ChannelBuzz.ca

ChannelBuzz.ca
  • 0.0 (0)
  • TECH NEWS
  • UPDATED DAILY

Cutting through the noise for Canadian VARs and MSPs

  1. Why reports of distribution’s demise have always been overstated

    2D AGO

    Why reports of distribution’s demise have always been overstated

    For as long as I’ve covered the channel, someone has been predicting the end of distribution. The models change — direct sales, e-commerce, cloud, marketplaces — but the argument stays remarkably consistent: a new, more efficient path to market has arrived, and intermediaries are no longer needed. It’s a compelling argument. It’s also been wrong every time — not because the new models failed, but because the predictions misunderstood what distribution actually does. They described a transaction. Distribution operates as an ecosystem. In this episode, I step back from the news cycle and think out loud about why distribution keeps surviving the predictions of its death, and what that tells us about how the channel actually works. Some of the threads I pull on: The recurring cycle of disintermediation predictions, and why they keep sounding convincing without ever quite landing. How the market consolidated from what many considered an over-distributed landscape into something closer to right-sized — through real churn, mergers, and the emergence of entirely new distribution models built around cloud and subscription commerce. The core scale functions that distribution provides (logistics, credit, enablement, and relationships) and why those become harder, not easier, to replicate as the market gets more complex. I also spend some time on why distribution’s role in Canada is amplified — the realities of geography, Canadian-dollar credit, bilingual support, and regulatory compliance make the aggregation function less optional than it might appear from south of the border. And I look at what’s next: distribution’s integration with hyperscaler marketplaces, its emerging role in AI enablement and governance, and why the platforms that were once supposed to replace distribution are increasingly working alongside it. Recent industry research from the GTDC suggests that distribution is now being positioned as a “digital force multiplier” — a framing that would have been unthinkable a decade ago. This is a solo essay episode — no guest, no interview, just me working through an idea I’ve been circling for a long time. I’d love to hear how you see it, especially if you’re a partner, vendor, or distributor who’s lived through a few of these cycles. Drop me a line or find me on LinkedIn. Related: Your Citrix relationship just changed: Inside the Arrow Electronics transition Read Full Transcript Hello and welcome to In the Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always your host for the show. Before we get started, a quick note on today’s episode. This one’s a little different from what I usually do here. There’s no interview, no guest — just me, thinking out loud about something I’ve been circling for a long time. It’s less about breaking news, and more about sense-making. And it starts with a thought I’ve had more times than I can count… I could have been writing that distribution was about to be disintermediated since the late 1990s. And if I’m honest, sometimes I probably should have — because every few years, there’s a new reason why this time feels different. E-commerce. The cloud. Marketplaces. Vendors going straight to partners. Vendors going straight to customers. Pick your era — the argument has always been there. And yet, here we are. Distribution didn’t disappear. It didn’t even really shrink in relevance. What it did instead was something quieter, and maybe more interesting: it evolved — repeatedly. So today I want to talk through why I never quite bought into the “this finally kills distribution” argument… even though, on the surface, it often sounded very convincing. If you’ve been around the channel long enough, you’ve heard this cycle before. A new model emerges that looks cleaner, faster, more efficient. Someone points out that vendors don’t need intermediaries anymore. Someone else argues that software margins can’t support the old model. And suddenly, distribution is framed as legacy — or worse, inertia. What makes these arguments compelling is that they’re not wrong in isolation. Yes, vendors can sell direct. Yes, marketplaces remove friction. Yes, partners want fewer hops between themselves and the vendor. But what these predictions often miss is that they’re describing a transaction, not an ecosystem. And distribution has never really been about a single transaction. So what actually happened? Distribution didn’t disappear — but it also didn’t stay the same. Over the last twenty-plus years, there’s been real churn. Companies have come and gone. The market consolidated dramatically. What many once grumbled was an over-distributed landscape gradually became something closer to right-sized. That’s important, because survival here didn’t mean freezing the model in time. It meant pruning, merging, specializing — and in some cases, starting over entirely. Broadline distributors gave way to value-added distributors. Value-added distributors made room for cloud-centric distributors. And you can trace this through specific inflection points. The largest merger in distribution history created the world’s biggest technology distributor — not as a retreat, but as consolidation at scale. Cloud-native distributors that barely existed fifteen years ago have grown into billion-dollar businesses by building entirely new models around subscription commerce and lifecycle management. And just in recent weeks, we’ve seen a major vendor shift more of its partner management to a distributor — not less. These aren’t the moves of a model in decline. They’re the moves of a model still being invested in. Through every major shift that was supposed to bury distribution, what actually emerged was a new version of it. The form changed. The function endured. And that function — at its core — has always been scale. Scale of logistics. Scale of credit. Scale of enablement. Scale of relationships. That last one is easy to underestimate. Over the last couple of decades, many distributors moved well beyond transactional relationships and invested in building partner communities — creating spaces for peer learning, business planning, and strategic engagement that had nothing to do with moving product. That shift quietly changed where distribution sits in the ecosystem. Even in a cloud world, someone still has to aggregate demand, mitigate complexity, and make it economically viable for thousands of partners to transact with hundreds of vendors — without every interaction becoming bespoke. That problem never went away. And for those of us in Canada, these dynamics are amplified. In a market this size, spread across this much geography, with a relatively small and diverse partner base, the aggregation function of distribution isn’t optional — it’s essential. Canadian-dollar credit facilities, in-country logistics, bilingual support, compliance with Canadian regulatory requirements — these aren’t things a vendor portal south of the border can easily replicate. Distribution in Canada has always had to earn its place a little more visibly, and arguably, that’s made it more resilient. Years ago, I heard many solution providers describe distribution as a “necessary evil.” Not evil in the moral sense — just unavoidable. Sometimes frustrating. Sometimes slow. Sometimes misaligned with how partners wanted to operate. I hear that sentiment less today. That’s not to say distribution is perfect now. It isn’t. And it’s not to say frustrations are gone. They aren’t. But I think the shift itself is telling. When parts of the model stopped working, they didn’t get defended forever. They got replaced. When value became unclear, it had to be re-articulated — or the model lost relevance. That evolution didn’t eliminate criticism, but it did change the tone of it. And tone is often a lagging indicator of whether an industry is adapting in the right direction. Here’s the thing about disintermediation narratives: they tend to assume that if you remove one layer, everything becomes simpler. In practice, complexity doesn’t vanish — it just moves. It expresses itself differently. Vendors still don’t want to manage thousands of small relationships directly. Partners still don’t want to onboard dozens of vendors one by one, each with unique billing, support, and enablement models. And customers still expect solutions to work together, reliably, at scale. Distribution absorbs a lot of that complexity — quietly — and that’s why it often looks invisible right up until the moment you try to remove it. And what’s striking is that distribution’s next chapter may be its most ambitious yet. The major cloud marketplaces — the very platforms that were once framed as distribution’s replacement — are becoming a space where distributors are actively carving out a role. Not competing with marketplaces, but integrating with them — helping partners navigate multi-cloud procurement, manage billing complexity across platforms, and make sense of an increasingly fragmented buying landscape. Industry research suggests the channel will handle the majority of enterprise marketplace transactions within the next few years. That’s not despite distribution — it’s increasingly through it. At the same time, distribution is stepping into AI enablement — not just listing AI-powered products in a catalogue, but helping partners evaluate what to trust, how to deploy responsibly, and how to build services practices around fast-moving technology. That’s a governance and advisory function. It’s a long way from moving boxes. None of that was in the job description twenty years ago. But it’s a natural extension of what distri

