance between offensive and defensive security capabilities, and whether there’s a Canadian go-to-market story here. Let’s get right into it. My chat with Faraz Siraj. Faraz, thanks for taking the time. I appreciate it. Faraz Siraj: Great to be here. Robert Dutt: Fortra has been built through a bunch of acquisitions. 20+, 25+ I think? For MSPs who know Cobalt Strike or Digital Guardian but don’t necessarily know the umbrella brand of Fortra, what’s the pitch for why they should think of you guys as a platform rather than sort of a collection of tools? Faraz Siraj: Great question. Well, all of these products that we acquired over a, I’d say, a five-year period, it was around a little over 20 companies, we are going to platformization, and all of these will be available via the platform. And the platform provides a variety of tools to manage, and so MSPs would probably want to welcome that opportunity to utilize a single platform with multi-tenancy to help manage those solutions for their customers. It’s just a natural fit, and rather than having multi-screens, multiple interfaces to be able to provide those types of managed services, so it’s a very, very powerful way of bringing it all together. Robert Dutt: For that MSP market, you guys sold off Alert Logic’s managed services business to LevelBlue a couple of months ago. What does that signal to MSPs about where you see Fortra sitting in the ecosystem moving forward, in terms of trying to be a technology brand behind the MSP? Faraz Siraj: Well, that’s a perfect fit. I think we realized that the managed service business is not really what our strong suit is. And we aligned our Alert Logic business with a suitor that can take full advantage of that kind of business, and they’re very good at it. We, over time, realized that if you want to do that business, you have to really focus in on it, whereas we had other priorities. And so what that tells the market and other partners out there is that we need our partners to be able to provide those managed solutions. We truly are in the business of making and providing software. We do not want to be in the services game. We want to have our partners provide those services, whether it is managed services or whether it’s installation services, optimization services delivery, we need our partners to do that. And that’s what creates opportunity. And that’s what I’m really excited about with our platform play, as well as where our future direction is as a company around the products that we provide. Robert Dutt: One of the most interesting things I think you guys talk about is the idea of MSPs balancing offense and defense. And I guess I want to dig into what that actually looks like in terms of the service delivery level. Where does offensive insight realistically show up in the day-to-day stack for an MSP? Faraz Siraj: Well, it shows up everywhere, whether you realize or not. It is in whether it is vulnerability management, it’s in offensive security tooling, it is in pen testing, it is in simulations. That takes some knowledge and ability to provide those services around those capabilities. And that’s just from an offensive side. There is a need for support for those particular product sets. On the defensive side, it’s pretty simple. I mean, we have a lot of those defensive protection products, and we need our partners to be able to provide solutions around it. Robert Dutt: Yeah, and MSPs, most I would dare say at this point, are defensive operators by nature. Prevent, detect, respond, deal with the problem. What can MSPs realistically do with offensive capabilities, and where should they not be trying to operationalize offensive capabilities in their stack? Faraz Siraj: Well, the first thing that I would tell them is be comfortable with what you’re providing. Be comfortable with your capabilities that you can go to your market with, with your customers. If you don’t know it, you can certainly learn, but you don’t want to try to pigeonhole yourself into a technology that you’re unfamiliar with. We can help with that. We have a lot of training. We have a lot of classes available through our Fortra Academy that can help them, and we have onboarding that we can help partners with. Again, it would be, I would think about the customer and work backwards. You would want to qualify the customer and qualify their needs. And if offensive security is something that is a pain point for your customer, then investigate it. And sometimes it’s not. And if it’s not needed, why would you want to venture and invest in an area that you’re unfamiliar with? Now I’d love for all of them to do it, but I’m an honest person. Sometimes it doesn’t make the right business sense. Robert Dutt: You guys acquired Red Macros Factory to enhance Outflank Security Tooling. Cobalt Strike is used by red teams worldwide, but it’s also used by threat actors who are probably using cracked copies. That led Fortra and Microsoft to take joint legal action in the past. How do you talk to partners about selling offensive tools when some of those tools have been weaponized against their customers? Faraz Siraj: It’s a discussion point. It’s also sort of a proof of concept in a twisted sort of way. Well, we do not support any illegal use of our products. We do not support using it for the wrong reasons, so to speak. We have strict legal language on it and we have gone to legal with Microsoft about those kinds of things, because we have strict requirements of how you’re going to utilize this tool. If we find out that you’re using it for the wrong reasons, weaponization, we cut it off. And that’s part of the qualification. And that’s also part of the execution and inspection that we look at. These are very powerful tools and they are not for that purpose. And just as another example is when we provide NFR gear, it’s meant for testing purposes and lab gear. You cannot be utilizing it to provide protection from as a customer standpoint, even though it’s not the same completely. It’s similar. And we just, we have to be very transparent and upfront about what these tools are about and how they’re supposed to be used. Robert Dutt: Let’s talk about the program and what you guys are doing there. You’ve introduced guaranteed margins with Fortra Protect and the FortraOne agreement. What problem were you specifically trying to solve with that model and what was sort of the problem with how partners were engaging with Fortra before? Faraz Siraj: Yeah, there’s several problems that we were addressing and yet we came to an innovative way on how to address it. So let’s look at a little history. When you acquire so many companies, your discount structure is all over the place. In Fortra transparency, we had discounts that were in the low 20s and going way north into the higher discounts. And when partners want to work with you, they expect a certain discount table for all products. And when you’re all over the map, you can’t really do that. Additionally, we wanted to encourage our partners to look at the entire portfolio and be encouraged by representing all Fortra. We had different agreements and we had different programs by product lines and we needed to bring it all together. And so as I joined, we did the FortraOne agreement, which brings everything into one unified legal agreement to be able to represent our products. And that’s the easy part. Second, we wanted to provide incentives to our partners to represent not only the products they’re familiar with, but all the other products that we had. And guaranteed margin was the best way to do it. Now there’s no guesswork on partner profitability. You know what you’re going to be making. And when you know that upfront, you can now focus in on the real problem at hand is providing customer solutions. We can work on it jointly. I can tell you I’ve been in the industry long enough where I continuously talk to partners and their pain points are around profitability and the unknown. Working deals and then being squeezed or not knowing what they’re going to make until the very end. And you’ve spent all this time working on these solutions and then you are not going to kind of have that profitability that you want. That’s a big deal. And we took the guesswork out of it. And now let’s focus on the customer, which is quite from what I hear the most important thing. Robert Dutt: I’ve heard the same thing, believe it or not. What do you see as sort of the, as you’re looking at the platform structure and trying to make it easier and more smooth for partners to sell across that, what are kind of the one or two top entry points for partners? And what do you see as sort of the next adjacencies that partners naturally gravitate towards as they get to know what all you guys are doing and get comfortable with the model? Faraz Siraj: Yeah, I think the best entry point would be around data protection. And we offer so many varieties of security solutions, but the best way is around data protection. And let’s face it, data has been exploding and will continue to explode. There is a fun new variable out there called AI that is in the forefront of everybody’s minds. And it’s being utilized for the right reasons and the wrong reasons. And whatever your case is, you need to protect your data with however which way it’s exposed. And so we have data protection solutions that will be enhanced by AI, but also will protect against AI because your data is the most valuable commodity that you have as a company. And so with our data protection, such as our DLP solutions, our data classification solutions, DSPM, that’s a great entry point. And then you can expand from there with the use of the platform. But that’s what I highly recommend for partners that are just getting into this. Robert Dutt: You joined Fortra in late 2024, and this is being described as kind of the company’s first dedicated channel push. For Canadian MSPs who aren’t in the ecosystem currently, what’s the realistic on-ramp for working with you guys? And I’m curious where you’re at in the Canadian market in terms of is there a distribution and go-to-market story here, or is it sort of primarily still being built around the US model? Faraz Siraj: No, it’s a true North American model. By the way, we acquired a few Canadian companies, and we have several Canadian MSPs already that we work with. We are always looking to expand within the Canadian market. Companies that we acquired that are well-known in Canada, such as Terra Nova and Titus. Terra Nova out of Montreal. Titus was out of, I believe, Ottawa. Terra Nova, by the way, human risk management or security awareness training, if you want to call it, is an MSP’s dream. It can be branded by a partner, and it can be run as if it were the partner’s business. And we actually go to market heavily with a lot of Canadian companies for that particular product line. If you ever wanted the easy button to get involved with Fortra, it would really be the Terra Nova product, human risk management, because everybody needs security awareness training. I go through it every six months at Fortra ourselves. I’m a user on product, but you need to have that refresher, because in the simplest forms, we are exposed to crazy stuff that comes to us, and you need to be trained on it. So that’s where I would go from a market perspective, but we love our Canadian companies, and we’ll continue to operate that way. Robert Dutt: It sounds like you’re open to adding additional MSPs, obviously. What do you find are some of the common threads among successful Fortra MSPs? Faraz Siraj: It really is around providing good customer joint solutions. We obviously want to be in the software business, but we also want to be with partners that align to that software as well as providing the customer satisfaction. And so the ones that do it well are the ones that are able to bolt onto their services on top of the solution and do it well. And we’re not hearing about issues. In fact, the successful ones are the ones that are expanding those solutions and going into more and more customers. The other piece of it is being able to be creative with billing for the partner so that it entices them to go out and obviously have partner profitability. Robert Dutt: If an MSP is listening to this and they’re doing the standard defensive stack – EDR, SIEM, firewall – but they’ve never really offered anything on the offensive side, what’s the first conversation they should be having with customers? And how do they avoid turning offense into, you know, the once-a-year pentest PDF and call it a day kind of thing? Faraz Siraj: Yeah, well, it really goes back to understanding the customer. Now, it starts with, yes, pen testing is very important, but it’s not just once a year. Given today’s threat landscape, you need to do that a lot more often. Vulnerability management, those are the two major entry points. We built our vulnerability management tool from a mixture of six different technologies from six different companies, and we fused it together to make our own Fortra vulnerability management tool. Such companies like Tripwire, Digital Defense, Beyond Security, even a little bit of Alert Logic that was in there and there’s a couple others that I’m forgetting, but when you’re able to do that, it makes for a great value product. Robert Dutt: Interesting conversation. I appreciate the colour around the partner program and I appreciate the idea of adding offensive capabilities to the MSP stack. I think that’ll be an interesting space to watch. Faraz, thank you very much for joining us. Faraz Siraj: Oh, you bet. Thank you, Robert. Robert Dutt: There you have it, Faraz Siraj from Fortra. I’d like to thank Faraz for his time. I appreciated his candor, especially on the managed services exit and the reality of what MSPs should and shouldn’t try to take on when it comes to offensive security. Thank you for listening today. A couple things that stuck with me from this conversation. First, the Alert Logic move. When a vendor sells off their managed services business and tells you straight up, we’re in the business of making software and not competing with you on services, that’s worth paying attention to. Doesn’t guarantee anything, but it’s the right signal. And in a market where MSPs are constantly wondering which vendors are going to show up as competitors, it matters. Second, the platform story. 20-plus acquisitions is a lot of integration work. And I think the jury’s still out on how seamless that experience actually is for partners day to day. But the FortraOne agreement and the guaranteed margin model suggest they’re at least thinking about the partner experience at the business level, not just the technology level. And for Canadian MSPs specifically, the Terra Nova and Titus acquisitions mean there’s a local footprint here that a lot of people might not realize. If you’re not subscribed to the ChannelBuzz.ca podcast, now’s a great time. You can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. If you’re finding value in these conversations, a rating or review goes a long way. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Larissa Crandall, 1Password’s global vice president of channel and alliances 1Password is a company many Canadian partners know, but the Toronto-based firm has evolved well beyond the password vault it’s historically been associated with. Now positioning itself as an identity security company, 1Password recently expanded its global partner program, won the 2025 AWS Canada Rising Star Technology Partner of the Year award, and was named to CRN’s 2026 Security 100 list. The company counts more than 180,000 business customers, with over 75 per cent of its revenue now coming from the enterprise side. Larissa Crandall, 1Password’s global vice president of channel and alliances, joins us to talk about what that evolution means for MSPs looking to build identity security practices. Crandall talks openly about the need to “myth bust” how partners think about 1Password, pointing to strategic integrations with CrowdStrike and Zscaler and the company’s growing presence in AI labs and enterprise security stacks as evidence of the shift. The numbers that emerge are striking. Non-human identities – AI agents, service accounts, API keys – now outnumber human identities 82 to 1, according to Crandall, and SMBs remain largely unprepared for the challenge. That’s the gap MSPs can step into. She shares the story of an MSP that made 1Password mandatory across its entire customer base – not as an add-on, but as a baseline requirement – because you can’t credibly sell identity security if you haven’t secured the front door yourself. On building a profitable practice, Crandall identifies three keys: proper discovery, understanding scope and complexity, and having the right skill sets on your own team before delivering it to clients. Partners interested in learning more can visit the 1Password partner program page. Read Full Transcript Robert Dutt: Hello and welcome to In the Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always, your host for the show. If you’ve been following the cybersecurity conversation this year, you’ve probably noticed that identity keeps coming up – not as one item on the security checklist, but increasingly as the item. The attack surface is shifting. SaaS sprawl, shadow AI, and a growing universe of non-human identities – things like AI agents, service accounts, and API keys – are creating access governance challenges that traditional security tools were never designed to handle. And for MSPs, that shift represents both a risk and an opportunity to build a real practice around identity security. 1Password is a company that a lot of us know, but the Toronto-based company has evolved beyond the password vault that many partners may remember. It’s now positioning itself as an Extended Access Management platform, recently expanded its global partner program, and counts more than 180,000 businesses among its customers. Joining me today to talk about what that evolution means for the channel is Larissa Crandall, global vice president of channel and alliances at 1Password. We’re going to dig into why identity has become the front door to the security conversation, what MSPs need to understand about non-human identities before their customers start asking, and what building a profitable identity security practice actually looks like. Larissa, thanks for taking the time. I appreciate it. Larissa Crandall: Thank you so much for having me. Excited for a conversation. Robert Dutt: We keep hearing that identity is the new security perimeter. For a lot of MSPs, the bread and butter is still firewall, endpoint, some MFA. Can you help me with what’s changing in the threat landscape that makes identity security an urgent, a “build a practice around it right now” kind of opportunity? Larissa Crandall: Yeah, absolutely. AI is here to stay. I think the opportunity for MSPs is now. It’s prevalent. We’re seeing a lot of MSPs build practices around identity security, and those are the ones that are getting ahead of it, are leading the charge. I think for us personally, spending a lot of time with MSPs, the attack surface has changed. It’s no longer about human, it’s about non-human identities, and it spans across SaaS applications, endpoints, APIs, service accounts, and AI agents. All of the MSPs that are getting ahead of it are helping our customers and growing. Robert Dutt: You guys have been around for 20 years now or so. I think for a lot of folks, the on-ramp, the familiar place is the personal password vault, of course. Some partners certainly are selling you alongside other tools, are working you into the mix. What would surprise a partner who hasn’t looked closely at 1Password in the last couple of years about where you guys are at right now? Larissa Crandall: Love this question, because I’ve been talking to a lot of partners. As we’ve built out the partner program that we just launched and going to truly partner first, we have to – what I call – myth bust. A lot of how people perceived us is just traditional EPM, the Enterprise Password Manager business, into this true solution that’s attached to everything that they’re already selling. For instance, we have large integrations with CrowdStrike and Zscaler, and that’s getting the attention of some of the partners out there not realizing that we fit into that full conversation and that tech stack as a platform play, versus thinking of us traditionally just on that human-centric credential management play. We’ve definitely flipped the script, I would say, on having sellers think of us different. MSPs – we also have a lot that we’re doing with AWS, and that has changed some of the landscape for us here, is positioning that full technology solution. Robert Dutt: You touch on partner first on the program launch. Can you walk me through what partner first means from a 1Password point of view at this point and the highlights there in terms of what it means to your partner base or your prospective partner base? Larissa Crandall: Sure, absolutely. We built what I call a customer-centric partner strategy. What that means to us internally – and as I’ve shared this with our partner ecosystem – is however a customer wants to transact with us. Via AWS Marketplace, whether they want to work with us with a partner through Marketplace, if they want to work with their traditional reseller and VAR partners out there. We have obviously SMB customers, a lot around working with their MSPs. We have that all taken care of, where we have prescriptive partners across the globe as well as working with our distribution partners. What that means for us internally is we have worked through an entire strategy top-down. It goes from our executives all the way through our sellers that they’re to engage partners. Now it could be an existing account that we have that we’re wanting to bring a partner into. We’re also spending a lot of time with partners, both new and existing, teaching them the 1Password story and teaching them how we fit in what they’re selling today and what the opportunity is. Increased enablement, certifications, all of that. Again, it goes back to what I would say is that myth bust of how you think of us and what we’re doing, versus how we’re getting a lot of attention from partners that have talked with us previous but are seeing us different, talking about putting us in their AI labs and their security practices and a full wrapper into platform. Robert Dutt: That’s two fronts of myth busting, or developing the stories to partners. Where would you say you’re at in getting that out there, broadly disseminated and well understood on both of those fronts? Larissa Crandall: It’s a daily, right? I think it’s a daily spend. I spent this morning talking to two partners and they were both new. They were in a region that we have not spoken to before, and it was newer partners wanting to learn more because they’re hearing the market demand and they’re having customers call about 1Password and identity security. That has flipped as well, where identity security is no longer a “it’s a nice” – it’s