    10 min
  2. Your managed services are hitting every SLA metric and the customer still thinks you’re failing – here’s why

    3D AGO

    Your managed services are hitting every SLA metric and the customer still thinks you’re failing – here’s why

    Jeff Collins, CEO of WanAware The last time the channel faced a shift this fundamental was the rise of the hypervisor. That transition reshaped everything, but it happened inside the four walls of the data center. What’s different about the current moment, argues WanAware CEO Jeff Collins, is that AI workloads, inference nodes, IoT, and SCADA infrastructure are being bolted onto customer environments without the kind of formal network redesign that virtualization demanded. The result is a growing visibility gap that most MSPs don’t realize they have. Collins points to a striking finding from a WanAware survey conducted in late 2025: when business leaders were asked about their visibility gap, they rated it extremely high. When IT was asked the same question, they rated it low. Both were technically right. IT was measuring visibility against the machines in their purview – Active Directory, database servers, web front ends. The business was measuring it against everything else: Kubernetes workloads, cloud functions, agentic AI processes, and infrastructure that might not exist tomorrow. That disconnect is why MSPs can show perfect MTTR and SLA performance while the customer is saying you’re failing. The conversation covers where traditional monitoring breaks down, why 30% false positive rates persist even after major platform investments, and how ephemeral workloads designed to disappear create alerts that will never resolve. Collins makes a compelling case that MSPs need to push visibility up the OSI stack, from layers one through three into the application and business logic layers where margin is significantly higher. He shares a practical framework for how to start, using vertical industry knowledge – particularly in sectors like Canadian oil and gas, where SCADA networks and AWS IoT Core infrastructure represent opportunities to grow a $1,000-a-month customer into a $30,000-a-month engagement. Read Full Transcript Robert Dutt: Hello and welcome to the ChannelBuzz.ca podcast, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca and still your host for the show. Today we’re talking about a problem a lot of MSPs and channel partners are starting to feel, even if they don’t always have a name for it yet, and that’s visibility. As AI workloads, hybrid architectures and distributed endpoints become the norm, network traffic is changing faster than the tools that many partners rely on to understand what’s actually happening inside their customers’ environments. My guest today is Jeff Collins, CEO of WanAware. Jeff spends a lot of time with service providers and enterprise teams dealing with this shift, where accountability for performance, security and uptime is increasing, even as environments become harder to see and harder to diagnose when something goes wrong. WanAware operates in the network and infrastructure visibility space, but this conversation isn’t about the tools, the dashboards. It’s about how blind spots form in modern networks, why they’re easy to miss until there’s an outage, a security issue, or an SLA failure, and what partners need to understand as AI-driven infrastructure quietly reshapes traffic patterns and dependencies. In this discussion, we’re going to explore where traditional monitoring starts to fall apart, how partners can rethink what good visibility really means today, and why the ability to see what’s happening across distributed environments is quickly becoming both a risk issue and a business opportunity for MSPs. If you’re responsible for customer outcomes, but you don’t always feel confident you can see everything that matters, this conversation is for you. [MUSIC] Robert Dutt: Jeff, thanks for taking the time. I appreciate it. Jeff Collins: Thanks, Rob. Thanks for having me on. Robert Dutt: You’ve been advising partners, MSPs, VARs, these types of folks through a lot of change over time. Why does this moment with the rise of AI workloads and the continuing trend of hybrid networks feel like a real inflection point rather than sort of just the next evolution of the way things look? Jeff Collins: I think one of the biggest reasons why is because it’s so transformational to what MSPs and resellers and VARs and distributors have dealt with for, let’s say, the last 25 years. If we think about the last major inflection point that they dealt with was really kind of the realm of the hypervisor, this ecosystem where no longer did we have to have a server running an operating system, and that created kind of the whole ecosystem we deal with today. It created cloud, it created containers, all those things were built off this concept of a hypervisor. That was really the last major transformational thing that has happened. Now we fast forward to today and we’ve got this era of AI. We’ve got this era where we’re now taking agentic approaches, generative approaches, to things that our customers deal with every day. When I talk about our customers, those are the customers of the MSP, those are the customers of the reseller, the distributor. Not only are they dealing with that, they’re dealing with this massive evolution in the customer base, but they’re also having to do that same evolution in their own environments. If you’re an MSP and you’re focused on infrastructure, or you’re an MSP and you look more like an MSSP where you’re focused on security, now you’re starting to have to deal with, “Okay, I’ve got these tools, I’ve got these people, I’ve got these agents, I’ve got all these entities inside of my business that are doing something for my customer.” But now I have to think about how am I going to do that faster? How am I going to do that better? How am I going to do that more effectively? Because our customers are getting much more advanced. That’s really one of the biggest things that I see that we’re seeing a lot of, that “Where do I start?” from the channel partner community. When we think about the channel, we know all this stuff is going on, but it seems like such a Herculean lift that I think sometimes it’s hard to know where we make that first step. Robert Dutt: That makes sense. A lot of this, a lot of AI especially, and to a degree sort of the hybridization of the network, that complexity has come on without kind of a formal network redesign. Like you mentioned the transition to hypervisors and that necessitated rethinking how things were done because it was a physical change. Whereas a lot of, especially with AI, it’s kind of being bolted in, added on as you go. Why does that make the environment today harder to understand than maybe it was for past transitions when you’re sitting there watching it as an MSP or other partner? Jeff Collins: Well, I think one of the biggest reasons why this era is so much more difficult than the last transition is because we’re not bound by the four walls of our proverbial house. If we think about when we dealt with the last transition, every customer, their physical server sat inside of something they control. So we’ll refer to it as their house because that’s the easiest kind of comparison we can do. In today’s world, there’s certainly a lot that exists in our customers’ houses and in the houses that the MSP or the reseller or the channel partner or whomever it is are engaged in. But so much of that’s going outside of those walls. And when we think about AI, AI is certainly outside of those walls. I mean, we might be dealing with Anthropic, we might be dealing with ChatGPT or Gemini or the thousand other agentic or generative approaches that are out there. Those are all over the place. And now we’re asking these entities to take oftentimes a process-driven approach that they’ve had for 20, 25 years. And how do you change that process-driven approach when you don’t really know where those workloads, where those assets, where that data is going to reside either today or tomorrow, or even if that data that we’re looking at is even going to exist tomorrow. That’s this whole realm. I mean, we’ve been talking about ephemeral workloads for, you know, let’s call it 14 years, 15 years since really the rise of AWS. But now we’re starting to deal with these ephemeral workloads, not just in the realm of infrastructure, but also in data, in generative concepts, in agents. You know, historically, we had Bob Smith, who might have worked in the NOC. Well, tomorrow, Bob Smith is an agent. What does that look like? It’s AI. What did Bob Smith do yesterday? Did Bob Smith, the new agentic version of Bob Smith, did that person do the right thing, the wrong thing, the incorrect thing? How do we manage that? How do we deal with that? How do we process that? Those are all the things that are across the board, just happening at massive rapid scale. And so, you know, it’s a really difficult time right now to be an MSP or a channel partner, but it’s also an amazing time to be an MSP or channel partner. You know, our world, our capabilities are advancing so fast. You think about one of the simplest use cases that’s out there that all of us think is simple, that MSPs deal with every day, is a circuit outage. You know, a telecom circuit goes down and it’s connected to SD-WAN or it’s connected to a router or it’s connected to some type of device that’s out at the prem. And historically, every MSP on the planet’s dealt with it kind of in a similar way. We get an alert from a monitoring system that feeds a ticketing system. It pops up on a tier one agent’s dashboard. The tier one agent looks at it, they verify power, they verify if the router’s operational, and then they open a ticket with a carrier. And then they, and that’s the hurry up and wait type of world. Well, now in the era of AI, that changes that quite a bit, because every one of those

    37 min
  3. Firewalls, rogue devices, and your own tools: what Barracuda’s threat report means for MSPs

    4D AGO

    Firewalls, rogue devices, and your own tools: what Barracuda’s threat report means for MSPs

    Merium Khalid, director of SOC offensive security at Barracuda Every year, security vendors publish threat reports. Most say variations of the same thing. But Barracuda’s Managed XDR Global Threat Report stands out for a reason that matters to MSPs: it’s built on operational data from a managed SOC that protects the kinds of organizations MSPs actually serve. More than two trillion IT events. Nearly 600,000 security alerts. Over 300,000 protected endpoints, firewalls, servers, and cloud assets. This isn’t a survey of sentiment. It’s a record of what actually happened. Merium Khalid, director of SOC offensive security at Barracuda, joins the podcast to walk through the findings. The headline stat — that 90 per cent of ransomware incidents exploited firewalls through unpatched vulnerabilities or compromised accounts — sets the tone, but the conversation goes deeper, including why the most commonly detected vulnerability dates back to 2013. Merium explains how attackers are abusing the same tools MSPs rely on every day — ScreenConnect, RDP, PowerShell, and in one case, Datto RMM — to move laterally while mimicking normal IT operations. As Help Net Security noted, attackers keep finding the same gaps, and Merium makes a compelling case that the 100 per cent rogue endpoint finding is fundamentally an asset management problem that doesn’t get the attention it deserves. We also cover the growing role of supply chain risk, with 66 per cent of incidents now involving a third party (up from 45 per cent the year before), and what that means for MSPs who are themselves the trusted third party for their clients. We close with Merium’s practical advice for resource-constrained security teams. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT solution provider community for the last 16 years now. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always, your host for the show. Last month, Barracuda released its Managed XDR Global Threat Report, drawing on more than 2 trillion IT events from 2025 to map how attackers are actually getting into networks and what’s making it easier for them. Some of the numbers were striking. 90% of ransomware incidents exploited firewalls. The fastest case went from breach to encryption in three hours. And every single incident the team responded to involved at least one unprotected or rogue device on the network. Today I’m sitting down with Merium Khalid, director of SOC Offensive Security at Barracuda, to dig into what the data actually means for MSPs and the customers they protect. We’re talking about why firewalls keep failing despite years of the same advice, what it looks like when attackers hide inside the legitimate tools MSPs use every day, and where the blind spots are that most organizations don’t even know they have. So let’s get right into it. My chat with Barracuda’s Merium Khalid. Robert Dutt: Merium, thanks for joining us. Merium Khalid: Thanks, Rob. Thanks for having me. Robert Dutt: The report’s been out there for about a month or so, I guess. From your vantage point, running offensive security and in the SOC at Barracuda, what conversations has it sparked with MSPs and with their customers? What’s resonating and what are people still not taking seriously enough? Merium Khalid: Yeah, great question, Rob. So in terms of the key findings, I think that’s really what the report is focusing on, and that is really what is resonating to our MSPs and our customers and our core customers, is that there is at least one rogue device involved in any of the security incidents that we’ve worked on. And what I mean by a rogue device, it’s basically a device that’s unprotected, unmonitored within your environment. So that kind of becomes like a home or a ground for the threat actor to kind of stay and go under the radar. And I think a lot of our MSPs are finding that interesting. And I think it was one of the most shocking findings as well for us too. It’s the asset management. I don’t think asset management and making sure you are aware of all the assets in your environment, I don’t think that is emphasized enough. And I think that this report kind of makes that in the forefront. Robert Dutt: A couple of things that can certainly shape customer conversations. Merium Khalid: Yeah, for sure. Robert Dutt: One of the headline stats is that 90% of ransomware incidents exploited firewalls, often through old vulnerabilities. The most common detected vulnerability in the report dates back more than a decade, 2013. So this isn’t new advice, but why does this keep happening? Is it a tooling problem? Is it a process problem? Is it a human prioritization problem? Why do we keep running up against these old flaws as current foes? Merium Khalid: I think it’s both. I think it is a human problem, resource problem, resource gap. It’s also not having proper policies in place. It’s also just the advancements with AI as well. Being able to, threat actors are using it, being able to exploit firewalls at a faster level. And essentially what’s happening here is firewall exploitation is very, very common because it is kind of the low hanging fruit in terms of it’s usually the first public-facing asset in a customer’s environment. So you have people working remotely, so they’re VPNing into their organization’s environment. They’re using some sort of SSL VPN. And SSL VPN, I found, is to be one of the biggest root causes for ransomware attacks because we don’t have the proper tools in place. So there’s no MFA in place, or maybe there is a leaked password out there on the dark web where the account is still active, so no, there isn’t proper account management. So I think it’s not one thing that you can point at like, hey, this is a root cause and this is causing all the problems. I think it’s a combination of people, process, and technology. Robert Dutt: So if I’m an MSP and I can’t patch everything overnight, especially in multiple customers and complex environments, where should I be triaging firewall risk more intelligently? Merium Khalid: Well, prioritizing. Prioritizing what are your critical vulnerabilities? If you have a FortiGate firewall, if you have a SonicWall firewall, and there is a zero-day out there, there’s a new vulnerability out there, that is something you want to prioritize right away. But again, you need visibility for that. You need to know that there is a vulnerability out there. So with XDR, what we do is we actually release advisories. So if there is something critical out there, we try to inform our customers as soon as possible. And we have also released a managed vulnerability service as well. So we will scan your environment for any critical or low-medium vulnerabilities and prioritize it in order and give you a report of what you need to patch and how you need to patch it. So having some sort of vulnerability scanning, quarterly, monthly, yearly is very, very important, but also having some sort of visibility as well. Robert Dutt: In the report, the fastest ransomware case went from breach to encryption in about three hours, if I recall correctly, and 96% of incidents involved lateral movement that ended up in ransomware deployment. What does that timeline say about how realistic it is for an MSP security team to detect, contain, mitigate an attack manually? Merium Khalid: Even the three hours, I would say, is sufficient time because you don’t want to detect a ransomware attack after the three hours. You want to detect a ransomware attack in the beginning of the attack life cycle. So in the initial act, if they’re trying to brute force your firewall or you’re seeing some sort of suspicious login within your SSL VPN, before they even start moving laterally, you want to detect that before it happens. But again, with XDR, what I think what stands out the most for us is that we have detections across each of the attack phases. So if there is lateral movement, we want to be able to detect that. If they are using some sort of remote code execution or some sort of PsExec tool or some sort of tool to move laterally across the network, we want to be able to detect that with our endpoint detection or our server monitoring. So the three hours may seem like a short time, but it’s actually not. I think most important is detecting early on. So prior to the three hours, detecting at the first phase of the attack rather than the threat actor being there and encrypting. Robert Dutt: And those things you talked about were the earliest reliable signals that something’s going wrong, but we aren’t to the encryption point yet. Or is there another, this is the thing you should watch for first? Merium Khalid: Yeah. I mean, again, you want to watch for early signs, right? You want to watch for any sort of privilege escalation that’s happening, any sort of logins from suspicious locations, any sort of spike in your baseline behavior, any sort of brute force activity. I think those are the early signs you want to watch for. But I think the main thing I would say is monitoring. Make sure all your assets, you have server monitoring, EDR monitoring in place. Because a lot of the times, this is actually very important to the data in the report, is these customers that did get hit with Akira or RansomHub or Cactus, they had some sort of gap in the monitoring. So they did not have the full XDR suite deployed. It’s just like protecting a house. You don’t want to just protect the front door. You want to protect the back door and the windows as well. So there was some sort of gap in the monitoring, which then led to the threat actor going undetected. So the first thing you want to do is actually make sure you are monitoring everything, that you have comprehensive monitoring across your environment. And that