needed. Same thing across MSPs. They’re building foundational practices as well around identity security and we’re having them come to us and say, “Teach us more. How do we build this? How do we do the discovery and how do we get in front of it?” Especially around AI. Robert Dutt: You’ve talked about something you call the Access-Trust Gap – the space between what IT can see and control versus what employees are actually using to get their work done. Can you walk us through what that looks like in a real organization and the why as to why traditional IAM tools aren’t closing that gap? Larissa Crandall: I have an example for you that I love to use, and it’s related to an MSP that we have that shared with us how they personally worked with 1Password. It’s a mature MSP that made a deliberate decision as a company to bring in 1Password and make it mandatory for all of their customers. Not an add-on – make it mandatory for all. They did that because they wanted to ensure that security was embedded into everything they did from the start and how they interacted with customers. The reason that they did that is they wanted to make sure – if they weren’t ahead of it and they weren’t giving customers a secure way to manage their credentials, they would find their own way. That’s the problem still. There’s spreadsheets, there’s shared sticky notes. You put it in your phone. That’s never good. This MSP shared that and said, “If we’re going to go preach this and sell 1Password, we’re going to basically do it ourselves.” If you leave it up to your own devices, employees will do it on their own and that’s the big risk. For us, that’s the big opportunity that we’re sharing with our partners to make sure that they know that – that is not the way to go. You need to make sure that you’re protecting it. You can’t begin to address that identity sprawl if you haven’t first secured the front door. When we say that to partners, we let that sink in. If you haven’t done it personally as an organization and you’re working with customers, you have to secure that front door. MSPs that are building the basics and getting ahead of it are going to nail this and be far ahead of their competition. I love that example because it’s a real life, “If I’m going to go sell it, I’m going to make sure that we’re using it ourselves.” Robert Dutt: The new front, I think, that’s maybe catching MSPs a little bit off guard, that’s certainly building awareness, is the non-human identities side of things. You touched on AI agents a little earlier, the service accounts, the API keys – the things that need credentials but aren’t employees. How big of a governance problem is this becoming and what does it mean for an MSP who’s trying to help clients figure this out and navigate this problem? Larissa Crandall: It’s a big problem. Non-human machines are growing every day, and a stat that we’ve been using and explaining this – just on the severity of it – with our partners, is non-human identities now outnumber human 82 to 1. Think about that. If that is the number of how much you would have to protect non-human, you can’t just think about it from that human perspective. “I log in, I do the right thing.” It’s everything that they don’t know. That gap, again, is helping customers get that visibility and control around that across human and non-human, is generally hard to replicate because you have to teach it. That’s where, again, the partners come in and they bring that up and explain that. They’re ahead of it. What I will say, though, is SMBs are not ahead of that just yet. They’re not thinking about non-human every day, and that’s where partners can come in and being their true trusted advisor and explain that and explain the risk to their businesses. Because that’s their job – to keep businesses running – and that’s why customers go to them. Robert Dutt: For an MSP who’s at the point of saying, “OK, I see your point. I see the opportunity around identity security. I need to build around this,” but they aren’t there yet necessarily – what does a profitable identity security practice look like? What are they selling? What services are they wrapping around it? Where do you fit into that stack? Larissa Crandall: MSPs are all different. Obviously, they’re great about doing that first initial assessment and analyzing the infrastructure and set of tools and governance that they have. I think the first piece that we’re explaining, and we’re talking to MSPs, is just how to get started and how to build a practice around this. You first have to do that discovery. Most customers are not getting an accurate inventory of what they have. That piece, and explaining “if you do this, here’s the risk mitigation around it, this is how it could help your business.” The second piece I think that some don’t really truly understand is the scope complexity, meaning identifying the infrastructure, the dev, the security, the operations team, everybody else that’s all-encompassing around this. I think the third is staffing. Some MSPs don’t realize, “OK, if we have this, how do we build a profitable practice?” – you need to ensure that you have the right skill set from your own teams to do that assessment up front. It’s a step-by-step, but you can’t do only one of those. Proper discovery, scope, and staffing are really key. Robert Dutt: You guys are a Toronto-based company. For Canadian MSPs or resellers in the audience, is there anything specific about how you’re building the partner ecosystem up here in the market that they should know about, and what’s the first step that a partner should take who’s intrigued by this conversation and wants to find out more? Larissa Crandall: Join a partner program. Obviously, I will say that. I think one of the proud moments for us right now is we launched a new partner program in February. Simplified, it did increase profitability and economics for them, and also did a complete overhaul of all the training, enablement, everything that they were asking for. It sounds simple, hard to do. We did this outside in. We spent a lot of time surveying Canadian resellers, MSPs across the world and really asking them what was needed around that. When we launched it, we had a record number of logins immediately on our partner portal in the first eight days of the program that we had seen in a while. That just goes to show that there’s just this strong pent-up demand for “Teach me and tell me more” because they’re hearing customers with some of these issues. We want to be there first and foremost and be proactive with them. Join the program. That’s what I would say. It’s very simple to start. I promise you, it’s a very profitable program. We’ll help you through and do all the onboarding and spend some time with us. Robert Dutt: From a Canadian point of view, anything particular that you’re looking at in the market up here, as far as building the ecosystem or as far as how you view where the Canadian channel’s at with you guys? Larissa Crandall: I’ve spent quite a bit of time there, talking to partners up there and spending some time with AWS. We spent a lot of time – we just won the Rising Star Award for Canada for the work that we’ve done in partnership with AWS. That has got a lot of press for us personally and what we’re doing and how we’re building solutions together. I would also say we have quite a bit of employees there, obviously. That’s been where we started. I would say a lot of loyal partners that have been with us through the entire journey. I would say that I’m hoping they’re pleased with all the changes and the added incentives there, and happy to talk to them. Robert Dutt: All right, a few quick-answer lightning round type questions before we wrap up. You touched upon this a little bit, but can you maybe elaborate? When you talk to MSPs who are doing identity security really well, what’s one thing that’s common amongst them? What’s the common thread amongst those who are doing well in this space? Larissa Crandall: Great. I would say exactly how we started this conversation – that they have recognized that AI is here and here to stay, and the ones that have built in the forefront and done really well with enablement out to their customers around that human and non-human identity security space and explained it are crushing it. Those are the ones that we’re seeing seat count increase, seeing some of their large customers come on and do true – what I would say, we call it – wall to wall. Bring in customers that have done exactly what that mature MSP did and said, “If we’re going to go do this and preach it ourselves and sell it, we better make sure that we are doing it as a company.” We’re continually seeing that. The ones that really get that from the very beginning are the ones that are on the forefront and being proactive about it versus reactive. You have to be trusted advisors out there, especially to even the SMB community. Robert Dutt: Finally, without naming any names if you don’t want to, what’s the worst password hygiene you have personally witnessed? Larissa Crandall: I would say sticky notes. I would say everything that your grandparents have done, your parents have done. I think it’s one of those where we’re all guilty of – where do we put that password? Did you share it with someone? That’s the worst thing that you can do. Of course, I work here, I’m going to say it, but being a 1Password customer even before – and that’s the fun about being here. I could be in an airport, I’d have a 1Password sweatshirt on walking through and we’re this beloved brand out there because they started with us on that B2C journey and have moved and brought us through into their businesses today. It’s a great place to be. Robert Dutt: Quite the evolution, and thanks for walking us through it, and good luck with the program rollout. Thank you so much for taking the time. Larissa Crandall: Thank you so much, Robert. I appreciate it. [MUSIC] Robert Dutt: My thanks to Larissa Crandall from 1Password for that conversation. A couple of things I want you to take away from it. First, that stat: non-human identities now outnumber human identities 82 to 1. If that number doesn’t make you rethink the scope of the identity conversation you’re having with customers, I’m not sure what will. Second, the MSP who made 1Password mandatory across their entire customer base – not as an add-on, not as an option, but as a baseline requirement for doing business. That’s the kind of conviction that turns a product into a practice. Whether 1Password is the right fit for your stack or not, the broader point stands: identity security is no longer a nice to have, and the MSPs who treat it that way are the ones building real recurring revenue around it. Thanks for listening today. If you haven’t already, please do consider subscribing to or following the podcast in your podcast app of choice. We’re up on Apple Podcasts, Spotify, YouTube Music, iHeartRadio, and more. And if you’re old school and you like your RSS feed to be, well, an RSS feed, we got you covered too. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Joe Smolarski, CEO of WatchGuard Technologies, joins the podcast for a wide-ranging conversation about why the company believes 2026 is “the year of the cybersecurity-focused MSP” – and what that actually means beyond the tagline. Smolarski came to WatchGuard in November after nearly a decade at Kaseya, where he served as president and COO. He’s been open about applying what he calls the “Kaseya playbook” to WatchGuard – driving down platform costs and consolidating tools to improve partner margins. In this conversation, we dig into what parts of that playbook he’s bringing, what he’s leaving behind, and why he believes WatchGuard can double MSP margins on cybersecurity. We also explore WatchGuard’s latest threat research, which showed a 1,500% spike in unique endpoint malware, and what the company’s 2026 predictions – including the first fully autonomous AI-executed cyberattack and the extinction of crypto-ransomware – mean practically for MSPs and the customers they protect. The conversation takes a Canadian lens as well. Smolarski discusses WatchGuard’s new partnership with Bell Cyber, the data sovereignty investments required to win that deal, and why he sees the Canadian market as ripe for its next level of MSP maturity – driven by regulation like Bill C-26 and the consolidation wave now reaching this side of the border. We also touch on WatchGuard’s 30th anniversary, what longevity means in a market full of startups and PE roll-ups, and how Vector Capital’s decades-long involvement shapes the company’s outlook. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. My guest this week is Joe Smolarski, the CEO of WatchGuard Technologies. Joe took the helm at WatchGuard back in November after spending nearly a decade at Kaseya, where he served as president and COO. He’s now leading a company that just celebrated its 30th anniversary, has been 100% channel-focused since day one, and is making a pretty bold claim that 2026 is the year of the cybersecurity-focused MSP. Now, that’s the kind of line that can sound like vendor marketing if you’re not careful, so I wanted to dig into what’s actually behind it. We talked about the explosion in endpoint malware, why the shift from ransomware to pure data extortion changes the game for MSPs, what Joe is bringing from his Kaseya experience and what he’s leaving behind, and why he thinks Canadian MSPs are at a tipping point. We also get into the economics of it all – his promise to double MSP margins on cybersecurity, and how WatchGuard’s platform play is supposed to make that math work. Let’s get right into it. My chat with Joe Smolarski. Thanks for taking the time, I appreciate it. Joe Smolarski: My pleasure, Rob. Robert Dutt: Security has been one of the biggest, maybe the biggest, growth driver for MSPs for years, and your company is saying that 2026 is the year of the cybersecurity-focused MSP. Help me understand what makes this year different from the last three or four, where people have been seeing the same kind of momentum in security in the MSP space. Joe Smolarski: Yeah, sure, Rob. I think ultimately many of the stats are clear, and they’re really eye-opening. I think no longer are MSPs having to educate and evangelize why it’s needed, because when you see eye-popping stats like the fact that cybercrime is the third largest GDP in the world behind the US and China, it’s like, holy cow, how the heck is that possible? But it’s escalated very, very quickly. And unfortunately for SMBs, SMBs have become the focus of those attacks, and I think that’s becoming clearer and clearer every day. SMBs used to feel as though they’re not the focus, that the big guys will be the focus. But what we’ve seen – and unfortunately I have some firsthand experience – is that when cybercriminals attack the big guys, they have people come after them. If you know my past, I served as president and COO of Kaseya for nearly a decade prior to becoming CEO at WatchGuard. And there, on July 2nd of 2021, we got attacked by Russian cybercriminals. When that occurred, within four hours I had the FBI and the White House and Department of Homeland Security and everybody else in my office, which was not very pleasant. So you get the attention when you’re a major provider, a big company. Look at Stryker right now, what they’re going through. In that situation, within four hours, they’re all in my office. Within three weeks, we got the bad guys, and those bad guys are sitting in a federal prison right now. But that’s not the case when it comes to SMBs, and it’s a shame. I had access to a bunch of inside information within the government when we went through that, because we also hired the FBI lead as our CISO at that time. And what they say is they’re just overwhelmed. There’s no way that they could get to all of the attacks that are occurring. The big guys get attention and the small guys don’t, and that’s become prevalent. So I think ultimately, this is the year for cybersecurity to get to that next level because the pace of attacks is picking up so much, in particular in the SMB market. We posted our bi-annual security report and showed a 1,500% increase over the last year, just in the velocity of attacks, which is scary. It’s scary for SMBs. And quite frankly, even if they have some of their own internal IT staff, they’re not going to be at the level that they require to stay protected. So they’re relying on the fantastic MSPs that are out there to get them to that next level. I will say, I caught up with three or four large MSPs in Canada over the last week, just to prepare for this a little bit, just to get some of the latest trends directly from the MSPs themselves. And they said they still feel like Canada is a little bit behind when it comes to the US, just a little bit behind in terms of education and things like that. And certainly, small business is so prevalent in Canada, given how dispersed it is. So they’re working on that. I know your government in Canada is working to increase regulation. I think some of the fighting back and forth with Trump and Carney has been interesting and ultimately fueling the Buy Canadian campaigns and some of that stuff. But you’ve got a lot going on. I know you’ve got a C-26 bill from an infrastructure perspective trying to be passed, just to make sure that the awareness is there for all businesses on what needs to be protected – supply chain and everything else. But it’s a huge opportunity for the MSP market to take it to that next level, because from my perspective, Rob, you have to. What I’ve seen – and this is very, very unfair – is that when a small business even declines that next level of, say, platinum service from an MSP, they’re like, “I don’t need that. We don’t need that level of protection. We’re not willing to pay that amount.” If something negative happens, then unfortunately the MSP still gets blamed. And that’s ridiculous, but it’s the reality of the situation. So this is the year to capitalize on it. There’s enough news and information out there that supports everything. It’s an exciting year and, of course, a nervous year, because you’ve got to protect your clients and use the best technology and services to get there. Robert Dutt: You touch on the 1,500% spike in endpoint malware in the second half. A quarter of those attacks are evading signature-based detection. At the same time, though, your team is predicting that crypto-ransomware is essentially going extinct this year as attackers say, “You know what? We’d rather just steal the data and extort you.” What does that shift mean practically for how MSPs need to think about protection and what they’ve been offering, given that ransomware has been such a driver for the last half decade or so? Joe Smolarski: Yeah, I think ultimately you just have to make sure that you have layers of protection. To your point, lots of things get through. You could have the very best technology in the world, whether that’s WatchGuard or some of the other leading providers, and things can get through. Ultimately, that’s why you need the layers. One of the things that you should also consider is the platform approach. There are many providers, WatchGuard being one of the leading providers in the MSP space. When you have a platform that gives you multiple layers and those layers get to be correlated together, it just increases your chances of detecting those things. You may see something on the firewall that’s not definitive evidence of something happening, but when you piece that together with what’s happening on the endpoint and you’ve got those two data points, you piece it together faster than point solutions can. I think ultimately you need to make sure you have 24/7 SOC monitoring. Things that you didn’t think were possible – you thought you put in the best products to protect you, why do I need that, nothing should get through. You just threw the stats out there that things do get through. The only way to stop that is to catch those anomalies at one of the respective layers. If you’re at 99.9999%, you’ll get it at the product level. But what gets through – and with the velocity of attacks that is there – you’ve got to make sure you’ve got AI-based SOC solutions and MDR solutions backed up by great security professionals to ensure you’re protected. Robert Dutt: On the AI tip, you guys have predicted the first fully autonomous, end-to-end executed-by-AI cyberattack this year. That’s a big call. What would that look like? And how do I, as a mid-market MSP, even begin to prepare for something like that? Joe Smolarski: Number one, it should scare the heck out of us. It scares me. It certainly scares me, Rob. It’s a world that is evolving very quickly. I think AI in and of itself – there are some anomalies. I’ve done a few interviews where I’ve said half of AI is bullcrap. Because so many people claim AI and everybody’s taking credit for it. Some of it’s real, some of it’s not. But what’s very real is the rate of acceleration of technological advancement, both for the good guys and unfortunately for the bad guys. So I think you can’t fight AI attacks with human-based people. You need to fight AI with AI. There’s no way, from a rate of defense, pace of defense, that you can fight that with just good security professionals. You want to make sure, as the complexities of these attacks, the velocity of these attacks – because it is AI-based – continues to accelerate at an unprecedented pace, that you’re fighting that with AI-based solutions. Because it can match the speed and complexity of the response. We’re seeing it. While we haven’t seen a complete 100% autonomous end-to-end, we’re seeing pieces that are getting very, very close. We have so many millions and billions of data points coming through and it’s getting scarier by the day. Our job is to stay ahead of that. We stopped billions and billions of attacks last year and we had seven reports come through of malware that maybe got through. So the success rate is phenomenal, but the only way that will stay phenomenal is if we just stay on top of that 24/7, 365 and read all the indicators of what the bad guys are doing and how we need to stay ahead of that to protect our MSPs and protect our end customers. Robert Dutt: We talked about platformization a little bit off the top. I wanted to circle back to that. First, you’ve been pretty open about bringing the Kaseya playbook to WatchGuard – driving down platform costs, consolidating tools, increasing margins. But Kaseya can be a complicated word in the MSP space. Some partners hear it and think great economics. Others hear it and think about aggressive bundling or the friction of integrating acquisitions. Which parts of the playbook are you looking to bring to WatchGuard, and which parts are you consciously choosing to leave behind? Joe Smolarski: Yeah, definitely. And listen, every company has its pros and cons. And certainly over there, I was the number two, not the number one, which is a difference, because you’ve got to abide by certain things. It had a fantastic leader with Fred and a great leader with