    19 min
  4. Zero Networks goes all-in on the channel, and why Canadian partners should pay attention

    5D AGO

    Zero Networks goes all-in on the channel, and why Canadian partners should pay attention

    Adam Hofeler, vice president of go-to-market strategy at Zero Networks Microsegmentation has been on a lot of security roadmaps, but for many MSPs the category has felt like it belongs to the enterprise world – complex to deploy, hard to explain to customers, and unclear as a services opportunity. Zero Networks is making a case that it doesn’t have to be that way, and it’s betting on the channel to prove it. In this episode, Adam Hofeler, vice president of go-to-market strategy at Zero Networks, joins us to talk about the company’s shift from roughly 20 per cent partner-led to a fully channel-first model, built around its updated Zero to Sixty partner program. Adam shares details on new tiering, deal registration protections, enablement resources, and a structural commitment to never compete with partners on deals. The numbers back up the momentum: Zero Networks reported 45 per cent year-over-year revenue growth through MSP partnerships and says it’s targeting a doubling of that figure this year. The company also earned the only five-star rating in the 2026 Gartner Peer Insights Voice of the Customer for microsegmentation, with a 100 per cent willingness-to-recommend score. For Canadian listeners, there’s a specific angle worth noting: Zero Networks currently has no Canada-based staff and is actively looking to build its presence in major Canadian markets through new partnerships. Adam discusses what that early-mover opportunity looks like and how interested partners can get started. We also dig into the growing role of microsegmentation in cyber insurance conversations, how Zero Networks’ identity segmentation capabilities address lateral movement risks in Active Directory-heavy environments, and what “containment as a recurring service” actually looks like for an MSP in practice. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to the Canadian IT channel community for the last 16 years. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always your host for the show. Microsegmentation has been on a lot of security roadmaps for a while now, but for many MSPs and solution providers, it still felt like something that lives in the enterprise world. Complex to deploy, hard to explain to customers, not always clear where the recurring revenue opportunity is. Zero Networks is looking to change that, and they’re making a big bet on their channel to do it. The company recently went full channel first with an updated partner program called Zero to Sixty, reported 45% year-over-year revenue growth through MSP partners, and earned the only five-star rating in Gartner’s 2026 Peer Insights Voice of the Customer for microsegmentation. Joining me today to talk about all of this is Adam Hofeler, vice president of go-to-market strategy at Zero Networks. We’re going to dig into what the channel first shift really means in practice, where Canadian partners fit into Zero Networks’ plans, and why the conversation around containment and identity segmentation may be more relevant to your next customer meeting than you think. Adam, thanks for taking the time. I appreciate it. Adam Hofeler: Yeah, good to see you, Robert. Robert Dutt: Your team recently published research that analyzed three plus trillion activities across 400 enterprise environments, and the big finding was that most security risk comes from routine abuses of normal trusted access paths, and not from the zero-day exploits, the big attention getters. For MSPs and VARs that are listening, what does that actually mean about where the real risk is in customers’ environments right now? Adam Hofeler: Yeah, that’s a good question. I think when you look at it, we already know that most customers or end users, the bad guys are already in their organization in some form or fashion. They just don’t know it yet. So that if when you look at a security stack that might have detection and response capabilities and some other of those high valued propositions, because when we look at what we do, we’re one piece of the puzzle. But when you look at that, we know that exists. And we already, I think most people say, assume the breach is how fast you can kind of detect it. So when we look at what we do from a technology perspective, we help that blast radius, right? We help organizations prevent attacks, we minimize that blast radius, we maintain business continuity, even when attackers are already inside. So I tell our partners and MSPs to say, “Hey, look, we all agree that something is going to happen, but how do we control that? What does that look like?” And that’s really where Zero Networks comes in. Robert Dutt: And that’s, you know, you touch on sort of going from detect and respond to what I’ll call sort of contained by default as an approach there. How do you explain that shift to a partner who’s kind of built their practice around EDR, around a traditional SOC stack, that kind of thing? Adam Hofeler: Yeah. So our motion today is not like, “Hey, look, displace all these things that you’ve sold your customers today. That doesn’t make sense.” But most of our customers are being asked from a compliance standpoint or regulatory compliance standpoint to do, “Hey, I don’t love using the term, but the zero trust architecture or platform pieces of it, right? That’s a real thing.” And we’re one piece of that puzzle, although a very, very big piece. So when I talk to partners of like, “Hey, look, things that still matter to end users are protecting uptime, revenue, safety while meeting compliance requirements amid financial and operation cyber risks. It exists today.” And regulatory and compliance pieces are still coming down, even though they’ve sold multiple various technologies in cyber. So we’re really good at helping them solve that piece in parts. There are times where we talk about, “Hey, look, this is what an EDR does. This is what we do. This is why we work well together, and we’re not telling you not to have an EDR.” But we also look at it as if you look at all the breaches, and again, we’re not trying to scare anybody, but if you look at all the breaches, almost all of them had an EDR. They all had some kind of technology in that stack, but it didn’t prevent what had happened from a breaching perspective, and we really control that. Robert Dutt: Okay. On the partner program side of things, you’ve moved from, I think it was around 20% partner led to 100% channel first over the course of three years. To step back in time a little bit, what either broke or didn’t work about the old model that led you down that path? Adam Hofeler: Yeah. It was more of a people-type scenario when we started three years ago, we were a younger company, but didn’t have the people or process. We didn’t really have a programmatic approach, and we didn’t have relationships in the partner community. So I don’t view it as a fault of Zero Networks at all, but when I came in and the hiring that we’ve done with the team on the go-to-market side as well as our sales, we really just kind of dug our trenches in to say, “Hey, look, the partner community is where we want to be. They do a fantastic job. They’ve got great relationships. They’ve got technical resources. Let’s embrace it.” So it wasn’t that we were shying away from it. We were just a much, much smaller company. And so with the growth of the people that we brought on board, allowed us to say, “Okay, now we are ready to kind of really do this and focus and concentrate to making sure that the partners not only are happy, but focus on what will make them grow even further or faster with us.” Robert Dutt: A tale as old as time, I think, in the channel space, the sort of company starts to build up direct to some level, then realizes, “Okay, how do we multiply this?” And that’s when you bring in folks who understand the channel and start to build that out. Totally familiar. And that’s exactly it. Let’s talk about Zero to Sixty, the program update specifically. So if I’m a VAR or MSP that’s already working with you guys, what are the two or three changes that I’m going to feel most immediately in how I sell, how I deliver, and how I work with you? Adam Hofeler: You’ll get additional registration or partner protection, not only on the length of time, but the dollars in which you’re going to be protected. So there’s usually some money, financial pieces tied to it. So most individual partners like that. From a company perspective for those partners, we have set an alignment of marketing dollars affiliated with that. So there’s some good things that we can do based on marketing with our partners, having end user events or various things internally as well. Do we have that available to us? And the third thing is enablement, not only on the sales, but the technical side. So those partners that can really embrace our technology, learning it from a technical perspective, we’ll reap some benefits along those lines as well. Robert Dutt: Deal reg and pricing friction in general are perennial pain points or points of discussion in the industry. You’ve talked publicly about mandatory deal registration and no direct competition with partners. I guess the question is, as you scale that, how do you enforce that structurally and culturally? Adam Hofeler: Yeah. It’s a big thing for me and for our company. When we talk about it, in my time of doing something like this, partners really want a couple of things. They want trust. Trust not only from the company, but from the people that they do business with at the field level. They want to be profitable. They want to make money because there’s a lot of technologies that they don’t make as much money, but it’ll cost them just as much on their time, energy, and effort, the value of time. A