Rania in the current leadership. But I think ultimately what always resonated – no matter, I say time and time again, even if somebody didn’t like certain practices at Kaseya – what always resonated was, “I need to lower my operating costs because my margins are too tight and I can’t scale efficiently.” It’ll be tough to get liquidity as an MSP if I’m not getting the proper margins and profitability. And we know that there’s a great opportunity for MSPs to get liquidity and have an event, because there’s a great rollup occurring in the industry. So just making sure that the unit economics continue to get better. And the second component is just an integrated platform. It makes all the difference in the world. Imagine you hiring your next technician, your next engineer, and then you’ve got to reach out to seven different vendors to get that person set up. That engineer has to learn seven different platforms and seven different logins and swivel chair through all of it. So those two components, no matter what, always resonated with the base, whether they were Kaseya lovers or Kaseya haters, those two things always resonated. And those are some of the common components. I think the benefit for me, and the reason why I left a very successful career at Kaseya – we did a lot of great things from a financial perspective, growing it tenfold in my tenure there – the reason why I left and the reason why I took that call is because WatchGuard just has a tremendous partner focus and is well respected in the industry. So you take that, you take the great products that we have, and then you have the focus on the unit economics that I’m certainly bringing to the table. It’s just very, very important. Sometimes an MSP needs some bells and whistles and sometimes they just need it to work and be a world-class security solution that gets to lower their costs in parallel. And that’s what we’ve done. It’s just a great combination of a company that is 1,000% focused on the partner community. That’s all we do. If you look at us compared to very amazing firms like a CrowdStrike – just phenomenal firms – but they’re not solely focused on MSPs. Prior to a decade ago when I joined Kaseya, I spent my life in the enterprise. And when you’re a firm dealing with enterprises and MSPs, I’m sorry, but it’s only natural that the enterprise gets the attention. They just do because, number one, if you look at how they segment their customer base, the Bank of America and the General Electric – when they call in, they’re going to get prioritized, let alone the human element. When you’re on support and you’re dealing with the big guy versus the little guy, it’s just different. You go above and beyond. That’s why for us, we never try to mix the two. We want to make sure that we’re dedicated to the MSP community. It makes a massive difference in terms of focus. We understand that if we let an MSP down, this is their livelihood. You let an IT director down at Bank of America, his life keeps on going. But you let an MSP down and this is their absolute livelihood, and we just can’t let that happen. That’s embedded throughout the culture of WatchGuard, which we’re super proud of. You put great products on top of that and the focus on unit economics, and it’s getting that cost down so that we allow them to be more aggressive. You and I talked earlier in the call about the fact that if an MSP offers a cybersecurity package and it gets declined, they’re still going to get blamed. So if we can keep getting that cost down to allow them to make sure all of their end customers are protected, it’s just a great thing for all. And that’s our genuine focus and we’re super excited about it. Robert Dutt: You’ve said that you want to double MSP margins on cybersecurity, and that’s a very specific promise, one that I have to imagine gets a lot of MSPs’ ears perked up. Can you walk me through the mechanics of how that actually works? Is this pricing, is it operational efficiency through the platform? And what does that transition to higher margins look like for a Canadian MSP with, say, 500 managed endpoints? Joe Smolarski: Yeah, listen, I think it’s all of the above, Rob. If you look at it, you can buy a dirt cheap solution and think that you’re saving money. But when it comes to cybersecurity, you buy a dirt cheap solution and then you get bombarded with alerts and noise and everything else. All you’re doing is increasing your operational headcount, your human capital. And you’re getting an absolutely nasty math equation that you just didn’t realize when you signed on the dotted line up front for the rock bottom price. So it’s not solely based on price. This is a world where there is a ton of noise. And if you’re not efficient with what we’re providing to the MSP in terms of threat indicators and things like that, they just get overwhelmed and either have to overstaff to accommodate for it, or they miss important things and ultimately allow bad stuff to occur within their environments. For us, we really focus on simplicity of the platform and making sure that we can give you absolute world-class solutions. You do the research on WatchGuard – we have world-class solutions across the board with tremendous success rates. So give world-class solutions, limit the noise that an MSP has to deal with, and always be there for that MSP when something occurs. We have a six-minute response time on our SOC, which is best in the industry. All of those things combined, along with very aggressive commercials. We have to be. We’re getting more and more aggressive when it comes to commercials and have a lot of great stuff planned for this year. I’ve been here four months, so give me a little bit of time, just a little bit. But we’re making progress every single day to continue to meet the needs of our MSP community. Get that price further down, improve the unit economics, and more importantly just provide a great simplified platform that simply works, and always show up when our customers need us. Robert Dutt: You’ve shipped a lot of product in a short time. The Zero Trust Bundle, FireCloud, Open MDR with third-party support, the unified agent. For an MSP that’s currently running your firewalls, maybe another piece of the stack, what’s the realistic path, the realistic starting point to adopting the full platform, and how do you avoid the rip-and-replace fatigue that you can feel from vendors who are in the platform play? Joe Smolarski: Yeah, we’re doing everything we can to avoid the fatigue. Not to kick anybody when they’re down, but we’ve had a flurry of major activity from SonicWall customers looking for relief from some of the challenges they’ve had. Our team has worked around the clock to put together fast, easy, white-glove migration using AI that can carry across profiles and configs to make it as easy as possible to reduce that fatigue when you do decide to move. We definitely concentrate on reducing that fatigue through automated migrations using AI tools to make sure that some of those things happen. But fatigue aside, in terms of next logical steps – we’re blessed, we have 25,000 MSP partners, most of which are using our firewall solution, which we’re famous for. The red boxes. It’s world-class and extremely well respected. If they’re just using the traditional firewall, the next easy logical step is to get the endpoint protection with fully managed SOC, because you need it and it just works so tightly together. Our goal when we work with our partners is just to show that one plus one truly does equal three. We work on that every day through additional integrations and ease of migration tools. We’re super excited about it, and we think it’s going to be a banner year for us. We had a record-breaking 2025 and think we’re just getting started at this stage. Robert Dutt: Vector Capital has been involved with you guys for decades, which is pretty unusual for private equity. Your partners are making long-term bets on the platform – obviously, that’s the nature of the beast. What are you giving them in terms of assurance that there’s continuity of investment there, that this structure keeps going, that it doesn’t become a growth-for-exit kind of play? Joe Smolarski: Yeah, well, I think you just answered it for me. You just said Vector’s been involved for decades. That is very rare, Rob. Very, very rare. Number one, Vector’s just a fantastic partner. I’ve dealt with many different private equity firms. I’ve been in private equity my entire life – very prestigious ones. Insight was fantastic at Kaseya. But ultimately, Vector has been in this for the long run. Some of the principals at Vector have personal financial interest in this company, which just creates a loyalty and a common vision for us to build a great company. And they tell me that every single day. We don’t build for an exit. We want to build a great company. We believe we have a great image and perception and brand in the market today, and we’ll never do anything to compromise that. Our focus is to build a great company, protect our partners, continue to build with our partners. Both myself, the WatchGuard team, and Vector – that’s the sole focus here. Because they’ve been involved for decades, it’s a little bit different than many other firms that are going through change of ownership every couple of years. And then they’ve got to cut costs and go through all that. We’ve had stability from that perspective, which is great. We’re still a business. We’re a for-profit business. We’re not a charity. So of course we always have to make business decisions in an ever-changing business world. But I think that continuity has really made a big difference. Having a private equity firm that has a personal interest in this company has made a big difference for us, and I think our partners see that with the level of focus and dedication to the partner community. Robert Dutt: Earlier in the conversation you mentioned data sovereignty. You mentioned some of the moves being made on the government side in terms of legislation. As you’re pushing a cloud-delivered security platform, how do you see data sovereignty factoring into that? Joe Smolarski: Yeah, it always has to, because otherwise it’ll preclude you from being able to penetrate certain markets. Ultimately, that started decades ago in Europe, in terms of having to make sure that data is stored locally. Any major vendor needs to make sure that focus is there. Canada is catching up quickly in terms of many of those requirements. Sure, it requires extra capital and build-out in terms of making sure we have local data centers and all of that. But at this stage of the world, unfortunately it’s getting more complex with all the wars and the turbulence that’s in the world now, which is unprecedented. So you’re going to get more of that – “No, it can’t leave the country, it’s got to be here” – more and more. All of us in the SaaS space need to be prepared for additional investments to accommodate for that. You’re not going to win and be able to get that business at a large scale without it. Our business has quickly taken off in many key areas. You may have seen we just announced the Bell Cyber partnership this week. Bell is the largest telco in Canada, as you know better than me, and Bell Cyber is their cyber arm. They’re embedding WatchGuard to make sure their customers are protected. As part of that, we had to make sure that there are no data sovereignty issues when you’re going to the largest telco to get to their millions and millions of customers. We’re super proud of that. WatchGuard – we’re not at the level of a gazillion-dollar firm, but we’re big, we’re serious, we have great technology. And to go and get the number one telco in Canada to use our solution for their cybersecurity offering is just evidence of how we’re attacking problems like that. Robert Dutt: I’m curious, as you’ve looked over the landscape, do you see the Canadian market differently than the US in terms of MSP maturity, cybersecurity adoption, those kinds of market condition issues? Joe Smolarski: I think the Canadian market is a fantastic market in this space that is ripe for the next level of maturity. As I mentioned, and this is not coming from my speculation, this is coming directly from some of the larger MSPs. I think F12 and Calvin caught up with them and a bunch of others earlier this week. Large, prestigious MSPs that are doing great things and growing significantly. Canada is just a little bit further behind, needs a little bit more education from an end-customer perspective. As regulation comes up, that’s going to solve some of that. As some of the geopolitical stuff continues to occur, that’s going to happen. The consolidation that we saw in the US on the MSP side, starting maybe five, six, seven years ago, is starting to pick up in the Canadian market as well. And that’s a great opportunity. To me, MSPs should be excited. When you see consolidation occurring and rollups occurring, that’s a chance for you to get a nest egg. What we’ve seen is MSPs can get some liquidity, either stay invested or exit, and then they go do it again because they’ve got the playbook. The MSP world’s not that complicated in the sense that there are playbooks on how you win. We certainly work with a lot of MSPs to share those playbooks. The Canadian market is ripe for that next level of maturity. I am super confident that it’s going to accelerate, because you have a lot of great MSPs and technology providers taking advantage of that now, and it’s going to continue. Robert Dutt: You guys just turned 30. In a market where a lot of security vendors either get acquired, completely change what they’re doing, or flame out, what does that longevity actually mean? What do you see as the selling points of it, and what do you see as the baggage of having that long of a history? Joe Smolarski: Listen, the selling points are we’re not going anywhere. We’ve been doing this for 30 years. We haven’t done it for 30 years at a small level, Rob. We’ll approach a half a billion dollars in revenue by the end of this year, well over $120, $130 million profit. We’re doing great things. We’re big, we’re stable, and that longevity gives customers and partners the assurance that we’re not going anywhere. Because I think you know it – there are many firms out there that look sexy. They’ve got the sizzle. They’ve been around for three years and everybody’s talking about them. And then I meet with many of these CEOs from an acquisition perspective, and you talk to them and you realize, “Oh, they’ve never made any money.” And when you’ve never made any money, sometimes you can get away with that because you sell and do your thing. But many other times, there’s a reckoning from a macroeconomic perspective, where money’s not free anymore and ultimately either make money or there’s going to be a problem. In those situations, when you change hands and you get swallowed up by a bigger company at some minimal value because of economic challenges, you invested in something that’s not going to be there for very long. Customers love knowing, “I can go with WatchGuard. I know you’re going to be around forever, quite frankly.” And they see how we’ve evolved. We have not been stagnant. On the positive front, we went from being the leading provider of firewall solutions, which are still very critical from a perimeter security perspective, in the MSP and SMB space. We protect many of the agencies that are protecting the world. Our firewalls are in government agencies throughout the United States and throughout Canada that are actually protecting our soldiers. Our solutions are in fighter jets. So we’ve got a lot to be proud of just in terms of that level of security that our government relies on us for, which is amazing. What you need to fight against, just to make it a balanced conversation, is being stagnant. This is a fast-changing world. If you’ve been here for decades, you have to make sure that you’re staying up with technology, understanding how AI can help you do your job three times more efficiently. Many people can, some can’t, but many people can because they have great roots in technology and innovation. So you just have to keep pushing the team to be aggressive, not stagnant. And that’s what you get with me, certainly. I know how to push people. I’m a little bit over-energetic, probably a few too many Celsius on a daily basis. My goal is to get the most out of people, but when you have a great team and a great foundation like we do, it’s not that tough. Robert Dutt: Just to wrap it up, let’s go back, if we can, to that Canadian MSP that we were talking about – that SMB-focused MSP who’s been focused on the firewall side of the business but hasn’t really gone too much deeper. What’s the single biggest reason that you see for them to take another look at what you guys are doing right now? Joe Smolarski: I think the progression of our platform is well beyond what people understand. The level of embedded AI throughout the platform is beyond what they would expect – if they looked at us three, four years ago, they just don’t understand where we’re at today. Ultimately, we have an AI-enabled platform that’s dedicated to the MSP and SMB market. Sure, firms like CrowdStrike are fantastic. They’re not dedicated to this. For us to have technology on par with anybody that’s out there throughout the entire cybersecurity stack and to solely dedicate that to the MSP and SMB market – so when you have a problem and you go through a breach or anything else and you call in, you’re not competing with Bank of America, you’re not competing with these other massive companies. You’re our sole focus. We understand your business is your lifeline. You get all of that sophistication and then a level of simplicity provided within the platform that is second to none, to just make your job way more efficient. That’s the ultimate selling point for us – that you can get everything you need throughout the cybersecurity stack from WatchGuard, plus that friendliness of just the pure partner focus and commitment. We truly believe the next few years are going to define which MSPs become security leaders and which stay as commodity IT providers. The opportunity is enormous. The demand is structural. And the partners who build disciplined, automated, security-first practices are really going to thrive. We’d love to be their partner. Robert Dutt: It’s a great point to leave it on. Joe, I appreciate your taking the time. This has been a great conversation. I think you’ve given partners lots to think about. Joe Smolarski: Thank you so much, Rob. Take care. Robert Dutt: There you have it. Joe Smolarski from WatchGuard Technologies. I’d like to thank Joe for his time. This was actually one of his first podcast appearances, and I thought he was remarkably candid throughout. I appreciate that. And of course, thank you for listening. A few things that stuck with me from this conversation. First, the honesty about AI. When a CEO tells you that half of what’s being called AI out there is, in his words, bullcrap, but then makes a clear case for where it genuinely matters – fighting the velocity of AI-driven attacks with AI-driven defense – that’s the kind of nuance I think partners need to hear more of. Second, the Kaseya question. Joe didn’t dodge it. He acknowledged the baggage, drew a line between what he’s bringing forward – the unit economics focus, the platform consolidation – and what belongs in a different chapter. Whether that distinction holds up over time is something we’ll all be watching, but I thought that was a fair answer. And third, the Canadian angle. WatchGuard’s partnership with Bell Cyber is a significant validation of their platform in this market. And Joe’s observation that Canada is ripe for the next level of MSP maturity, driven by regulation like C-26 and the consolidation wave that’s hitting us now, is worth paying attention to. If you found this conversation useful, I’d love it if you’d follow or subscribe to the ChannelBuzz.ca podcast. You can find us on Apple Podcasts, Spotify, YouTube, and most other podcast directories. And if you’re feeling generous, a rating or review goes a long way towards helping other folks in the channel find us. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Bob Bonneau, country manager for ESET Canada The ESET Women in Cybersecurity Scholarship is in its eleventh year globally and its fifth year in Canada. This year, ESET is awarding three $5,000 scholarships to Canadian women pursuing careers in cybersecurity, with applications open through April 8, 2026. The numbers are substantial. Across North America, ESET has awarded $187,000 to 39 women since the program launched. In Canada alone, 14 women have received a combined $50,000 since 2021. But here’s what caught our attention. When we asked ESET Canada country manager Bob Bonneau where past recipients have ended up, the answer was honest: they’ve largely gone to work at tech companies at the source of the technology, not at channel partners or MSPs. It’s a gap Bob acknowledged openly, and one he committed to thinking about differently as the program evolves. That matters for the channel. Canada’s cybersecurity workforce gap is well documented — the ISC2 Cybersecurity Workforce Study puts women at roughly 22% of the global cybersecurity workforce, and Canadian numbers have been largely stagnant for two decades. Every MSP competing for security talent is drawing from the same thin pool, and retention is just as hard as hiring. As Bob put it, the second someone updates their LinkedIn with cybersecurity experience, the recruiters come calling. Worth noting: the scholarship is open to any woman enrolled in or accepted to an accredited Canadian college or university, including those studying part-time while working. That means someone already in the channel who’s upgrading her skills could be eligible. If you’ve got someone on your team who fits, point her toward the application before April 8. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. If you’ve been in the channel for any length of time, you know that finding and keeping cybersecurity talent is one of the biggest operational challenges MSPs and other solution providers face. Canada needs to fill roughly 25,000 cybersecurity roles and produces fewer than 4,000 graduates a year. That math doesn’t work, and it’s not getting better fast enough. One program that’s been trying to move the needle is the ESET Women in Cybersecurity Scholarship, now in its 11th year globally and 5th year in Canada. This year, ESET is awarding three $5,000 scholarships to women in Canada who are pursuing careers in cybersecurity. Applications are open right now through April 8th. But I didn’t want to just tell you that the scholarship exists. I wanted to dig into the thinking behind it. Why a security vendor invests in something like this, what happens with the talent it produces, and whether programs like this are actually connecting to the channel or feeding the pipeline somewhere else entirely. My guest today is Bob Bonneau, country manager for ESET Canada, and he had some candid answers to those questions. Let’s get right into it, my chat with Bob Bonneau. Bob, thanks for taking the time. Nice to chat with you again. Bob Bonneau: Likewise, I appreciate being here. Thanks for the invite. It’s always a pleasure to catch up. Robert: The ESET Women in Cybersecurity Scholarship is in its 11th year now, 5th year in Canada. Can you tell me what was the original thinking behind expanding the program here, and has the program evolved in ways you didn’t expect when you were thinking about that five or six years ago? Bob: Yeah, for me, as you know, I took over the role of leading Canada about six years ago, and it was too soon in the first year for us to kind of jump on board. But having been exposed to what the US office had initiated from an ESET perspective in terms of the scholarship was certainly something that I thought was just a great initiative and something that I was excited to kind of join and be part of. So I quickly made plans to ensure that we were included in the next year, and we’ve been a part of it ever since. I would say initially, we started with a single $5,000 scholarship, and as much as there was — it was an investment we were making that, contrary to popular belief where every vendor-invested dollar, especially in something like this, has to have some sort of ROI metrics to it — this didn’t have that. This is purely something that we felt passionate about needing to do, and we thought it addressed a couple of different main areas in our business that we were trying to address. But when I look at the early days, it was funny because it is very much a marketing effort just to get the information out there that we’re in fact offering it. So I would say we had the $5,000 scholarship offered and we worked hard to get that communicated out so that we could get a good submission base to start to evaluate. And if we fast-forward to going into this year, it’s now scaled to three $5,000 scholarships that we’re offering. What used to be largely an internal company effort — we would look at the submissions and evaluate them and select the winners — there’s now a 10-person selection committee made up of representation from business, tech partners, large customers of ours, our reseller community. So it’s really expanded from there, and it’s great to see. Part of why we scaled it is because the volume of submissions has grown so much, which is great. But quite frankly, the impressiveness of the applicants just makes that job really hard. So it really has evolved to what we’re seeing today, and it’s been great to be part of that. It’s also evolved from a company perspective, which is great. Now having, I think we’ve got seven countries participating in it. Robert: Wow. So far you guys have awarded $50,000 to 14 Canadian women through this program. When you look at where past recipients have ended up, they’ve largely gone to work at tech companies rather than, say, roles in the channel with partners or MSPs. Is that the intended outcome, or is there a gap between investing in the pipeline and seeing that young talent show up in the channel? Bob: Yeah, it’s a great point. I think the effort was obviously established to address two main gaps that we have in our business today. One, obviously, the underrepresentation of women in technology. I think that number is hovering around the mid-20% in Canada, but it’s only grown from about 21% in 2001. So it’s been largely stagnant — a number that we wanted to, in at least our small way, try to impact. The broader challenge obviously is the skills shortage in cybersecurity, which there’s no shortage of articles around. I think the more recent data suggesting 25 to 30,000 open positions in Canada, with that gap expected to hit somewhere around 100,000 by 2035. And globally it’s even more ridiculous — it’s 4.8 million, I think, is the current number. So two major challenges that we have in our industry, but you bring up a good point. I think initially it was less about — I don’t think we were thinking that deep in terms of how does this impact channel, how could it impact channel. I would say we’re engaging our channel partners through the effort, and they’re really enjoying being part of the selection committee and those types of things. We’re seeing partners, as a result of their participation in the selection committee, starting to do their own version of this, which is great to see. But I think you’re right. I think there’s probably an opportunity for us to evangelize the channel part of the opportunity from an employment perspective as we’re doing some of this effort, and it’s probably something that we can look to in the future. But holistically, the gap and the challenge in terms of women in tech as well as just the skills shortage affects both our partner community and our customer base as well. So yeah, I think you bring up a good point. There’s probably an opportunity for us to maybe use our exposure to the applicants to try to evangelize the channel a little bit more going forward. Robert: Well, and it’s often a good entry point for folks just starting out in cybersecurity. I can tell you that every MSP I’m talking to, one of their biggest challenges — the biggest challenge — is hiring the right people, especially in security, for the numbers that you point out. And I think as you say, maybe there’s an opportunity for you guys too. I mean, I understand that the goal of the scholarship is to grow the overall pool and then the market sorts it out. But it does occur to me — the scholarship itself isn’t strictly limited to students who are purely full-time at a school. If I’m a solution provider who has a female employee who also happens to be upgrading her skills at college part-time, they could theoretically be pointing her toward this. Is that a use case you’ve seen or thought about? Bob: We haven’t seen it in terms of — we tend to see more full-time students applying. We haven’t seen those returning to either enhance their current skills or — actually, we have seen some submissions from part-time students. So let me correct that. But specifically from channel, not to date. But you do bring up a great point. It’s one that we — I think if we look to subsequent years, next year, to really promote both the channel to the applicants who may be applying, but also to the channel to solicit those that might want to consider applying for it. For those that are doing some reskilling on their part, there’s probably an opportunity for us to evolve that. Again, like I said, the initiative has been more philanthropic than it’s been carved down into how do we use this as an opportunity to work with the channel more. But I think you bring up a great concept and idea and one that I certainly will take under advisement and work with the team on for next year. I think they’re great ideas. Again, it’s part of the evolution of how this thing has grown and how we think about it. I think there’s a good opportunity to start to look at it a little bit more strategically around how we work with and engage the channel and use it to promote the channel a little bit more. Robert: And it’s not too late. To your listeners, if you’re listening to this and you have a woman working for you that fits in that category, nominations are open through — correct me if I’m wrong here Bob — April 8th? Bob: April 8th is when those submissions close, correct. So there’s still time to get your submissions in. We’re starting to see them come in now. It’s interesting — we see a big spike in those that have initiated, and we tend to see those applications get submitted closer to the deadline. So it’s really something that people are spending a lot of time working on, which is great. And I would say we really focused a little bit more on the cybersecurity element, whereas initially it was a little bit broader, more sort of STEM, and now we’re really trying to focus in on those applicants that are showing a real proficiency or directive toward cybersecurity. Robert: Makes sense, given both where you sit and the need, which we’ve talked about and which everyone listening to this is no doubt well acquainted with. You guys added the Future Leader tier in Canada last year — a $1,000 award alongside the $5,000 Trailblazer level. What was behind creating that second tier, and what have you learned about reaching people earlier in the pipeline as you’ve done this? Bob: Yeah, so it’s again part of the evolution. We initially said $5,000 times one, then it was $5,000 times two, and even when we got to the $5,000 times two, the applicant pool was so strong that quite honestly our selection committee — and again, this is made up of directors and general managers and VPs from all sorts of business, large enterprise customers, partners, other technology-aligned partners — they really just struggled with how do we pick just two. So we said, okay, well, what can we maybe do in terms of evolving the program? That’s when we made the decision last year to offer five $1,000 bursaries. But as we pivoted back to this year, we pulled that back a little bit and went to three $5,000 scholarships, as opposed to the five $1,000 bursaries. Part of our thinking was we wanted it to be more impactful, even if it meant fewer people, and given just the cost of education and what’s happening today, it just felt like it was more relevant to offer $5,000 times three versus the additional $1,000 bursaries. So that’s where we’re at today, and I think directionally that’s likely where it’ll continue to go. In terms of the stats from North America, there will be a total of $35,000 given this year — $20,000 in the US and $15,000 in Canada. And since inception for North America, there’s been over $187,000 awarded to 39 women. So we’re excited to evolve this. I think we’re tweaking it for the right reasons, and we’ll continue to tweak it. Some of the recommendations you made for going forward, I think, are certainly ones we want to take advantage of as well. Robert: I love those relative American-to-Canadian numbers, given that we’re so used to either multiplying or dividing by 10 depending on which way you’re going. To see it so close to parity given market sizes, that’s a great sign. The Alumni Club is relatively new. What’s the vision there — is that mainly a networking thing for recipients, or are you trying to build something more structured that connects those folks to the industry longer term? Bob: Yeah, I think it’s a bit of both. We first of all wanted to make sure that we have methods to maintain relationships with these folks, and to see where they end up and how they evolve, and to continue to be a support mechanism for them as they look to build their careers in this industry. So it really created that tether for us to keep in contact with them, which is great, and to continue to offer them some opportunity for mentorship. We see a lot of students nowadays open to the idea of moving and traveling and seeing the world and maybe working in different locations. And because we’re global and we’re seeing more and more of our regions participate in it, there’s that opportunity for us to potentially help them in terms of building their career. What we wanted to create was long-lasting relationships with our recipients, and not just hand them an award and bid them adieu and wish them all the best. So I think this is just another evolution, in part of the program, as well as the adoption. Like I said, we’re in seven countries now, and we continue to see countries added every year. We’re excited to be able to offer it, and like anything else, it’s just continuing to make sure that they’re aware it exists and that we encourage them to take advantage of it. Robert: ESET picked up the CRN Gender Parity Award last year. How do you think about whether vendor-side diversity commitments actually translate out into the partner ecosystem? Is that connection real now, or is that still sort of aspirational? Bob: That’s a great question, and I guess it’s going to be a little bit more opinion-based. But I do think the latter is true — I do think you’re starting to see some really good movement in the positive direction across both channel and vendor communities. Certainly when you look at where the gaps would have been in terms of women representation in our organization, we’re pretty proud of our mix. And the more that we engage, the more that we work with our partners, the more that we solicit folks to be part of even our selection committee — it’s surprising how many women are starting to hold higher positions within both our partner communities and within our commercial customers. So that’s great to see, and it’s great to see how excited they are to participate in a venture like this to try to continue to encourage that statistic to change. Robert: My last question. If an MSP or other partner came to you and said, “I want to hire more women into security roles, but I don’t know where to start,” what would you tell them? Bob: Well, first of all, I would probably say I don’t think it’s as difficult as it might appear to be. I think if you’ve constantly landed at that decision, that you want to try to do that, I think there’s enough opportunity to go and find those folks for those types of roles. I just think you need to decide that that’s something you want to address. When it’s just sort of passive, it may be a little bit more difficult to do if you’re just kind of waiting for it. But we’re happy to put them in touch with — there’s several organizations, there’s events happening now, even in Canada and Toronto and in the US, that are really communities based on women in cybersecurity. There’s a growing number of them. I think attending those, or being part of those, or reaching out to those communities is a great way to find good talent that’s really proactively working at their career in cybersecurity. Robert: Some good advice there, and good luck finding those lucky winners for this year when those nominations close in just a little bit. Bob, thanks for taking the time. Bob: Appreciated, as always. We look forward to seeing what the applicant pool looks like this year, and certainly going through the applications and reading what they have to say and what their submissions are. It’s a great part of what we do. We enjoy it every year, and we look forward to the event when we get to invite them and hand them the big novelty check at the end. The novelty check is always a fun time. Robert: Yeah, for sure. Thanks so much. There you have it, Bob Bonneau from ESET Canada. I’d like to thank Bob for his time and for being genuinely open about where the program is and where it could go. It’s not every day that a vendor admits on tape they haven’t fully connected a talent initiative to their channel and then commits to thinking about it differently. A couple of things I want you to take away from this. First, the obvious one: if you know a woman in Canada who’s enrolled in college or university and has an interest in cybersecurity, point her toward the ESET Women in Cybersecurity Scholarship. Applications close April 8th — we’ll have a link in the show notes. And that includes women who might already be working in the channel and upgrading their skills part-time. There’s nothing that says this is only for traditional full-time students. Second, and maybe more importantly: Bob’s comment about retention — that the second someone updates their LinkedIn with cybersecurity experience, the recruiters come calling — that should land for every MSP owner listening. You’re not just competing to hire these people. You’re competing to keep them. And if you’re not thinking about what makes your shop attractive to a 21-year-old with security skills and options, someone else is. Thanks for listening. You can find In The Channel on Apple Podcasts, Spotify, YouTube, and most podcast directories. If you’re finding the show useful, a rating or review goes a long way. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
RSA week may be over, but the Canadian channel news cycle kept moving. Four stories this week that deserve your attention heading into April. Sherweb goes global Sherbrooke-based cloud distributor Sherweb secured a $125 million minority equity investment from Investissement Quebec — the company’s first outside investment in 28 years of bootstrapped operation. The investment follows Sherweb’s expansion into the UK market, targeting over 11,000 MSPs, built on the acquisition of Irish distributor MicroWarehouse. CRN’s interview with Sherweb’s co-CEO confirms AI marketplace expansion and M&A ambitions. Broadcom’s VMware reckoning March 31 marks the VCSP program termination deadline in Europe. CISPE filed a formal antitrust complaint with the European Commission (Reuters). Broadcom “strongly disagrees”. VMware’s Krish Prasad told CRN there’s a “huge VCF tailwind” from memory shortages, pitching VCF 9.0 as a software solution to the hardware crisis. Independent analyst firm Virtified found roughly half of VMware users plan to reduce usage by 2028. The silicon squeeze Intel’s David Feng says Panther Lake will help regain commercial PC market share while also confirming ~10% OEM CPU price increases. AMD is signaling GPU price increases of at least 10%, driven by the same DRAM supply crisis. The AI governance gap Auvik’s 2026 IT Trends Report: 67% of IT pros are optimistic about AI, but only 5% say it’s core to operations. 76% of IT leaders believe an AI policy exists — only 42% of help desk staff agree. OpenText and the Ponemon Institute: 52% of enterprises have deployed GenAI, but 79% lack full AI maturity in cybersecurity. Two independent studies, same week, same conclusion: AI adoption is outrunning governance. Read Full Transcript Hello and welcome to In Case You Missed It from ChannelBuzz.ca. I’m Robert Dutt, editor of ChannelBuzz.ca, and this is your weekly look at the stories that matter for the Canadian IT channel community. March 30th, 2026. Four stories this week. A Sherbrooke cloud distributor goes global after 28 years of bootstrapping. Broadcom’s VMware reckoning arrives just in time for a March 31st deadline. Intel and AMD both signal price increases that will squeeze your clients’ hardware refreshes. And two independent reports paint the same uncomfortable picture about where enterprise AI adoption actually stands. Let’s get into it. We’re starting this week with a feel-good Canadian story, and it’s a big one. Sherweb, the Sherbrooke, Quebec-based cloud marketplace distributor, has secured a $125 million minority equity investment from Investissement Quebec. And here’s the detail that makes this significant: this is Sherweb’s first outside investment ever. The company has been bootstrapped and founder-owned since 1998. Twenty-eight years without a dollar of outside capital. This comes on the heels of Sherweb’s expansion into the UK market, where they’re targeting over 11,000 MSPs. That move was built on their acquisition last year of Irish cloud distributor MicroWarehouse, so they’re not just parachuting in — they’ve got a beachhead. Put those two announcements together and the picture is clear. This isn’t a company raising money because it needs to. This is a company that’s been profitable for nearly three decades, deciding it’s time to go global, and bringing in a strategic partner to fund the expansion and, notably, M&A. CRN’s interview with Sherweb’s co-CEO made the ambitions explicit: AI marketplace expansion and acquisitions are on the table. For Canadian partners, this is worth watching. Sherweb has been a reliable, partner-first distributor for a long time. The question now is whether they can scale that model internationally without losing what made it work. Now for a very different kind of story. The Broadcom VMware saga has been building for months, and this week several threads converge at once. March 31st is the deadline for Broadcom’s termination of the VMware Cloud Service Provider program in Europe. CISPE, the European cloud infrastructure providers group, filed a formal antitrust complaint with the European Commission on March 19th, calling Broadcom’s actions — and I’m quoting here — a “death sentence” for smaller cloud providers. They’re asking for interim measures to block the shutdown while the complaint is investigated. Broadcom’s response, per CRN, was that they “strongly disagree” and that the complaint “misrepresents the realities of the market.” Meanwhile, Broadcom is making a very specific pitch to customers. Krish Prasad, who heads the VMware Cloud Foundation division, told CRN — and again, direct quote — “We have essentially solved the hardware shortage and the hardware cost issues with a software solution.” The argument is that VCF 9.0’s advanced memory tiering lets you offload expensive DRAM to cheaper NVMe storage, so the memory super-cycle becomes a reason to buy more VMware, not less. Prasad called it a “huge VCF tailwind.” Here’s the irony, and it’s hard to miss. Broadcom is simultaneously telling customers they need VMware more than ever to survive the hardware crunch, while pushing licensing and program changes that are driving those same customers to look for alternatives. And the data on customer sentiment is now documented. Independent analyst firm Virtified, founded by former Gartner VP Michael Warrilow, surveyed 450 VMware users across 14 countries and found roughly half plan to reduce their VMware usage by 2028. That’s not channel chatter. That’s documented customer intent. Whether the EU complaint gains traction or not, the market is speaking. Speaking of hardware getting more expensive — let’s talk silicon. Intel had an interesting week. Their VP David Feng told CRN that the new Core Ultra Series 3 “Panther Lake” chips will help Intel regain market share in commercial PCs. The pitch: Panther Lake brings meaningful AI processing capabilities to the commercial fleet. This is Intel’s play to win back ground they’ve lost to AMD and Apple Silicon in the enterprise. On the other hand — and this is from the same executive, same week — Intel confirmed it’s raising CPU prices for OEMs by roughly ten percent. Supply crunch, rising component costs, tariff pressure. The usual 2026 cocktail. So Intel is counting on a commercial PC refresh cycle to reclaim market share, while simultaneously making that refresh more expensive for everyone involved. And lest you think this is Intel-specific — AMD is also signaling GPU price increases of at least ten percent in 2026, driven by the same DRAM supply crisis. For partners helping clients plan hardware refreshes right now, the message is straightforward: budget accordingly, and budget up. The cost pressure is structural, not temporary. We’ll close this week with some data, and it tells a story every MSP needs to hear. Auvik released their 2026 IT Trends Report this week. The headline finding: sixty-seven percent of IT professionals are optimistic about AI. But only five percent say AI is actually core to their operations today. Five percent. That is an enormous gap between enthusiasm and reality. The governance picture is even more striking. Seventy-six percent of IT leaders believe their organization has an AI policy. Only forty-two percent of help desk staff agree. That’s not a gap, that’s leadership and the front line living in completely different realities about whether the rules even exist. Auvik also found that 61 percent of organizations discover unauthorized SaaS applications at least monthly. Shadow IT is not a hypothetical — it’s a standing Tuesday meeting. And these findings aren’t isolated. The same week, Waterloo-based OpenText released a Ponemon Institute study of nearly 1,900 IT and security practitioners. Fifty-two percent of enterprises have deployed GenAI. But seventy-nine percent haven’t reached full AI maturity in cybersecurity. Only 41 percent have AI-specific data privacy policies. Two independent studies, same week, same conclusion: AI is being deployed faster than organizations can govern it, secure it, or even agree on whether governance exists. For MSPs, this is the opportunity in neon lights. Your clients are adopting AI. They think they have policies. Their front-line staff disagrees. Someone needs to fill that gap. That’s your In Case You Missed It for March 30th, 2026. Sherweb going global, Broadcom’s VMware reckoning, the silicon squeeze, and the AI governance gap — confirmed from two independent angles. Links to everything we talked about today are in the show notes at ChannelBuzz.ca. If you’re finding this useful, subscribe wherever you get your podcasts — Apple Podcasts, Spotify, YouTube, most directories. Ratings and reviews always help us out. I’m Robert Dutt for ChannelBuzz.ca. I’ll see you in the channel.