    23 min
  5. ICYMI: Nearly 60% of channel partners expect a Q1 profit crash, Check Point adds Canadian data region

    6D AGO

    ICYMI: Nearly 60% of channel partners expect a Q1 profit crash, Check Point adds Canadian data region

    This episode of In Case You Missed It is brought to you by ESET Canada. ESET’s Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women pursuing careers in cybersecurity. Applications close April 8. Learn more and apply. On this episode: Channel profits in freefall. A new global survey from Omdia found that nearly 60% of channel partners expect Q1 profits to decline by double digits. Revenue is slightly more encouraging, but costs are rising faster than partners can pass them through. Hardware vendors are refusing to hold pricing until shipment and in some cases cancelling orders after POs have been received. If you haven’t stress-tested your quoting and procurement processes, that conversation needs to happen now. Check Point plants a data sovereignty flag in Canada. Check Point Software launched a dedicated Canada data region for its CloudGuard Web Application Firewall, ensuring all configurations, logs, and security data remain within Canadian borders. For partners navigating data residency and CLOUD Act conversations, this removes a common objection and adds another signal that global vendors are recognizing the Canadian market demands more than just a sales office. Canadian partners on the CRN MSP 500. CRN’s 2026 MSP 500 list included several Canadian companies: WBM Technologies out of Saskatoon on the Elite 150, Bulletproof (a GLI company) on the Security 100, Nucleus Networks on the Pioneer 250, plus appearances from Arctiq, Converge, and Premier Cloud. ESET Women in Cybersecurity Scholarship. ESET’s Women in Cybersecurity Scholarship is open for 2026, with three $5,000 awards for women in Canada pursuing cybersecurity careers. Now in its 11th year, the program has supported 14 women in Canada with more than $50,000 in funding since expanding here in 2021. Last year’s Trailblazer Award recipient, Constance Prevot, is now a working SOC analyst while finishing her degree at Concordia. Deadline to apply: April 8, 2026. Remembering Rob Megaw and honouring Fawn Annan. The Canadian channel lost Rob Megaw, president of Compu-SOLVE Technologies in Midland, Ontario, who led the company for more than 30 years — from its beginnings as a local ISP and PC repair shop through its evolution into a managed services provider. Our condolences to his family and the Compu-SOLVE team. And CIOCAN announced the CanadianCIO Fawn Annan Memorial Award, recognizing women in IT leadership whose work reflects Fawn’s enormous contribution to Canada’s technology community. Nominations are open. Read Full Transcript Welcome to In Case You Missed It from ChannelBuzz.ca. I’m Robert Dutt, editor of ChannelBuzz.ca. Today is Monday, March 16th, 2026. Let’s get your week started right. This week’s In Case You Missed It is brought to you by ESET Canada. ESET’s Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women pursuing careers in cybersecurity. Applications close April 8th. Learn more and apply at eset dot come slash ca. ESET – protecting progress. If you needed a single data point to explain the mood in the channel right now, Omdia may have just provided it. A new global survey from the analyst firm found that close to 60 percent of channel partners expect their Q1 profits to decline by double digits compared to last year. Less than a third predict that profits will grow at all. The revenue picture is slightly more encouraging – 45 percent expect Q1 revenues to increase year over year, and about a third are forecasting double-digit revenue growth. But there’s a dangerous disconnect between topline and bottom line, and the reason is straightforward: costs are rising faster than partners can pass them through. Hardware vendors are increasingly refusing to hold pricing until the point of shipment, and in some cases are cancelling orders even after a purchase order has been received. If you’re locked into contractual pricing with a customer, you quoted a price, the vendor changed theirs, and you’re absorbing the difference. Layer in Middle East conflict pushing oil prices higher, component shortages showing no signs of easing for at least another 12 months, and the downstream effects on cloud providers, MSPs, and SaaS companies all being forced to raise their own prices – and Omdia’s Alastair Edwards warns the risk of channel bankruptcies is set to increase dramatically. If you haven’t stress-tested your quoting and procurement processes for a world where vendor pricing is no longer reliable, that conversation needs to happen now. Check Point Software launched a dedicated Canada data region last week for its CloudGuard Web Application Firewall. All configurations, logs, and security data generated by Canadian customers using CloudGuard WAF will now stay within Canadian borders. This is a data sovereignty play, and the timing isn’t accidental. Data residency is becoming a real differentiator in how Canadian organizations evaluate security vendors. Whether it’s regulatory pressure, customer demand, or the reality that storing data with U.S.-headquartered cloud providers carries CLOUD Act risk, the partners who can have an honest conversation about where data lives are the ones winning deals. For Check Point partners, it removes one of the more common objections. And in a broader sense, it’s another signal that global security vendors are recognizing that having a data region in Canada actually matters to this market. CRN published its annual MSP 500 list last week, and several Canadian companies made the cut. WBM Technologies out of Saskatoon landed on the Elite 150 – now in its 75th year and still reinventing itself. Bulletproof, a GLI company based in New Brunswick, made the Security 100. Nucleus Networks, which has expanded from Vancouver to five cities across Western Canada, appeared on the Pioneer 250. Arctiq, Converge, and Premier Cloud also showed up across the three categories. We don’t dwell on awards lists on this podcast, but the MSP 500 is one of the few that gives Canadian partners real visibility alongside the larger U.S. players. If you’re building your practice and wondering whether you’re on the right track, it’s worth looking at who made it and asking what they’re doing that you could learn from. Since our friends at ESET Canada are sponsoring this episode, it’s worth flagging something they’re doing that goes beyond product. The ESET Women in Cybersecurity Scholarship is now open for 2026, with three $5,000 awards available to women in Canada pursuing careers in cybersecurity. The deadline to apply is April 8th. This is the 11th year of the program.  Since 2021, ESET has supported 14 women in Canada with more than $50,000 in scholarship funding. Last year’s Trailblazer recipient, Constance Prevot, is now a working SOC analyst while finishing her degree at Concordia. If you know someone who should apply, point them to eset.com/ca. Link’s in the show notes. Finally, two moments from the past week that remind us this industry is built by people, not just products. The Canadian channel lost Rob Megaw last week. Rob was the president of Compu-SOLVE Technologies in Midland, Ontario, and had led the company for more than 30 years – from its early days as a local ISP and PC repair shop through its evolution into a managed services provider. That’s the Canadian channel story in miniature, and our condolences go out to his family and the Compu-SOLVE team. On a more hopeful note, CIOCAN announced the CanadianCIO Fawn Annan Memorial Award, recognizing women in IT leadership whose work reflects Fawn’s enormous contribution to Canada’s technology community. Fawn founded the CanadianCIO of the Year Awards and the CIO Hall of Fame. Nominations are open, and we’ll have a link in the show notes. Those are some of the things we were paying attention to last week.  This week on In The Channel: Zero Networks goes all-in on the channel and why Canadian partners should pay attention. Barracuda’s Merium Khalid walks us through their latest threat report. And Jeff Collins from WanAware makes the case that you’re hitting every SLA metric and your customer still thinks you’re failing.  For ChannelBuzz.ca, I’m Robert Dutt. Have a great week, and I’ll see you in the channel.