Martin McNicoll, founder of Distillerie des Cantons de l’Est This is the first episode in an occasional In The Channel series called “Life after the channel” – conversations with people who built careers in the Canadian IT channel and then went on to do something completely different. Martin McNicoll founded Gurus Solutions, originally ERP Guru, and grew it into one of NetSuite’s most decorated Canadian partners over nearly two decades – President’s Club, nine consecutive years as a Five Star Award winner, and offices from Montreal to Chicago. He sold the company in 2022 and turned his attention to something that had been brewing since a 50th birthday trip to Scotland: whisky. Distillerie des Cantons de l’Est is a grain-to-bottle operation in Mansonville, Quebec, where Martin and his team are growing organic barley and rye using regenerative agriculture, distilling on-site, and aging their whisky in oak casks. First barrels went in in December 2024, with the first whiskies expected around 2028. In this conversation, we talk about the failed attempt to buy a cask at Balvenie that started it all, the sale of Gurus and what made him finally say yes, why the skills he built running an ERP consultancy translate surprisingly well to running a distillery, and what it means to retrain a SaaS-speed brain for a product that takes years to mature. Martin also shares the story behind the McNicoll brand – his Scottish ancestors who came to Quebec with the 78th Fraser’s Highlanders in 1757 – and talks about the fight to get a distillery approved on Quebec agricultural land, replanting American oak for barrels that won’t be ready for 30 years, and what’s coming next, including a butterscotch liqueur later this year. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and your host for the show. This episode is a little different from what you’re used to hearing on In The Channel. It’s the first in what I’m hoping becomes an occasional series I’m calling “Life After the Channel” – conversations with people who built careers in the Canadian IT channel and then went on to do something completely different. My guest today is Martin McNicoll. If you were in the NetSuite ecosystem in Canada at any point over the last two decades, you probably know Martin. He founded ERP Guru, which was later rebranded to Gurus Solutions, grew it into one of NetSuite’s top partners in the country, picked up every award in the book, and eventually sold the company in 2022. And then he went and did something that nobody saw coming. Martin’s now building a grain-to-bottle whisky distillery in the Eastern Townships of Quebec, growing his own organic barley and rye, aging his own barrels, and building a brand rooted in his family’s Scottish heritage going back to the 1700s. It’s a great story. So let’s get right into it, my chat with Martin McNicoll. [MUSIC] Robert: Martin, thanks for taking the time. Thanks for joining us. Martin McNicoll: Robert, it’s great to be here with you today. Robert: Nice to catch up. We ran into each other a lot at SuiteWorld. And for years, when I talked to Craig West about the channel in Canada for NetSuite, you guys would be one of the first names that came up. President’s Club, Five Star, the whole nine yards. And now you’re making whisky in the Eastern Townships. Walk me through that. How did we come to be where we’re at today? Martin: Well, it’s a note on Craig. He was my RSM. He was the guy managing me and Gurus when you started. He wasn’t like head of the channel. He actually came down to Montreal to help me start the practice. So we connected for all that time. But to go back to the whisky business, I’m a Scotch fan. I’m a whisky fan. And now, like eight years ago, for my 50th birthday, I went to Scotland with a bunch of friends and had a great time visiting distilleries for a full week, just drinking Scotch and having fun and eating good food. And when we came back, a couple of years later, it was COVID. And COVID, I think, happened and a lot of people got ideas of what they really want to do. And I have a cottage in the Eastern Townships, which is, for your listeners, a bit up north of Vermont. I’m 15 minutes from Jay Peak, which is a ski resort in Vermont, on the Canada side. Beautiful place. And we stayed there for the first year of COVID. We had amazing success with Gurus. I think for everybody in the channel, cloud services companies really boomed during that time. Everybody wanted to run their business from home. It was a great time. And I said, what can we do? We had supply chain issues our customers were trying to solve. And I said, what can I do? What can I contribute? I started with ideas of being a farmer. These were shut down pretty fast. But a friend of mine said, you know what, we can grow barley and rye and we can make whisky. And I said, oh, that’s a great idea. And then the hunt was on. We found some land – I mean, that’s the only thing we could do during COVID, drive around and look for land – and found great land with a great combination of good water and enough acreage to grow the cereals. And it started like that. And then a French company approached us to buy Gurus. And it was just the right timing. So everything happened. It just gave me more money to spend on booze, sort of saying. Robert: As it should be. So to your point on that 2018 trip to Scotland, I read that the dream sort of began with a mission of bringing home a cask of whisky. Is that true? Martin: It is true. We tried to, actually. When we went to the Balvenie and we said we’d like to buy one of your casks. And they looked at us like aliens. It’s like going to a Michelin restaurant and asking to buy the pan of the chef, right? Because the cask is part of the process. That’s what gives some of the aromas to the whisky. That’s where it’s aging. So you just can’t leave with the cask. You just can’t. I mean, I guess there were some barrel programs today, but you leave the cask there. You buy the liquid that’s in the cask, that’s all yours, but you can’t leave with the cask. But that was funny. That led to very interesting conversations at the distilleries in Scotland. Crazy Canadians trying to buy a cask. That’s the IP. That’s the trade secrets of the industry. Robert: So you had Gurus for 18 years, Alan Allman Associates comes knocking. You said initially you didn’t want to sell. What changed your mind? How much of it was about making room for the distillery that was already percolating in the back of your mind versus just feeling like it was the right time to do something new? Martin: I mean, it was that. I wanted to dedicate more time, because at that point the guy running Gurus was my COO, Dominic, and he was doing a great job. I was taking more time off and giving him more bandwidth on the business to run it. And I wanted him to be the president and continue running it. And these guys came in and they said, “We want to buy your company.” I said, “Okay, I’m not interested.” So they came back a couple times and the second time said, “Okay, how much do you want?” And I gave what I thought was a crazy number and they said yes. So I was done. And today it’s one of the most profitable businesses they have in their portfolio, and they’ve added other ERPs to the mix buying other companies in North America. And for the French, Quebec and Canada is kind of the bridgehead to go to the rest of Canada and the US. They needed a company that can speak English, which Gurus dealt with very well all the time. Not all of them do. But it was great for them. A great acquisition on their side. I’m still sitting on their board in Montreal every quarter, so it keeps me connected to the business, having fun there and very proud to see the company continue to thrive. Robert: You guys built Gurus through a string of acquisitions – Enabled Success, NetStra, MD Technical Resources. You had offices from Montreal to Chicago. When you look at what you’re doing now with the distillery – buying land, building infrastructure, hiring a master distiller – does it feel like it’s the same muscles that you built in building up Gurus, or is it completely different? Martin: It is the same thing. That’s very funny. I thought it would be something else. It’s not. It’s just managing people, managing providers. I mean, the problems are different – it’s like a truck being stuck emptying a cargo of casks going to the distillery, or a pump that is broken. But it’s like following up with the providers, finding the right partners, researching, researching, researching, reading. And all the skills that I’ve developed in BI and everything that we’ve built with Gurus is fully applied here at the distillery. So I started with cloud solutions first, and we’re using all the Google stack, which I always used, with their Google Cloud. All the data of the distillery is stored in a Google Cloud database and we can do analysis. It’s just great to look at it from a data perspective and have the right people to do the job. And I recognize what I’m good at and what I’m not good at. So I break stuff sometimes. That keeps me away from some pieces of equipment. Robert: One thing that jumped out on the website for the distillery was the grain-to-bottle concept. You grow the grain, you distill it, you age it, you sell it. You control the whole chain. For 20 years you kind of sat as the middleman doing the consulting and implementation in between NetSuite and the customer. Was it something about that experience that made you want to own the whole thing this time around? Martin: Definitely. And as you know, Robert, in the ERP channel, it’s not your software, it’s NetSuite. And my team understood the software, and the best successes we had were when we found a customer, sold NetSuite, understood the requirements, gave them a realistic estimate, implemented, and took them live with the right time frame. So that to me was like the perfect – everything that would work great, boom, boom, boom. We sold, we implemented, we took them live, converted all their data. Happy customers stayed with us for years. And that was a bit of that, right? Where the channel model is changing – like the Salesforce model, even NetSuite is changing where there’s more of a side where you need to work with a direct sales team, which by definition have different objectives. Their objective is to sell the software for as much as possible. As for a partner, when you do the implementation, there’s a lot in it for you also in year two and year three. So you want the whole thing to go as smooth as possible. Different pros and cons there. And I think that was definitely an inspiration in owning the whole supply chain and making the product. And even then, I need to buy bottles from China. Robert: Yeah, it’s the classic case study, right? If one person could make a nail, it would be completely impossible to gather all the skills you would need to go from getting the metal out of the earth to producing a nail, much less a bottle of whisky, much less enterprise ERP. The distillery website says patience is part of your essence, and whisky obviously is a product that has to age for years before you can sell a bottle. In the channel, again to the contrast you were just describing, everything’s about this quarter’s numbers, this year’s President’s Club. It’s fast, it’s iterative, things change very quickly, new features are added rapidly. How do you retrain your brain from SaaS speed to whisky speed? Martin: I’m still impatient. But you know what, you go out in the field. And in the last couple years we had a lot of rain. And we had issues with weeds going into our fields, because we took fields that were used for hay to give to cows. So there’s a lot of seeds that you need to take out of that land. And we’re doing it with regenerative agriculture techniques, where we don’t use Roundup, we don’t use chemicals. And sometimes you just sit there and you prepare the soil and then you go into the field and you make it super nice and you plant. And then two weeks later it’s full of weeds. Like hectares of weeds just popping up on top of your barley. And you’re like, yeah, what are you going to do? You try, you go in there first and you try to pull them out, and then you realize the scale of this. It’s impossible, right? So patience is pushed on you, I would say, in agriculture. And for the whisky, I mean, we’re tasting it. I love whisky. And we have now barrels that are one year old. And these are rye – rye is something that grows very fast, very high, super easy. It’s like a weed in itself if you talk to the farmers. So we had a great crop of rye and we made our first rye last year. So we were opening up that cask and tasting it now, and it is great. But you can taste after one year the immaturity of the whisky. So I think you have to trust your taste buds and say, okay, this is great. There’s something nice, nice colour, this is the direction I want it to take. But it’s not ready. So you sit on it, you put the cork on top of it, hammer it down, and then just wait again. And I’m telling people, when is it ready? It’s going to be ready when it’s ready. It’s going to be great. Robert: Can’t rush it. You’re working 60 acres of organic grain, you’re building your rickhouse, you’re hiring a master distiller, you’re planning a tasting centre. This doesn’t sound like a hobby thing for retirement. This is a full second career. Do you find you’re working harder now than you were when you were running Gurus? Martin: Definitely. Because at the end, when you build a business, you assemble a team and people know what to do. You’ve got a PMO office, a back office, and a marketing team. And now you’re alone. So I’m like, can I get some help here? I have nobody. So you’re back into entering data in QuickBooks. No, I’ve solved that, I delegated that. But it’s tough. And the problem is, when I sold the business, I told my wife I’m retiring. And she said, yeah, yeah, you’re retiring. But I didn’t think, and she didn’t think, it would be this intense in terms of running it. And you’re fighting against all the bureaucracy and you have to understand all the rules, environmental rules. And you have to understand, to be a farmer, you have to apply for a permit to be a farmer. So what’s your background, sir? Well, I’m a software engineer. So really, good thing. Do you know about farming? Absolutely not. Okay, what are you going to do about it? Well, I’m going to hire someone. Who is it? I don’t know. Well, you need to get the licence first. So no, I found someone actually that really helped me and was working in the prairies in Saskatchewan for more than 10 years, working with cereals there. So it’s assembling a team, making it work together, putting all the resources in place so they can succeed. It’s the same thing. What I like is the manual labour, which you don’t get in tech. I’ve lost some weight. So that’s good, being out there and working with the equipment. One of the projects we’re working on now – for your listeners, we’re in March and mid-March in Quebec, it’s still very cold, it’s like minus 15 Celsius – so it’s the last time we’ll be able to go in the forest. And what we’re doing is harvesting some trees to plant oak trees. We’re introducing Quercus alba, which is the American oak, into our forest, because we have more forest than we have land. And the goal would be in, I don’t know, 30 years – I won’t be there – to make some barrels, maybe. So again, in that supply chain of getting there. But there’s no more oak in the area. It was all cut down for the lumber industry. So we’re replanting. That’s one of the side projects. So we’re going to go out with the equipment on Friday and go in the woods and cut some trees. That’s something I didn’t used to do. And that’s what my job involves now. A chainsaw. I’m happy. Robert: This is what you get to invent for yourself. And if you’re happy, that’s brilliant. You’re making three types of whisky as I understand it – a single malt, you touched on the rye, and a Canadian bourbon, which is not a concept I’d heard before. Very interesting. I enjoy a whisky, I am not a well-educated drinker. But for those who are listening, what’s the vision of the distillery? What are you going for with the whisky products? Martin: So we’re looking to develop high-end whisky. We’re talking about $100 bottles. So it really needs to be fine-tuned to the taste of the different products that you build. When you talk about rye whisky, it’s mainly – the cereal has to be rye. Single malt is just barley. And when you talk about bourbon, or if you talk about bourbon in Kentucky, it’s mainly based out of corn. So we have corn also on the land and we’ve added some wheat that we’ve tried. It’s a mix of different – they call it a mash bill. So our mash bill, the cereals that get taken into the equipment for the mash to create a beer. We make a beer, then we distill that beer and that’s the whisky at the end. The big difference is the cereals. So that batch we had, I think it was two years ago, big winter, and we couldn’t get the rye out of our silos because of the amount of snow and ice that was out there. So we said, hey, we have some corn there. Why don’t we make some – it’s all Canadian whisky, right? If you look at the official denomination, it’s Canadian whisky. Don’t confuse marketing with the real stuff. But it’s a mash bill that involves more than 50% corn. In this one I think it’s 65% corn. And it has that – you’ll recognize it if you’re a bourbon drinker – that very sweet, mellow taste of corn that you get into the whisky. That’s what you get from bourbon. So that’s what we’re making with that corn. Robert: I look forward to trying that, actually. Hopefully someday. On your website, I love the clan story – the McNicoll ancestors coming over with the 78th Fraser’s Highlanders in 1757, fighting at Louisbourg and Quebec, settling in La Malbaie. And now you’re bringing that Scottish whisky tradition back to Quebec soil. How much of this, as well as the ability to play with the chainsaw and hopefully bring in some casks, how much of this is about honouring that heritage? Martin: Well, that was a big part. When I started to enjoy more whisky and go back to Scotland, I went back to the land of my ancestors. So that was Portree, close to the Isle of Skye. And there’s another area also, another region, that there’s two big areas that the McNicoll clan were. So I got to visit that. That was always part of the story. And then as I was publishing some of my content on Scotland, a professor from a university here in the Eastern Townships contacted me. He said, you know, I wrote a book on the McNicoll clan, the whole story. So we started to talk and that became a very nice collaboration between him and the distillery to tell more of the story, to the point where we decided to call the whisky McNicoll. So the whiskies are going to be called McNicoll, with the different types of whisky we’re going to sell. The brand itself is my last name, which is an honour to this Scot who came to America, really, because they fought down, they went down to New York with the 78th, and the original dude came back north. And my mother has French ancestry – she’s a Chevalier, she’s French, French, French – and then Scottish, Scottish, Scottish. And then there’s a mix. You can see there’s a mix in between those two. And you look at the genealogy, and that professor went back and he found all the ancestors and all the churches here in Quebec and went down to New York, went to Scotland to find all the origins. Very interesting to see the different clans and the French into making our population today. Robert: Very cool. You touched a little earlier on the bureaucracy and that kind of fun. You went through an interesting fight with Quebec’s Agricultural Land Protection Commission to get permission to build a distillery on farmland. Without getting too deep into the legal weeds, what was that like? And is that a challenge other people thinking about agritourism or value-added agriculture should be ready for? Martin: Definitely. And doing business in anything that involves food – there are some guidelines and some rules of law that you need to follow, which is, I would say, much harder than to open a NetSuite provider or a NetSuite partner licence. I had offices all across the US and also in the rest of Canada. It was 100 times easier to open an office in California than to start an agri business in Quebec, or even I would say Canada. Some provinces are easier than Quebec, but it was always a challenge. But I knew I was right. So one thing you learn is that you surround yourself with great people. My lawyers – that’s the thing you can do when you have money, you just lawyer up. But they were great at understanding everything that was going on. I found the expert and this woman knew exactly what was happening. She found some other people that were able to go through it. And we just had to go through all the legwork and convince the commission that what we’re doing is okay. And here’s why. But it’s a process and it’s frustrating because you’re there and you want to do this project. And you’re like, I’m going to be environmentally friendly. I’m going to do this from the grain to the bottle. I want to do all those different things. And then you see all those obstacles. But I think it’s part of the challenge, going through them and winning. At the end, I won. So that’s what counts. Robert: It is exactly what counts. So if someone in the channel who’s in a place that you were at when you were with Gurus is listening to this and thinking, I’d love to do something like that someday – not necessarily to be a competitor to you, but to sell the practice, go off and do something completely different, that’s their dream – what would you tell them, having gone through this process as far as you have now? Martin: I think the fact that they have done it before – starting a consulting firm and running it and dealing with customers – they’ve built their knowledge and their expertise and their resilience into doing anything else. I would always say that implementing an ERP system is the Formula One of computer science, because you have so much complexity. And if you fail, the company can die. They will not operate. Products will not ship. Invoices will not go out. You can cripple a business by doing a wrong implementation. So I would say you’re really prepared to do anything, in my mind, after the channel, after running that type of business. I think it’s just to look at what you like to do and what’s your ambition and take it head on. Robert: Good advice. Good advice from someone who has done it and is doing it. And my last and no doubt most important question – when do we get to actually taste the whisky? When do you get to market with your products? Martin: At least two years. So to be whisky, to be called whisky, it needs to be three years in a cask, in an oak cask. And for us, we just reached our first anniversary in December. So we still have a good two years to go. And we have to decide if we are going to put it in a bottle or not. We’re going to taste it and say, is it ready or not? And if not, I’m just going to sit on it again. However, we’re coming out with a liqueur that we’re making. It’s a butterscotch liqueur that our master distiller has been developing. And he’s working also on another liqueur that we want to put out, and we’re going to sell locally. Just to get some things out of the distillery with a Scottish-type accent. Our master distiller has also some Scottish ancestry. He went to school at Heriot-Watt University in Edinburgh to learn about the trade. So he’s got all those ancient recipes of Scottish liqueurs. We’re pulling out of that book to create some interesting products. So that should come in a couple of months, hopefully, if I can get my bottles from China. Robert: Fascinating stuff. Good luck. It’s been very interesting catching up and it’s always fascinating to hear about the journeys of folks who’ve made a career in the channel and see what they’re doing afterwards. All the best with getting that liqueur out, and the longer term getting those three whiskies out the door. Martin: Thank you, Robert. Robert: There you have it – Martin McNicoll, formerly of Gurus Solutions, currently of Distillerie des Cantons de l’Est. I’d like to thank Martin for his time and honestly for his openness. It’s not every day that someone walks you through what it’s actually like to trade quarterly SaaS targets for fields of organic barley and barrels that won’t be ready for three years. A couple things that stuck out for me in this conversation. First, the idea that the same muscles that Martin built running a channel business – the acquisitions, the growth planning, the systems thinking – are the same muscles he’s using to build the distillery. Different industry, same instincts. I think anyone running a channel practice will recognize themselves in that. And second, the patience piece. Martin talked about planting trees today for barrels he won’t use for 30 years. That’s a fundamentally different relationship with time than most of us have in the tech world. And I think that’s something worth sitting with. If you want to learn more about what Martin’s building, you can find the distillery at distilleriedescantons.ca, and we’ll have a link for that in the show notes. Keep an eye out for the butterscotch liqueur, which should be available before the whisky is. If you enjoyed the episode, do me a favour – follow or subscribe wherever you’re listening, whether it’s Apple Podcasts, Spotify, YouTube, wherever else you find your podcasts. And if you’re feeling generous, a rating or review goes a long way for a small show like ours. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Erin Gertner, vice president of the Partner Organization and SMB Sales at Cisco Canada When Cisco CEO Chuck Robbins told investors the campus and data centre refresh is at “the top of the first inning” of a multi-year, multibillion-dollar opportunity, it raised an obvious question for Canadian partners: what does that inning look like here? Erin Gertner, vice president of the Partner Organization and SMB Sales at Cisco Canada, says Canada is tracking with the global trend – and that the opportunity is being driven by a “perfect storm” of three converging forces: the largest last-day-of-support (LDOS) wave Cisco has seen in years, growing urgency around AI readiness, and increasing pressure around data sovereignty. The AI readiness gap is particularly striking. Only 7% of Canadian organizations say they’re fully prepared to deploy AI – down from 9% the previous year – while 96% say the urgency has increased. That tension is creating real opportunities for partners who can lead with outcomes rather than product. Gertner says the partners winning the biggest deals are those taking a consultative approach – running assessments, broadening the conversation beyond a like-for-like swap, and helping customers understand their full security and AI readiness posture. In one example, a security assessment nearly quadrupled the deal size compared to a straight hardware refresh. The conversation also touches on where vertical demand is hottest (financial services and healthcare are leading), how the Secure AI Factory with NVIDIA translates for mid-market partners, the role of data sovereignty in driving on-prem modernization, and what smaller MSPs should be doing to get in the game. Gertner’s advice to partners who haven’t started? Reach out to your Cisco partner account manager or distributor and get access to the PXP data – the opportunity is there, and Cisco wants to make it easy to find. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always, your host for the show. On Cisco’s most recent earnings call, CEO Chuck Robbins called the campus and data centre refresh the top of the first inning of a multi-year, multi-billion dollar opportunity. Double-digit growth in networking, six consecutive quarters. But that’s the global picture. What does the first inning look like in Canada? My guest today is Erin Gertner, VP of the Partner Organization and SMB Sales for Cisco Canada. Erin sees what she calls a “perfect storm” converging right now – a massive wave of aging infrastructure hitting last day of support, growing urgency around AI readiness, and increasing pressure around data sovereignty. We get into what Cisco Canada is seeing on the ground, where partners are finding the most traction, and what separates the ones winning those deals from the ones leaving the door open for somebody else. Let’s get right into it. My chat with Erin Gertner. Erin, thanks for taking the time. I appreciate it. Erin Gertner: Thank you so much, and thank you for having me, Robert. It’s nice to see you. Robert Dutt: Nice to see you as well. It’s been a little while since Partner Summit when last we sat down, but I wanted to chat because of Chuck’s comments on the earnings call, talking about the top of the first inning on a multi-year, multi-billion dollar opportunity around campus refresh. Double-digit growth in networking for six consecutive quarters. That’s the global picture. I guess to throw it open, what does that top of the first inning look like from where Cisco Canada sits? Are we tracking with the US on this one? Are we still back in spring training? What does the Canadian opportunity look like in this moment? Erin Gertner: I think we’re seeing something very similar to what Chuck spoke about on the earnings call. We are seeing a multi-year, multi-billion dollar refresh cycle taking place here in Canada. And I think it is the perfect storm of three things coming together. One, we have a lot of aged infrastructure out there. Sometimes we call it last day of support, or LDOS. When we look in our portfolio, we’ve got the largest LDOS opportunity that we’ve had in many, many years this year and next year. We’ve been working with many of our partners as well as our account teams to start going out and pursuing those opportunities because we really do need to get in front of them. But we’re also seeing the dynamics of a few other things taking place. One is AI readiness. I think you probably heard in our earnings call, Chuck talk about the success that we’re having in AI. A lot of that today is really centred in the world of the hyperscalers. In our last earnings call, I talked about doing over $2 billion worth of infrastructure with the hyperscalers. So there’s this huge influx of demand around AI. But where we haven’t really scratched the surface is AI in the enterprise. The hyperscalers are very well prepared, but now we’re starting to see this big wave of enterprise deployment, or at least enterprises thinking about the use cases and the ROI, because it is a board-level conversation. And then lastly, and this is probably a topic you hear a lot about working in Canada, is around digital resilience and data sovereignty. You need a modernized, secure network in order to deploy AI, and the network is more critical than it’s ever been as you think about the role it’s going to play in the next few years. The ability to fuse together security into the network is really unique and core for Cisco and driving refresh. I often talk to partners about the LDOS opportunity, and we used to get the question a lot of, “Why would a customer upgrade?” or, “How do I have this conversation with a customer?” because their response is often, “It all still works. Why bother?” I think AI especially is really giving them that reason to modernize, because while their network may work, it wasn’t necessarily built to run the applications that they’re going to need today and in the future. So it’s a really compelling conversation, and we’re seeing huge uptake and demand in networking. Robert Dutt: You touch on the customer size, especially on the AI side of things. Looking across the Canadian market in terms of customer size, vertical, geography – is the refresh opportunity relatively evenly distributed, or is it concentrated? Where’s the heat at right now? Erin Gertner: It’s been interesting. All of our account teams, some of which are verticalized, others which are organized geographically, talk a lot about where they’re seeing refresh opportunity. A great example is what we’re hearing from financial services organizations. We had that long period of COVID, and then there’s been a ton of conversation around return to office. Our financial services team will tell you that there’s massive demand because if you listen to what the banks or insurance companies are doing, they’re asking people to come back to the office. Those networks, many of which were built in 2018 or 2019, can’t support the applications that are being driven in today’s world. They can’t even support the number of people they have anymore. [A lot of those organizations saw a boom.] So there’s a huge network refresh taking place right now in that specific vertical. We’re also hearing a lot about mission-critical verticals like healthcare, where uptime is hugely important and security and resilience are top of mind. But it’s really spread throughout. Many companies had a long period of time where they spent a good majority of their budget on work from home and getting people set up for different use cases. Now that we’re living in this hybrid world, or a lot of organizations are back to work, that’s putting a huge change in demand on what is being asked from the network, plus everything that’s happened from the AI perspective. Robert Dutt: You bring in a lot of different threads in terms of things that are driving this – AI readiness at the top of the list, aging infrastructure, data sovereignty, security modernization, probably a few more. What’s actually leading the charge in this moment for the conversations you’re having with Canadian partners and customers? I’m curious if one of those things is the leader and the others follow, or if there’s really a convergence where this is a big pile of conversation topics at the same time. Erin Gertner: I think it’s a big pile of conversation topics at the same time, and it also depends on the partner you talk to and how they’re approaching a customer. Every partner has got a really interesting and different approach, especially when it comes to AI, and I love that about our partner community. A lot of them are taking, for example, an advisory services-led approach, or they’re taking the approach of – I hate this expression, but it’s one that makes sense – eating your own dog food. I was with a partner last week and they were talking about a lot of the work that they had done to embed AI into their own workflows. Then they were taking their success out into the market and starting new conversations with customers they hadn’t historically had access to. All of that was leading to a network refresh conversation, because customers are excited about the opportunity with AI, and then the partner was able to embed the question around, “Well, are you ready? Do you have the right infrastructure in place?” The conversation often is bigger than that, and obviously security is a huge area of concern when it comes to AI. I think that’s where Cisco is very uniquely positioned to win in this space. We’re seeing a lot of our competitors try to bring network and security together, and we’re really the only organization who can truly embed network and security together and then traverse it from the campus to the data centre. Robert Dutt: To your point on dog food, I learned from a partner years ago that the way to phrase it is “drinking one’s own champagne.” Erin Gertner: Oh, I like that expression a lot better. Thank you for that. Robert Dutt: Let’s talk about the AI side of things. Cisco’s own AI Readiness Index showed that 7% of Canadian organizations feel they’re fully prepared to deploy AI, and that’s actually down a couple of points from 9% in 2024. 96% say it’s more urgent than ever. That’s a pretty big gap. How’s that tension showing up in the conversations that partners are having with their customers? Erin Gertner: I’ve spoken to a lot of partners in the last little while, and again, each are taking a very individual approach. I think leading with outcomes and that consultative mindset – and it looks very different for each partner – but they’re all trying to understand what outcome a customer is trying to deliver, or what is the ROI, or what is that metric that’s going to help move a CEO’s agenda forward, or help them understand how they can build a true business case to build out a full AI deployment. It’s hard, right? We’re going through our own transformation at Cisco. We’ve got a team of individuals who work with us internally building out our AI workflows, and even on my own team, we’re trying to do all these things to help our team adopt AI tools to make their lives easier and more efficient. You often hear that somebody’s job is not going to be taken by AI – it’ll be taken by somebody who knows how to use AI. It is even more critical than ever that organizations figure it out. A lot of our partners have deployed some interesting things for themselves or worked through really interesting consulting engagements where they have use cases they can take out to market and help customers build that business case for themselves. They need to start small, they need to define what success looks like, and I think many customers have a long road there, but there’s certainly hope that we’re headed in the right direction. Robert Dutt: Raj, the president of Cisco Canada, wrote an op-ed recently saying that Canadian businesses risk – I think the quote was – “Blockbuster-style failure” without having the right AI infrastructure. For a partner who’s sitting across the table from a customer who feels that urgency but hasn’t really started yet, what do you counsel that partner to advise the customer on? What’s the practical starting point? Where do you begin? Erin Gertner: It’s tough. Again, it depends what type of customer they are and what their use case looks like. But I think for that customer, it’s really leaning back to outcomes – what is going to demonstrate success for that organization? The last thing you want anybody to do is go out and deploy an AI application and see absolutely no success out of it. That will move that executive’s agenda back probably a couple of years. But we are also really encouraging partners to talk through: Are they ready? You can have the best use case out there, but do you have a good data strategy? Do you have a good security strategy? Have you thought about modernizing your network? Is sovereignty important to you? And if it is, do you want to start thinking about potentially building that on-prem, or taking a different approach than maybe what you have historically done, because there are new considerations being layered on top of all of that. Robert Dutt: Talk to me about the Secure AI Factory side of things. Tim Coogan called it the partner opportunity of this year. I’m curious how that translates practically for Canadian partners. Is this a play mostly for the big SIs, or are you finding mid-market partners who are finding a role in the AI infrastructure buildout? Erin Gertner: I think it’s a little bit of both. We’re having conversations around Secure AI Factory with some of our largest partners because it is really unique. Our relationship with NVIDIA is truly one of a kind, and we’re actually creating products together. I know everybody has done a great job of partnering with NVIDIA in the market, but our relationship with them is a little bit different. What I love about the whole notion of Secure AI Factory is the fact that it’s everything built together. We make it really easy. We’ve pre-built all the CVDs. We’ve essentially created a blueprint for partners and customers to go out and deploy an entire AI pod. That includes everything from networking to servers to security to observability. We can even include storage, even though we don’t make it – we’ve got a bunch of great storage partners. Is it going to work for a small customer being serviced by a small partner? Probably not. It might be outside the scope of what they’re doing. But for mid-sized customers who are running interesting workloads and they want them on-prem, and especially for bigger customers who want to scale and deploy really quickly, or partners who have a ton of depth and capability in that space, the Secure AI Factory is a great solution. Robert Dutt: For a Canadian partner who’s looking at this refresh opportunity, where are you seeing the most traction in terms of the technology stack? Is it campus switching, data centre modernization, Wi-Fi, security? What’s the entry point that’s helping partners produce pipeline right now? Erin Gertner: We’ve done a lot of work with partners. We’ve got a tool called PXP – I think you’ve probably had some exposure to it – but we’ve been doing quite a few workshops with our partners to help them understand where their opportunity is. PXP does a great job of being very data-rich and data-centric. As we go through the enablement with partners, it gives them a good sense of what their refresh opportunity looks like. Then we are trying to make sure we enable them around the broader conversation. You don’t want to just be refreshing a switch for a switch. Our best partners are taking that data and – again, to your question, some partners, let’s say their history was really in the data centre – data centre networking is probably their biggest opportunity because that’s where they’ve sold the most in the past. For more broad-scale partners, it could be a combination of two or three different things. What we’re really trying to coach them to do is take that opportunity and don’t refresh a switch for a switch. Help the customer understand what outcome they’re trying to achieve. Do they have the right security posture? What’s their Wi-Fi strategy? What’s their device strategy? We’re trying to help them take that data and broaden the conversation into something that’s more outcome-driven. Our best partners are doing an excellent job of that and building really big, interesting deals alongside their customers. Robert Dutt: In doing that, when you’re looking at the services layer, are there any particular areas that you find are especially productive? Assessments, design, migration, managed services post-deployment – where are partners getting the most return from focusing their energy? Erin Gertner: Consulting services has been a huge one. We’ve got a great assessment program and we have some partners who are doing a great job leveraging it and seeing a ton of success. I was in a partner QBR the other day and they were giving an example of having done a security assessment with a customer that significantly broadened the scope of the deal and helped the customer understand where they had some vulnerabilities in their current infrastructure. That deal almost quadrupled in size. Partners are doing a great job with that. What we’re really trying to encourage partners to do is make sure we’ve got an adoption plan for every software deal out there upfront, because we want to make sure anything our customers buy from our partners, they have a great experience with. If they aren’t doing a good job of adopting that and showing value all the way throughout the chain, we’re not going to see a renewal at the end. The other thing we’ve been talking a lot about with our leadership team is some of what’s happening in the industry right now with some of the shortages that are industry-wide. In COVID, we saw something similar happen – a lot of supply chain constraints. Then there was this really long ingest period that happened afterwards because customers just had so much technology. We are really encouraging our partners and our teams to make sure we’re leading with services, so there is an outcome attached to the end and there is a plan with the customer to consume the technology so they can get the most out of what they’ve bought from us. Robert Dutt: We talked a little bit about the big guys, the SIs, and the opportunity around AI Factory. For the smaller partner, that long-tail 15-to-20-person MSP that’s living in Meraki and maybe doing some security, is this a real opportunity for them, or is this fundamentally a larger VAR and SI play? Where it is accessible to that SMB-focused partner, what does the on-ramp look like? Erin Gertner: It’s absolutely accessible for that SMB partner. I also have the SMB part of our business, so this conversation is very close to my heart. Given the IT skills shortage that is very dominant in the Canadian market, we are seeing a lot of customers who don’t want to manage their own network. As customers grow – let’s say they were