    6 min
  6. Eric Gales on 20 years of AWS and what comes next for the Canadian channel

    MAR 13

    Eric Gales on 20 years of AWS and what comes next for the Canadian channel

    Eric Gales, president of AWS Canada On March 14, 2006, Amazon Web Services launched S3, its first generally available cloud service. Twenty years later, AWS is a $100-billion-plus business, and the cloud has fundamentally reshaped how technology gets to market in Canada and everywhere else. To mark the occasion, we sat down with Eric Gales, president of AWS Canada, for a conversation about what those two decades have meant for Canadian partners – and where things are headed. Eric has been at the centre of the Canadian tech channel through every major platform shift. Before joining AWS in 2015, he served as president of Microsoft Canada during the company’s push to the cloud and as country manager for VMware Canada. Few people in the industry have watched the Canadian channel evolve from as many vantage points. In this conversation, Eric talks about the early skepticism partners had about buying cloud services from “a bookseller,” the moment it became clear that cloud wasn’t a passing trend, and what separated the partners who made the transition successfully from those who struggled. He also discusses how the launch of AWS regions in Montreal and Calgary changed the data sovereignty conversation for Canadian customers, and how that conversation is evolving again as AI enters the picture. Looking ahead, Eric shares his perspective on what Canadian MSPs and resellers should be focusing on right now, why he believes AI represents a generational opportunity for the channel, and what the latest AWS partner program updates mean in practice. He also offers a candid reflection on what he’d tell the channel if he could go back to 2006. Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca. I’m Robert Dutt, editor of ChannelBuzz.ca, joining you for a special Friday episode. Thanks for pressing play. On March 14, 2006 – Pi Day, for those keeping track – Amazon Web Services launched S3, its first generally available cloud service. Tomorrow marks 20 years since that moment, and whether you were paying attention to AWS back then or not, it’s hard to argue that any single technology shift has reshaped the channel more than cloud. To mark the occasion, I sat down with someone I’ve known for close to 20 years in this industry – Eric Gales, the president of AWS Canada. Eric’s been at the center of pretty much every major platform shift in the channel. He ran Microsoft Canada during the cloud push, led VMware Canada, and has been heading up AWS Canada since 2015. So there aren’t many people better positioned to reflect on what the last two decades of cloud have meant for Canadian partners, and where AI is taking things next. This one’s a conversation, not an interrogation. I hope you enjoy it. Here’s Eric Gales from AWS Canada. Eric, thanks for taking the time. I appreciate it. Eric Gales: My pleasure, Rob. Great to talk to you. Robert Dutt: We’ve known each other for quite a while, going back to your Microsoft Canada days, and it’s been close to 20 years now. Before we get into AWS at 20, when you look over the arc of your career in Canada – Microsoft, VMware, AWS – you’ve been fortunate enough to be with and to lead some really transformative companies. What’s the single biggest thing that you’ve seen that’s changed about how technology gets to market here in Canada over those two decades? Eric Gales: Yeah, you know what, as you indicated, it’s been fascinating. It’s been super fun to be in the tech sector. I’ll take a few things. One is, I think about it as eras of computing. I actually started at the dawn of the PC era, the end of that mid-range era. The PC changed everything, and then local area networking, and the internet, and mobile computing. Then my time in Canada – when I first came to Canada I worked for Microsoft, and I worked for Compaq before I came to Microsoft. In this era, technology has only become more important to more customers. That’s one storyline, is that it’s become more and more important. One thing I think is the most profound change in recent times is, it was always just the domain of technologists. I was working for technology companies, selling to technologists. Now, because the impact of technology is so profound, it’s a lot more about businesses, and business leaders, and lines of business understanding what the technology can do. I think that’s been the biggest evolution, and certainly in the last decade, is the importance that everybody within an organization appreciates the importance of technology, and what it can do, and how to apply it. Robert Dutt: That has been pretty transformative for the channel, hasn’t it? Selling into line of business, selling into the C-suite rather than going to the CIO. That’s a good point. For all the technology changes, that’s kind of been the thing, right? Not a technology, but rather the “who cares about it” part of it. Eric Gales: Exactly. I think, just like as someone in this business myself, if I look out to that partner ecosystem, they’ve been on that same transformation that creates new challenges for every partner, as well as new opportunities. Those that have been most successful have of course been the ones that continue to evolve their businesses to meet the needs of, ultimately, the end customer. Robert Dutt: When AWS launched S3 back on Pi Day 2006, I don’t think many folks in the Canadian channel were paying attention on that day in particular. As you moved through your career path, when did you first realize, “Okay, cloud isn’t a buzzword. This is a fundamental change both in technology, and it’s going to rewire the channel”? Eric Gales: Yeah, I think there were two things back then. One was, at the time, of course, Amazon was not synonymous with being a technology provider. It was a consumer of technology. So point one was, “Amazon’s launched something.” I didn’t work for them then, and I would be in that community that says, “Why would you buy those services from a bookseller?” So that was one dimension of it. And then the second thing was, there had been managed services before, but I think the thing that a lot of people missed for a while was, a few things had changed. The internet was ubiquitous. People were using the internet for lots of different things. And so it was that new transport that the internet gave you that enabled a company like Amazon to come along with AWS and offer a service that was available to everybody. And then it also changed the way that people thought about consumption. Because up until that point, most software and consumption of services was a long-term contract or a license. And this was pay as you go, use on demand. It was a whole new construct. And I think it took a while for people to realize that AWS had changed a whole set of characteristics about how technology was going to be consumed. And the rest is history. That whole idea took off because it just made so much sense to customers, and many partners got behind that very quickly in terms of seeing the opportunity to transform how they interacted with their own customers. Robert Dutt: You’ve said, and I don’t think this is too much of a secret to the industry, to anyone who’s observed the Canadian business and technology scene, that Canadian businesses are slower to adopt new technology than especially the US, but also European counterparts. There’s that kind of tendency to let someone else see where the mines are in the minefield before you go walking. Looking back over 20 years of cloud in Canada, do you think that gap has closed, or has that sort of conservative approach to technology shifted forward to a new frontier? Are we going to see the same thing with AI now? Eric Gales: I think, you know what, when I first started working over here with the cloud 10 years ago, a lot of my conversations were about why cloud and why it was important, both with partners and end customers. And at that time, I had felt this sort of theme that Canada was slower to adopt technology. And I felt there was a real opportunity there because everyone was at the beginning. And so here’s an opportunity for us to take these capabilities to our customers and help them to play catch up with other jurisdictions. And I learned back then – I’d already learned by then – that it was important to point to Canadian customers to make it okay. To avoid the sort of “first to be second” thing. “Canadian customers are doing this.” And so we went out of our way early on to get key brands on our platform in every industry so we could make it okay. But I’d say in aggregate, yes, we’ve made a huge amount of progress, but the Canadian landscape moved a little bit more slowly than other jurisdictions. I see the same opportunity now, but the landscape has changed, the circumstances have changed. I think politically, geopolitically, there’s a new opportunity, particularly with AI. And I think there’s a great opportunity for Canada, for Canadian firms, for Canadian government, and for Canadian partners to take this opportunity to really see if we can accelerate the consumption and the application of this technology to real business problems and productivity challenges. And again, once again, the world is all at the same starting point. So I think there’s a great opportunity here to accelerate the Canadian adoption of these kind of capabilities in this next era. Robert Dutt: One of the things that certainly arguably helped close that gap, helped make cloud much more de rigueur here in Canada, is that we kind of eliminated the “okay, so my data is going to live where?” question. For you guys, rolling out Montreal in 2016, I think it was, and Calgary a couple years ago – not just data center announcements, these were things that unlocked data residency and sovereignty conversations that Canadian partner