a very small customer four or five years ago and they chose more of a consumer-grade solution at that time – as they want to move into a more enterprise-type solution with security and all the other bells and whistles embedded in it, a lot of those customers are choosing not to manage that themselves. But they want to be in the same place as their competitors, because the expectation is they grow and scale just as fast, probably faster in fact, as a big company. A lot of those companies are born in the cloud, leveraging tons of cloud applications, so the way they create their foundation is even more critical than ever. We have a bunch of great small to mid-size partners who are doing awesome things in that space and growing pretty significantly, actually gaining a lot of market share because of their agility and their ability to manage something at a cost-effective price. Robert Dutt: You mentioned the importance of data sovereignty in the conversation. The federal government has launched a call for proposals for sovereign AI data centres of over 100 megawatts, and we’ve seen Cohere get a lot of federal backing for their data centre build. Is data sovereignty a driver in this enterprise refresh, or is it a parallel conversation that’s happening at the same time? Erin Gertner: I think it’s a bit of a parallel conversation, but it’s certainly driving a huge – not even refresh – just huge modernization effort. A lot of it is centred around Canadian organizations who are worried about data sovereignty, or who are worried that sovereignty requirements might hit them in the next few years. They’re trying to prepare themselves by building out new types of data centres on-premise – new data centres to support applications coming back on-prem. While maybe they haven’t built everything on-prem today, we are seeing a massive surge in companies starting to think about what that might look like. For customers who had almost all of their applications in the cloud previously, their data centre network didn’t necessarily support the low-latency, really high-bandwidth requirements that would come into play if they start putting mission-critical applications back on-prem. We are seeing a lot of customers starting to think about what they would need to build to support sovereignty requirements, or if they’re going to continue to live in a hybrid world – which, let’s be honest, the majority of Canadian organizations are probably going to live in that world, and that’s all good – the network they have today probably doesn’t support that in the way they’d like either. Robert Dutt: Let’s talk about what you’re doing to support partners through this process. What are the incentives, enablement resources, the programs that are particularly relevant to Canadian partners who are looking at this opportunity and going after it? Erin Gertner: I think we’ve been pretty declarative about wanting to be the critical infrastructure for the AI era. We’re doing a lot of enablement with our partners. We’ve aligned our incentives, both front-end and back-end, to this opportunity. We’re doing a lot of workshops to help our partners understand where those opportunities lie and help them understand how to go out and capture them. We’ve also been running a lot of demand generation alongside our partners around our AI strategy, what that looks like, as well as showcasing the innovation that Jeetu has put forward in our portfolio around network and security coming together, because I do think it’s a great story and one that maybe not everybody knew. Some people probably think we’ve still got two different platforms with Catalyst and Meraki, where the truth is those have come together in the last year. With our acquisition of Splunk, there’s a lot that’s been infused into the network. Jeetu has also done a fantastic job of creating a really innovative security portfolio, a lot of which is actually embedded into the network layer. So there’s been a lot of education that we’ve had to do with both our partners and our customers to make sure they’re able to go out and tell that story to the market. I think Tim Coogan said this best – our job is to create that innovation, and then our job is also to help enable our partners to go out and be an extension of our sales force and help them deliver value to customers based on that innovation. Robert Dutt: What do you see as separating the partners who are winning these refresh deals from those who aren’t? What are the best partners doing differently? Erin Gertner: Again, I think really leading with that outcomes-based conversation and not just doing a like-for-like refresh. The ones who are going out and really taking a consultative approach, they’re winning a lot more and they’re winning much larger deals. I was on with a partner yesterday who was showcasing some of the work they’d been doing around AI and sharing with us some of the success they had just recently had, and they’re winning amazing deals by taking a very consulting-led approach. What we have seen in the past from certain partners is they go in and focus very much on that refresh opportunity, and then they almost leave the door open for another partner to come in and have a conversation around networking, observability, and all the other aspects around that critical infrastructure. So the best partners are the ones who are leading with the whole portfolio. I know we’re going to talk about 360 as well, but we’re really trying to incentivize our partners to build a lot of skills and technical depth around our solutions, and the ones who are really good at being able to tell the story of how our whole portfolio comes together – that “One Cisco” story that we often talk about – they’re the ones who are winning the most. Robert Dutt: If I’m a Canadian partner listening to this and I haven’t really started leaning into that refresh opportunity yet, what should I be doing about this on Monday morning when I show up to work? And looking further out, we’re in the top of the first – what do you see the second and third innings looking like here in Canada? Erin Gertner: Firstly, reach out to us. However you engage with Cisco, whether it’s through one of our distributors – who are amazing and have access to all of our tools – or reach out to your partner account manager at Cisco. We can provide all the training required on how to have the right conversation, as well as access to all the data you need to help you figure out where you should start and which customers are due for a refresh or have a refresh opportunity in the next six months. We can make it really easy for our partners to know where to spend their time and get a pretty fruitful payoff, both on the front-end and the back-end with us. What do I think the second and third innings might look like? I think we’re still really at the infancy of that. We’ve seen a few customers go down the refresh path – probably our largest customers have gone down the refresh path. Some of them have modernized networks or they’ve gotten to where they think they need to be to support AI applications. But I do think we’re going to see some of our smaller customers start to catch up. I also think we’re still really at the infancy of the success of AI. We talk a lot about the role of agentic AI and how that’s going to proliferate through organizations in the future. I don’t know that many customers have figured that out yet today. There are some who are really at the edge of innovation and who’ve done an amazing job with that, but it isn’t mainstreamed yet. As agentic AI really starts to roll out, the demands on your network and the demands around security especially become even more complex and even more critical. I think that’s going to be the next wave. A lot of companies have done a good job of finding one or two use cases, maybe small ones, that have delivered value for them in AI. But there are very few organizations – and we talked about it through the AI Readiness Index – very few organizations who have really found tremendous value from AI today, but they will in the future. Robert Dutt: I think you’ve done a great job of setting up the game for Canadian partners here. Good luck with the rest of the ballgame, and thanks so much for taking the time. Erin Gertner: Thank you. Robert Dutt: There you have it, Erin Gertner from Cisco Canada. I’d like to thank Erin for her time on this one, and thank you for listening. A couple of things that stood out to me. First, how strongly the consulting and assessment-led approach is paying off. Partners who are going in and helping customers understand the full picture – security, AI readiness, network modernization – aren’t just winning deals. They’re winning deals that are three and four times the size of a like-for-like refresh. And the other is something Erin said that I think is worth sitting with: there’s no AI without a network. Simple statement, but it reframes the entire refresh conversation for partners who aren’t sure where AI fits into what they do. If you’re enjoying In The Channel, you can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. Follow, subscribe, leave a rating or a review if you’re feeling generous. It all helps. Till next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
RSA Conference 2026 produced hundreds of announcements from San Francisco’s Moscone Center this week. We curated the ones that matter for Canadian IT channel partners into three themes: agentic AI as the new attack surface, identity and hardware resilience, and partner economics. The big theme: agentic AI is the new attack surface The dominant message from RSA 2026 was clear — AI agents are a brand new attack surface, and the security industry arrived with its first wave of answers. Cisco extended its Zero Trust framework to treat AI agents as a new identity type, with visibility, access controls, and real-time monitoring for autonomous agents operating on the network. CrowdStrike launched Next-Gen SIEM support for Microsoft Defender for Endpoint with no Falcon sensor required, plus Shadow AI Discovery and AI Runtime Protection for finding unauthorized AI tools across client environments, and Agentic MDR for managed detection and response at machine speed. Proofpoint unveiled its AI Security platform and Agent Integrity Framework, defining a new standard for governing autonomous AI agents in the enterprise, alongside email and data security updates for the agentic workspace. Black Duck brought Signal to general availability, an agentic application security platform designed to secure AI-generated code in autonomous development workflows. Other notable RSA announcements along the agentic AI theme included Arctic Wolf’s Aurora Agentic SOC, Darktrace’s managed email security offering for MSSPs, and Huntress expanding ITDR coverage to Google Workspace while surpassing 10 million Microsoft 365 identities protected. Identity and resilience RSA launched ID Plus Sovereign Deployment, fully air-gapped, on-premises identity security for environments where cloud isn’t an option — directly relevant for Canadian organizations navigating data sovereignty requirements. RSA also announced an expanded partnership with Microsoft around M365 E7 and passwordless authentication, going deep on cloud integration at the same time as the sovereign deployment — both directions simultaneously. Dell Technologies expanded cybersecurity and resilience for the AI era and emerging quantum risks, including quantum-ready commercial PCs with post-quantum cryptography at the firmware level, AI-powered ransomware recovery for PowerProtect, and MDR extended to AI data platforms. HP launched TPM Guard from their Imagine event in New York, a hardware-enforced security feature protecting TPM-to-CPU communications from physical attacks — a similar hardware-level security play announced the same week. And here’s what you can sell Barracuda advanced the BarracudaONE cybersecurity platform alongside updates to the Partner Success Program, investing in both platform and partner program at the same time. Sectigo introduced an industry-first multi-tenant partner platform for certificate lifecycle management as a managed service, designed to help MSPs turn the shift to shorter certificate lifespans — now 200 days and eventually shrinking to 47 days by 2029 — into a scalable, recurring revenue stream. Further reading SecurityWeek’s RSAC 2026 Day 1 announcements summary SecurityWeek’s RSAC 2026 Day 2 announcements summary CRN: 10 hot new cybersecurity tools announced at RSAC 2026 Read Full Transcript Hello and welcome to a special midweek edition of In Case You Missed It from ChannelBuzz.ca. I’m Robert Dutt, and this week, RSA Conference 2026 took over San Francisco’s Moscone Center. Hundreds of announcements, dozens of press releases, and a whole lot of noise. So we went through the pile and pulled out what we think actually matters for Canadian IT channel partners. Let’s get into it. If there was one defining message from RSA this year, it’s this: the AI agents your clients are starting to deploy? They’re not just productivity tools. They’re a brand new attack surface, and the security industry just showed up with the first wave of answers. Cisco made the biggest splash, extending their Zero Trust framework to treat AI agents as a new identity type. Their pitch: if an AI agent can browse, query, and act on behalf of a user, it needs the same visibility, access controls, and real-time monitoring as any human on the network. CrowdStrike came in heavy across multiple days. Their Next-Gen SIEM now ingests Microsoft Defender for Endpoint telemetry with no Falcon sensor required — which is a big deal for MSPs managing mixed Microsoft environments. They also launched Shadow AI Discovery, which finds unauthorized AI applications running across client environments. If you’ve ever had to track down rogue SaaS subscriptions, imagine that problem, but with AI tools that can actually take actions on behalf of employees. CrowdStrike also introduced Agentic MDR — managed detection and response that operates at machine speed against AI-driven threats. Proofpoint went after the same problem from the email and collaboration side, launching their AI Security platform and Agent Integrity Framework. Their angle: securing the “agentic workspace” where humans and AI agents are operating side by side across email, cloud, and collaboration tools like Teams and Slack. And Black Duck brought their Signal platform to general availability — agentic application security designed specifically for AI-generated code. When your developers are using AI to write code, who’s checking the AI’s work? That’s the gap Signal is designed to close. They weren’t alone. Arctic Wolf launched what they’re calling the world’s largest commercial agentic SOC. Darktrace rolled out a managed email security offering for MSSPs. Huntress expanded their identity threat detection to Google Workspace. The message from the industry was unanimous: agentic AI security is not a future problem. It’s a right-now problem. If you’re advising clients on AI adoption, the security conversation just got significantly more complex. And that complexity is an opportunity — because your clients are going to need help navigating it. RSA — the company, at their own conference — made two announcements that pulled in opposite directions, and that was the point. They launched ID Plus Sovereign Deployment — fully air-gapped, on-premises identity security for environments where cloud is not an option. Think regulated industries, government, anyone with serious data sovereignty requirements. For Canadian partners dealing with OSFI E-21 or federal procurement, that’s directly relevant. At the same time, they announced an expanded Microsoft partnership around M365 E7 and passwordless authentication. So RSA is going both directions: as sovereign as you need on one end, as deeply cloud-integrated as you need on the other. On the hardware side, Dell announced quantum-ready commercial PCs with post-quantum cryptography built into the firmware, AI-powered ransomware recovery for their PowerProtect line, and an extension of their managed detection and response service to cover AI data platforms like PowerScale. HP made a similar hardware security move from their own event in New York this week, launching TPM Guard to protect TPM-to-CPU communications from physical attacks. The common thread: the security conversation is moving below the operating system and into the silicon. Two announcements that translate directly to partner economics. Barracuda — a hundred percent channel company — advanced their BarracudaONE cybersecurity platform alongside updates to their Partner Success Program. Platform investment and partner investment at the same time. That’s the kind of announcement that tells you a vendor is serious about the relationship, not just the product. And Sectigo launched a new partner platform built around the reality that SSL certificate lifespans that are already shrinking and headed to 47 days. When certificates need to be renewed every 47 days instead of every year, that’s either a massive headache or a recurring revenue opportunity. Sectigo is betting that partners who automate the process will turn a compliance burden into a managed service. That’s RSA Conference 2026 through the Canadian channel lens. Agentic AI security dominated the conversation. Identity and hardware resilience matured. And a couple of vendors made moves that directly affect your bottom line. Links and details for everything we covered are in the show notes. We’ll be back on Monday with the regular edition of ICYMI. Until then, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
Rob Scott, co-founder of Monjur Rob Scott, co-founder of Monjur and managing partner at Scott & Scott LLP, joins the podcast to talk about what’s broken in the average MSP’s contract stack and what it takes to fix it. Rob has spent more than 27 years at the intersection of technology and law, and his firm works with over a thousand managed service providers across North America. The conversation covers the three biggest areas of contract risk Rob sees across the MSP community: agreements that haven’t kept pace with the services being delivered, unaddressed vendor and third-party liability, and missing data processing agreements in an increasingly complex regulatory environment. Rob walks through practical provisions most MSPs don’t have but should, including a “security recommendations” clause that shifts liability to customers who decline recommended protections. Rob also digs into why AI is changing the contracting equation in both directions – from the new service attachments MSPs need when delivering AI-powered services, to the risks of using unsupervised LLMs for contract drafting – and offers a candid assessment of where Canadian MSPs stand relative to their American counterparts when it comes to contracting maturity. The conversation wraps with a practical starting checklist for MSPs who know their contracts are out of date but don’t know where to begin. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and your host for the show. My guest today is Rob Scott. Rob is the co-founder of Monjur and managing partner at Scott & Scott LLP, where he’s spent more than 27 years at the intersection of technology and law. His firm works with over a thousand managed service providers across North America on their contracts, and he recently launched Monjur Pilot, an AI-powered legal assistant built specifically for MSP contracting. Now, I know what you’re probably thinking – contracts aren’t exactly the sexiest topic in the channel. But here’s the thing. Most MSPs, I think, know their contracts are out of date, and they also know that they should do something about it. They just don’t. And in a world where the threats are evolving, AI is changing the service landscape, and the regulatory environment, particularly here in Canada, keeps getting more complex, the gap between what your contracts say and what your business actually does is becoming a real liability. Rob has seen what happens when that gap catches up to you, and he’s got some very practical advice about what to do about it. Let’s get right into it. My chat with Rob Scott. Rob, thanks for taking the time. I appreciate it. Rob Scott: Thank you for having me. Robert Dutt: You’ve been working with MSPs on their contracts for, I think it’s over two decades. What’s the state of the contract stack for the average MSP in 2026, and how wide is the gap between what most MSPs are actually running on and what they should be running on? Rob Scott: That’s a great question. When I look at contracts, I see three big areas of risk for MSPs. One is that their agreements don’t keep up with their services. In the MSP world, that means you’re offering compliance advisory services without proper compliance advisory contracts. We call that service attachment for managed compliance. You’re now working with clients in and around AI and AI products, which are using a pre-AI customer contract. These are the things that change with frequency in IT, and for MSPs, that means one area of contract protection – static agreements don’t fit with emerging service offerings like tech. Sometimes their agreements don’t keep up with their services, and other times, their agreements are not reflected for trends in the marketplace or specific risks. For example, ransomware attacks or emerging cybersecurity risks. MSPs don’t frequently have, for example, very clear-cut exclusions from responsibility for the criminal acts of third parties. Similarly, their contracts don’t limit their liability for acts or omissions of vendors. We monitor the terms and conditions of over 1,200 vendors in the MSP channel, and our clients get their customers to sign a waiver for any acts or omissions of those third parties. That’s an area – what I call vendor risk – which many MSPs are exposed. Then the third big category is regulatory risk, operating with customers in regulated markets without the appropriate data protection agreements and data processing agreements that are required by both international, federal, and state laws. Those are the areas where most MSPs have been underserved by traditional legal services, which have caused many to move in the direction of do-it-yourself, which has many exposing themselves to unsupervised LLMs. While contracting for MSPs is very complex, they really have not been well-served by traditional legal services. Robert Dutt: The open LLMs is what keeps me up at night. Shadow AI is a concern for lawyers, or at least us, as much as it is for MSPs. Shadow AI in their customers’ organizations, us for different reasons. But the MSPs are faced with a challenging choice between choosing fast and inexpensive do-it-yourself legal protection that lacks accountability and supervision, or traditional legal services that can be slow, can be expensive, and can be out of touch with what MSPs do. Many of my clients have shared stories about interactions with lawyers, not fondly, in part because the lawyers had no clue what they did, and they felt like they were paying the