    25 min
  7. What Nutanix’s latest Enterprise Cloud Index tells MSPs about shadow AI, sovereignty, and the infrastructure shift ahead

    MAR 12

    What Nutanix’s latest Enterprise Cloud Index tells MSPs about shadow AI, sovereignty, and the infrastructure shift ahead

    Lee Caswell, senior vice president of product and solutions marketing at Nutanix Nutanix has published the 8th annual Enterprise Cloud Index, its flagship survey tracking how organizations are building and managing infrastructure. This year’s findings hit three themes that matter for the channel: the rapid spread of unmanaged AI tools, the growing weight of data sovereignty, and the accelerating shift toward containers. Lee Caswell, Nutanix’s senior vice president of product and solutions marketing, joins us to dig into the data. Lee spent years at VMware before joining Nutanix, giving him an unusual perspective on how the infrastructure market is reshaping itself – particularly as organizations navigate Broadcom’s changes to VMware alongside the push to build AI-ready environments. The numbers are striking: 79 per cent of respondents encounter AI tools deployed outside IT’s oversight, 80 per cent consider data sovereignty a top infrastructure priority, and 87 per cent expect containerization to increase. But Lee’s read goes beyond the headlines. On shadow AI, he argues most of this is rational behaviour by teams testing in the cloud before committing on-prem – the real challenge is providing a structured path, not clamping down. On sovereignty, he draws a memorable distinction between a “noisy neighbor” and a “nosy neighbor” in multi-tenant environments – a framing that matters for how MSPs position managed services around compliance. Lee, who recently wrote about what he calls the “sovereign edge”, goes deep on what sovereignty means in practice when AI workloads need to stay local. The conversation also explores the MSP opportunity. While 65 per cent of respondents say their AI runs via managed service providers, Lee candidly notes that figure includes SaaS-delivered AI. The bigger play, he argues, is MSPs becoming the “governed alternative” to shadow AI – a sanctioned service layer offering sovereignty compliance, optimal application placement, and predictable costs. His closing advice: be “AI smart,” not just “AI fast.” Read Full Transcript Robert Dutt: Hello and welcome to In The Channel from ChannelBuzz.ca, bringing news and information to Canadian IT solution providers for 16 years now. I’m Robert Dutt, editor of ChannelBuzz.ca, and as always your host for the show. If you’re an MSP, there’s a good chance your customers are already using AI tools that your team doesn’t know about. Nutanix recently released the 8th annual Enterprise Cloud Index, their big annual survey of how organizations are building and managing infrastructure. And this year, the data paints a picture that would be uncomfortable for anyone who thinks they’ve got a handle on where AI is running in their environment. Nearly 80% of respondents say they’ve encountered AI tools or agents deployed outside IT’s control. Data sovereignty has become a top priority, and containers are quietly becoming the default for new applications. My guest today is Lee Caswell, Nutanix’s senior vice president of product and solutions marketing. Lee came to Nutanix from VMware, so he’s been watching the infrastructure market reshape itself from a vantage point that very few people have. We dig into what the survey data actually says, where the contradictions are, and what it means for MSPs and solution providers. Here’s our conversation. Robert Dutt: Lee, thanks for taking the time. Lee Caswell: Well, Robert, thank you. Robert Dutt: You come to Nutanix from VMware, and your CEO now, Rajiv Ramaswami, he was the COO over there. Now you’re running this survey while the virtualization market is being reshaped by Broadcom’s changes. How does sitting where you sit now, having been kind of on both sides of that fence, shape how you look at this year’s data? Lee Caswell: Well, I think it’s fascinating that for years, maybe 20 years, people just assumed that the underlying virtualization layer was fixed. That vSphere was well established, super product, exciting. A lot of people built their careers, frankly, on learning the ins and outs of vSphere. And to a lesser extent, some of the later add-on products. But the idea that the underlying virtualization layer has changed has, for the first time in years, had people reconsidering how they will build out their IT infrastructure for the next 10 years. Robert Dutt: And we’ll circle back to that theme and that infrastructure theme a little later. But I wanted to dive in off the top into shadow AI, because it’s something that we’ve been talking about a fair bit on the podcast, and it’s something that a lot of partners are thinking about and trying to get their heads around how to deal with it. According to the survey, 79% of your respondents say they’re encountering AI tools or agents that are deployed outside the purview of IT. That’s a striking number. I’m curious, though, about the quality of the problem. Is this mostly folks who are using ChatGPT carelessly or without permission, or are we talking about the worst-case scenario of actual AI agents making business decisions willy-nilly without oversight? Lee Caswell: Well, we’ve certainly seen some of those later examples, but I think the majority of this is rational decision-making on IT and developer teams. Thinking about the fact that AI infrastructure itself can be relatively expensive. GPUs, new servers, new hardware. You’re generally bringing new hardware into the mix to start with. And what customers have been doing is before they go and make their investment strategy, and particularly in on-prem environments, they’ve been trying things out in the cloud where you can rent infrastructure, you can basically start something up, spin it down. That’s kind of a classic test-dev model, by the way, not different from what we’ve experienced in the past. And yet, when you look at how you’re going to deploy AI long-term with considerations around sovereignty and privacy, and particularly around predictable and lower costs, you start thinking about how you can take your on-prem infrastructure skills, which could include a data center but might also include the edge, and start thinking about how do you bring your already-strapped IT teams into this? And from a channel perspective, it’s how do you leverage some of the skills where people have been trained, particularly on virtualization. We’ll come back to this in just a minute. And basically apply this now into the new world of AI LLMs, AI hardware, and containerized infrastructure running on VMs. Robert Dutt: So if I’m an MSP supporting that kind of mid-market client, the 200 to 1,000 seat kind of space, what does a practical response to shadow AI look like at this moment in time? Because, you know, “implement an AI governance framework,” that’s great in concept, but that’s the kind of consulting engagement that’s a little hard for a lot of MSPs to deliver. Lee Caswell: Well, first off, you want to start thinking about what are the risks you’re trying to address. One is you want to look carefully at what LLMs your user base is actually using. One of the things that we’ve been able to do, for example, is have an audit trail, so you can look at who’s using DeepSeek, for example. Who’s using OpenAI? Who’s using some of the Llama 2, Llama 3 models, for example, or NVIDIA models? So the ability to go and look into the user base and get an assessment of that. Secondly, you’re looking at how do you make sure you don’t have a runaway cost model? This was one of the risks in the early cloud days, you remember. You had users getting shocked with the amount of unplanned, unmanaged cloud costs. And so you’ve got this opportunity now to look at how do you manage a brand new metric of consumption, by the way, called a token. I defy you to find somebody who knows exactly how tokens are created and the like. That’s a very difficult challenge. If you can provide a predictable way to manage, monitor, and control the usage of tokens, we do that as a way to basically protect against runaway costs. And then finally, the idea of sovereignty. So where is your data? Specifically, as you look at geopolitical considerations, we have, I think, a stunning finding that showed that 57% of our respondents said that they wanted their AI workloads to be within a sovereign country. Now, that doesn’t mean a single location necessarily, but it does show the concerns around where’s my data? Who can subpoena my data? Who’s got access to my data? And it may be, Robert, that the data model is more sensitive than the data itself, because the data model shows how you’re interpreting the data. And that’s actually a really interesting finding, I think, for a lot of folks, as AI takes hold so quickly. Robert Dutt: And data sovereignty is an area that we want to drill down on. It’s an area that’s of key interest to our audience, obviously. You touch on the 57% number in terms of how customers want infrastructure in a single country. 80% say it’s a high priority. You wrote recently about what you called the “sovereign edge,” the idea that AI is forcing compute closer to data within sovereign boundaries. For a Canadian audience that’s been navigating this between different regulation at different levels, the US hyperscalers and the CLOUD Act, for years, what’s new here? Is this kind of validation that what they’re seeing is real, or is the ground really shifting here? Lee Caswell: I think the sensitivity is a continuation of the trends that we’ve seen in the past. What’s changed is the understanding that in an AI world, data will be more distributed than it is today. And so imagine if you’re a hydro company, let’s say. And you’ve got different dams and facilities and hydro control points. These are distributed. They need to be able to run in a disconnected manner. You want to have AI