legal fees to explain to the lawyers what an MSP does. Rob Scott: And so it’s been a challenge for many MSPs to get legal protection that’s both fast, affordable, and offered by MSP-specific attorneys. Robert Dutt: You touch on the problem of keeping up with technology trends. I’m thinking in broader terms than that. What about whole directions of risk, I guess I would say. The example I think of is we’re doing a lot of tracking of the trend of abuse of trust. Attackers not breaking in, but logging in through trusted identities, VPNs, software supply chain attacks, those kinds of things. Basically, when the threat itself has shifted so fundamentally, how far behind are most MSPs in terms of accounting for that in their contracts? Rob Scott: I would say very far behind. I would say overall, the customers that we talk to, the people we meet, are either on some do-it-yourself approach that really hasn’t been updated by an experienced attorney, or hasn’t been updated recently to reflect the emerging threat landscape as you described it. But we’re constantly updating our agreements to properly reflect detailed terms and conditions about these emerging threats. And I’ll give you an example. We have in our MSA a provision called security recommendations. And what that provision says is the MSP may from time to time give the customer recommendations about security compliance. For example, multi-factor authentication. And if the client does not accept or move forward with those proposals, anything that happens as a result that those things could have prevented is 100% on the customer – the MSP is off the hook. And so when I think about emerging technology and the changing threat landscape, a lot of it has to do with how you manage the communications and the risk associated with that. And MSPs have had the hard choice in the past of having to either tell a client, “No, I’m not going to support you,” or, “Hey, I’m going to give you this waiver to sign.” And this whole topic of declination of services around point solutions that deal with emerging threat factors has been a common issue with MSPs. They go to the customer. They’re like, “You’re exposed. You need these advanced security features.” I mean, there’s new stuff all the time, but right now, it’s a lot of focus on zero trust. And so it’s not inexpensive to implement a zero trust model within a business. And if an MSP wants to implement zero trust, the customer has to cooperate to buy those things. And the customer doesn’t understand them well enough to know what they do or why they need it. So their first reaction is to say, “No, it’s too expensive.” And that puts the MSP at risk, because I tell the MSPs, my opinion is their network is only as strong as its weakest link. So if you let these customers on that you know are overly risky, that puts the whole portfolio of customers at risk. And that’s a lot of what you’re talking about with those threat vectors. Those threat actors are thriving on being patient. And it’s not just like, “Do we have guards at the front door?” It’s like, “We need guards in every room.” They’re already in. So that’s one of the things that I think most people think about. Cybersecurity is like hacking events or ransomware events, but so much more of it is they’re in your networks, they’re able to move around, they’re squirreling their way into different areas, and they’re being very patient waiting for that opportune moment. And so it’s not just about keeping people out, it’s also about catching them after they get in. And that’s where a lot of these emerging technologies and emerging threats are posing unique challenges from a cybersecurity perspective. And the question is, “How are your agreements evolving?” And that’s where making sure that your vendors are all on there. So if there’s any act or omission of a vendor, that you can be covered for it. And the things that happen in cybersecurity, like criminal acts of third parties, is expressly excluded. I don’t think you need to go into as much of the specific threats. If you get a strong and enforceable exclusion against the criminal acts of third parties, almost every cybersecurity risk that would be impactful to an MSP is also a criminal act by the person who perpetrates it. Robert Dutt: About a year ago, you did a piece around the theme of “Your MSA is broken and AI is to blame.” We’re a year further in, things have only accelerated. MSPs are selling Copilot bundles, offering AI-powered services. Their customers are deploying AI tools whether the MSP knows about it or not. From the customers’ point of view, how far behind are most MSP contracts relative to the AI services that they’re delivering or their customers are using today? Rob Scott: We came out with a special service attachment for managed AI in 2024. And at that time, people said, “I don’t really need it. We don’t know what we’re doing yet.” Today, people come to Monjur just because of that attachment. And the way that attachment is built is, number one, you don’t have the right definitions in your current agreement for things like AI input, AI output, the model, the trainings – all of these things that are relevant to AI that wouldn’t be in a master services agreement for managed services. Beyond that, you need your service descriptions. Is this AI readiness assessments? Is this app dev? Are we building RPA and automations? What is it exactly that the services entail? And so that’s a big part of it. And our structure is designed to cover just about every AI service that an MSP could do. But it’s also important to make sure that you have the proper exclusions and client obligations. So when you think about exclusions, it’s like the MSP shouldn’t be responsible if the legal world changes and suddenly that client’s use becomes illegal. Think of helping customers deploy voice agents. And then it becomes clear that you can’t use a voice agent to do cold calling, or voice agents get outlawed altogether. It needs to be clear that the MSP is not taking the responsibility for how government reacts to the impact of AI. Similarly, there should be an obligation on the customer’s part to be committed to ethical use of AI. Responsible AI is something that I put in as a mutual obligation to all parties to a contract that I write around AI. I think it’s foundational for humans to be committed to responsible AI. So there’s things – just a few examples – but things that you wouldn’t see in an MSA. So ask yourself, why would you expect your pre-AI MSA to protect you in an AI world? The answer is MSPs increasingly are offering AI-related services under contracts that weren’t built for these services, and those that are, are putting themselves at significant risk. And it’s not necessary, because there is a ready-made solution for MSPs to protect themselves when engaged in selling Copilot, helping clients with AI projects, which we’re all going to be doing. Let’s get it straight. This is not new. This is not a temporary blip. I think the only temporary part of it is this AI distinction. I don’t think there will be, in the long run, a distinction between AI tools and non-AI tools. All tools will be AI. So the way things are going, MSPs need to be prepared for that. All of what so many more MSPs are now in the territory where they would be protected by a specific service attachment that doesn’t exist in their contract stack today. Robert Dutt: The other side of that equation of AI use in the MSP is that a lot of MSPs themselves are tempted to use some of the generic LLMs to draft or review their own contracts. Where do you see the line between that being helpful and that being dangerous? Rob Scott: I don’t think MSPs should be forced to choose between using AI and using attorneys. I think that’s the state of the market today. They’re faced with these unsupervised LLMs that are risky, where there’s no accountability. They’re telling you, “Don’t use this for law,” and you’re using it for law. If you have a bad outcome, whose fault is it? The New York State Senate has got a Senate bill, which I think will be the first of many, that would make it illegal for LLMs to give out legal advice, because it’s doing way more harm than good. I think the one thing to think about the perspective on this is lawyers are getting sanctioned and held in criminal contempt for using AI, and the AI is making mistakes. If it’s going undetected by the lawyers, why do you think you’re in a position to supervise the AI to protect your legal interests? I mean, it gets it wrong so much. The accuracy of legal outputs from unsupervised LLMs is so low that it is like playing Russian roulette. So I don’t blame the MSP. I just think that the future is attorney-supervised AI, where the customer starts with a template that is lawyer grade. I think if you put Monjur Pilot up against these unsupervised LLMs and you draft an agreement starting with a Monjur template versus starting with nothing and an unsupervised LLM, your first pass is a totally different thing. And then the second thing is lawyers need to be in the loop at the last mile. You should be able to press a button within your AI and say, “Submit for legal review,” and the lawyer should be able to just look at it in-app and finish what you built. So you start with a legal template that’s legal grade. You operate in a legal-grade AI environment that has the proper guardrails, and you make sure that attorneys supervise all of the work that the clients are doing, so that the MSP no longer has to choose between fast and inexpensive and slow and sometimes cost-prohibitive. So we think that AI unlocks something pretty special for the Monjur subscriber, which is the benefit of having your lawyers at your fingertips 24/7 through a trained AI legal assistant. But that’s not a replacement for your lawyers. It just supplements your relationship with your lawyer. So in this way, we deliberately call them legal assistants because they play the same role as a legal assistant in a law firm. The legal assistants don’t practice law without the lawyer supervision. They help the clients get better service from the lawyers. And that’s the role of AI in the Monjur vision, which is attorney-supervised LLMs that provide a safety layer on top of the LLM of your choosing. So our system is called “at any LLM,” but in each instance, we’ve implemented prevention of hallucination and preservation of context through RAG architecture that allows our legal assistants to give responses that the lawyers feel they can stand behind and nevertheless supervise. Robert Dutt: Our audience is primarily Canadian MSPs and other types of IT solution providers. You serve over a thousand MSPs across North America, including Canada. What are the things that Canadian MSPs need to be thinking about in their contracts that their American friends don’t? I’m thinking PIPEDA, I’m thinking Quebec’s Law 25, the cross-border data question and data sovereignty, but I’m curious what you see as the biggest gaps from the Canadian side specifically. Rob Scott: I think the ones that you mentioned are sort of at the surface, in the sense that those are concrete, objective things. Like, the data processing agreement for our US customers has different regulations in it than our Canadian customers, and the Canadian ones contain the laws that you mentioned. The bigger issue that I see in Canada is a cultural issue. This idea that contracts are not important because we’re not in America where everybody sues at the drop of a hat. We don’t value legal protection in the same way that people might in the US, because the threat of litigation in their mind is lower than maybe the threat of litigation in the minds of the MSPs in America. My response to that is I acknowledge the differences between the US and Canada as relates to litigation and dispute resolution, but I don’t think that that means that Canadian MSPs don’t benefit from having great contracts. It’s more of a question of what level of risk is being mitigated and the best way to mitigate it. I fear that too often in Canada, it’s not a question of does your DPA properly reflect Law 25 or PIPEDA. It’s a question of, are your agreements well thought out at all, because maybe you don’t think that it’s that important to have good agreements. And it’s about 15 years culturally and mindset-wise behind the MSP market that I began working on. Where early on in America, there was a large sentiment that a handshake deal is good enough. I deal with my friends and I don’t perceive a high risk of litigation. And if someone wants to get out of my contract, they’re not happy with me, I let them go anyway. Why do I need all this paperwork? And I think that’s a big thing that we have to work on for education with MSPs in Canada, which is you don’t have to be in a litigious market like America to benefit from good contracts. Robert Dutt: Well, and here’s an interesting aspect to that cultural thing too. A lot of Canadian MSPs are serving clients on both sides of the border, or are using US-based vendor tools to deliver services to their Canadian customers. How should MSPs be thinking – even if they’re functional just in Canada in terms of customer base – how should they be thinking about cross-border exposure in their contracts? Rob Scott: Well, look, I think that unless you know, for example, where every data subject resides in every system that you manage, you could be in Canada with customers with data subjects in their systems that you manage all over the US. And the laws run by where the data subject resides. So that’s one of the big challenges. And then the other challenge is, don’t you want to put yourself in the position where you can say yes to as many deals and customers as possible? And don’t you want to make sure that you have compliant agreements that will allow you to operate in multiple markets? And we have a lot of MSPs, I would say, that are on the Monjur platform that are enjoying dual libraries. So a set of agreements in English for the US, a set of agreements in Canada in English for English-speaking provinces, and then a set of agreements in Quebec, specifically for Quebecois law, presented in French. So we do offer some granularity in terms of localization in each market. And our strategy is we partner with local law firms in each jurisdiction to localize and maintain the updates of our agreements. And so we have a law firm that we work with in Quebec and several others in other provinces, including one in Toronto, where we partner with them to keep the agreements updated for those markets. Robert Dutt: I think for a lot of MSPs, contracts are in the category of necessary evil, something they grudgingly do to avoid getting sued – or in some cases don’t do well enough to avoid getting sued. But I wonder if there is a case to be made for treating your contract stack as a competitive advantage, and if so, can you walk me through what that looks like in practice? How you can take a solid contracting situation and use it as a way to help your organization grow, and not just stay out of trouble when things go wrong. Rob Scott: Yeah. So I think it’s an excellent question. I think the first part of it is something that now jives to me going to the dentist. Like, I know I have to go to the dentist. If I want to not have cavities, I have to go to the dentist. If I don’t want gum disease, I have to go to the dentist. I hate to go to the dentist. I’m so anxious when I get there, I tell them, please don’t take my blood pressure until we’re done, because it’ll just make it worse when you give me a really high blood pressure reading. I’m only going to be more anxious. And I think with MSPs, that’s real too, as it relates to law. Many don’t feel comfortable with the subject matter. Many have had bad experiences. Many, like you say, would say it’s a necessary evil, but they try to avoid it as much as possible. Even if you caught them in a quiet moment of reflection to ask them if they really needed it, they would say yes, but they would go back to their office after that and lose track. And this is why I think dynamic agreements that auto-update are so important for MSPs. I think legal needs to work in the background. And MSPs, I think, as a group, are carrying a very heavy cognitive load around contracting. A lot of the senior people that run MSPs are not contract people. It’s way out of their element. It doesn’t play to their strengths. It drains them of their energy. They’re constantly second-guessing whether they’re getting it right. And what I think about competitive advantage, we talk in terms of the maturity model. Maturity level one: legal protection. You have the legal protection in place. Maturity level two: standardization and efficiency. Standardization and efficiency is like, how well have you collapsed your contracting processes into your sales process, so sales and contracting is one seamless step? So that’s kind of level two. Are all of your customers efficiently on the right paper? Can we update their terms without having to go get a signature? This is how Monjur enables MSPs to grow revenue fast. We remove the friction from the sales process. We make deals go faster. We make it less likely that customers are going to want to comment or request changes to agreements. So that’s level two. Level three is what we call contract intelligence. Using AI to optimize revenue opportunities. Making AI context-aware of your renewals, of your upgrades, of what people are paying, who is using a lot of resources but not paying for very much. These are the opportunities where contract intelligence drives better decision-making as well as automation to fuel efficiency to grow revenue faster. So it really depends on where you are on this maturity level about how it helps you grow. Initially it may make it harder to grow while you’re getting the right legal protections in place. But ultimately you want something that can scale with your business, and that means dynamic versus static agreements. Robert Dutt: My last question – I want to make this as concrete as possible. If you’re talking to a Canadian MSP owner, let’s say a 15-person shop doing managed services, building out security, starting to do AI in there too, they know their contracts are out of date or in bad shape but don’t really know where to start. What are the first two or three things that you’d tell them to do right now, right away, to get that ball rolling and to hopefully see the most improvement in the situation? Rob Scott: Well, one of the things that I would say is benchmark what you’re currently using. Do an assessment of where you are. We have some tools online that can help you walk through an assessment of your current contracts, and we’ll also review them for you for free. If you have a contract, you’re an MSP in Canada and you want to understand what the gaps are relative to best practices, we’ll use our toolset to analyze your agreement, compare it to what we think are best practices in Canada, and do a report for you. We do that as part of our consultation process. There’s no fee for that. That’s a complimentary review. If you could get an experienced attorney to help you benchmark it, great. The other thing to think about is updating your vendor list and asking yourself the question, “How am I protecting my MSP against acts or omissions of the vendors in my tech stack?” If you don’t have a good solution for that, then you need to be thinking about something like our schedule of third-party services, which allows you to list all your vendors and contains a waiver of the right for your clients to sue you. Now we’re covering a really big category of risk with that one attachment. Then emerging services – advanced security and AI. You need specific agreements for these things. You can’t just continue to operate under the agreements that you were using pre-AI in the AI world. You can’t start offering compliance-related advisory services like GRC and other advanced security and compliance offerings without the appropriate contract. We call it the service attachment for managed compliance. Similarly with AI, we have a service attachment for managed AI. You really need to be thinking about, do your agreements cover the services that you’re offering, delivered through the tech stack that you’re delivering it through, and in a way that’s compliant with the emerging framework of regulations that impact you and your customers? Given all of that – and we cover that with our data processing agreement – you can see why static agreements for MSPs can become very challenging very quickly. If I was in the process of trying to figure out a way to manage risks for my MSP in Canada, I would be looking for a service that would give me dynamic updates that was specific to managed services, that was customizable for me and my customers. And think about this question: if my client were to sue me in court tomorrow, how confident am I that my current agreements would hold up in court? If the answer to that is, “I’m not so sure,” or “I’m not that confident,” or “I’m sure it would be a problem,” then getting a complimentary review of your current agreements and a game plan to move forward with broader protection is probably a good idea. Robert Dutt: All right, I appreciate that. It’s a lot to think about, and it’s an area that I don’t think we focus on as much. We tend to get caught up in the tech stack and all that, so I appreciate your taking the time to share some wisdom on where things are at with contracts and where they’re going. Rob Scott: Thank you. Thank you very much. I appreciate you having me. Robert Dutt: There you have it. Rob Scott from Monjur. I’d like to thank Rob for his time. He brought a lot of depth to a topic that frankly doesn’t get a lot of attention in channel media. A few things that are sticking with me from this conversation. First, the idea of the security recommendations clause – building language into your contract that says if you recommend a security measure and the client declines, anything that could have been prevented is on them. That’s the kind of provision that can save your business, and I’d wager a lot of MSPs listening don’t have it. Second, his point about Canadian MSPs being about 15 years behind their American counterparts on contracting maturity – not because the laws are weaker, but because the culture around litigation is different up here. That’s a gap that works until it doesn’t. And third, the question he posed that I think every MSP should sit with: why would you expect your pre-AI master service agreement to protect you in an AI world? If you’re selling Copilot bundles or managed AI services on a contract you wrote five years ago, you’ve got some homework to do. If you’re enjoying the ChannelBuzz.ca podcast, we’d love it if you’d follow or subscribe. You can find us on Apple Podcasts, Spotify, YouTube, and most podcast directories. And if you have a minute to leave a rating or review, that goes a long way in helping other folks in the channel find the show. Until next time, I’m Robert Dutt for ChannelBuzz.ca, and I’ll see you in the channel.
© 2020-2026 Ivy Podcast Discovery LLC