    26 min
  8. ESET’s Tony Anscombe on the cybersecurity trends MSPs can’t ignore in 2026

    MAR 11

    ESET’s Tony Anscombe on the cybersecurity trends MSPs can’t ignore in 2026

    Tony Anscombe, chief security evangelist at ESET Tony Anscombe, chief security evangelist at ESET, returns to the podcast for a wide-ranging conversation about the cybersecurity landscape in early 2026. From the emergence of AI-powered malware to familiar weak points that keep showing up in breach after breach, Tony shares practical insights for MSPs advising their customers on security strategy this year. The conversation opens with a look at major incidents from the past year, including the Jaguar Land Rover cyberattackthat disrupted thousands of supply chain businesses and led to a £1.5 billion UK government loan guarantee, the Ingram Micro ransomware incident, and breaches affecting Salesforce and Oracle. Tony shares a striking insight from a cyber insurer: open VPN servers without MFA have overtaken RDP as the leading driver of claims. The discussion moves to shadow AI risks, with real-world examples of what goes wrong when companies deploy AI tools without security guardrails, and why MSPs have an opportunity to embed themselves as trusted advisors by being the security voice in the room. Tony also walks through the emergence of AI-powered malware, including ESET’s research on PromptLock, the first documented AI-powered ransomware – originally a proof of concept from NYU researchers that ended up in the wild – and PromptSpy, the first Android malware to use generative AI at runtime. The conversation closes with Tony’s advice for MSPs to stop talking about “cyber risk” and start talking about “business risk” – framing security in terms of downtime, continuity, and financial impact rather than technical threat statistics. Read Full Transcript Robert Dutt: Hello and welcome to the ChannelBuzz.ca podcast, bringing news and information to the Canadian IT channel for the last 16 years. I’m Robert Dutt, still editor at ChannelBuzz.ca, and your host for the show. Cybersecurity is one of those areas where the threats never stand still, and lately the pace of change seems to be even faster. As we head further into 2026, factors like artificial intelligence, global geopolitical tensions, and increasingly organised cybercrime are reshaping what risk looks like for businesses of all sizes. Today we’re stepping back from the day-to-day headlines to talk about what’s coming next, what really matters beneath the noise, and what IT service providers and resellers should be paying attention to as they advise their customers. My guest is Tony Anscombe, chief security evangelist at ESET, and a frequent flyer on the podcast. Tony spends his time analysing emerging threats, talking with security teams around the world, and translating complex security trends into practical guidance. This conversation is focused on thought leadership and the big picture trends shaping cybersecurity this year, from AI-driven attacks and mobile threats to ransomware and the impact of global events on the digital world Canadians rely on every day. It’s a great conversation, so let’s get right into it. My chat with ESET’s Tony Anscombe. Tony, thanks once again for taking the time. Tony Anscombe: Oh, it’s always a pleasure to chat with you, Rob. Robert Dutt: I just wanted to take this opportunity to kind of take a look at where we’re at in cybersecurity in the early part of 2026 and get your thoughts on what to expect this year, sort of help our listeners, the VARs and MSPs of the world, get an overall feeling for where things are at, where they’re going. I guess to throw things open, when you look ahead at this year, what feels genuinely different about the threat landscape compared to, say, a year ago? I was going to say a year or two, but I think even a year in this rapidly changing place is plenty. Tony Anscombe: Well, I think you’ve seen some pretty big incidents last year. None of them, I would say, are a catastrophic incident, whereas the year before we saw the likes of Change Healthcare and there was the CrowdStrike update and things that affect hundreds of millions of people all at the same time. But you had Jaguar Land Rover with a significant issue. You saw the Salesforce ransomware, the Oracle zero day that was exploited in their systems. Ingram Micro ransomware incident took down a lot of the distribution channel. So I think there were incidents that are interesting. I think to an element, I’d kind of say that you’re going to see more of the same, but the same is becoming more sophisticated and is starting to change. Now, if you go back four or five years, we’d have told you that cybercriminals at some stage will start using AI technologies in there as we go. Then I meet people frequently that turn and say, “I’m being attacked by AI.” The answer to that is, no, you’re not. Stop watching Terminator at weekends. That’s my recommendation. You’re getting paranoid. I say that, but the use of AI within cybercrime is making it more sophisticated. It’s making it more challenging to detect in certain instances and it’s becoming more challenging from a social engineering perspective. The sophistication and the likelihood of you clicking on something is unfortunately increasing. I think if you look at cyber insurance reports that talk about claims and stuff like that, still 40% of people are paying. A lot of the things are business as usual. In fact, I spoke to a cyber insurer a couple of weeks ago, Rob, who gave me a snippet of information that I thought was fascinating. We talked about RDP a couple of years ago, you and I, about the issue of… and he said the majority of their claims are open VPN servers, where people have got a login page, ID and password to log into the VPN and they haven’t put MFA on it. VPNs have now taken the place of where RDP was, so that one seems to be moving down the chain a bit. I took a look, I went on Shodan. I took a look on Shodan and sure enough, you can find lots of open VPN servers. Robert Dutt: Just goes to show how some tools which are at least adjacent to security can be flaws as well. There’s no shortage of that. You already touched on a couple of them. You mentioned AI and obviously that’s the big subject of the industry and of business in general in 2025 and 2026. It seems like we’re at a place where right now, in many cases, it’s coming out in front of security, in front of management and in front of IT control, the whole shadow AI thing. I guess, what are your thoughts on where organizations are most exposed because of that gap that exists? Tony Anscombe: Well, that’s a good point. The boardroom or the management teams in companies are going, “We need AI, we need AI,” because that’s what they’re hearing. Sure, it’s a great tool. If you look at a company like us at ESET, we’ve used AI in our products for two and a half decades or so. It’s not that new to us. But if you look at the latest iterations where a customer can get natural language help and stuff like that, you can sort through our threat intelligence easier. Those type of tools are where companies are at, isn’t it? It’s the customer interaction or it’s the knowledge base searching or it’s being able to get reasonable information quickly and meaningfully and in a nice way. The problem is, a company takes all its data, throws it into an AI model and says, “Hey, AI, can you start helping my customers?” There’s likely to be personal information in there. They’re likely to leave APIs open and such like that then get abused. Before you do this, you need to have a cybersecurity person in the room. Now, that doesn’t mean you don’t do it. What that means is you do it in the right way. The cybersecurity person might turn and sit there and be the doomsday person and say, “Oh, no, we don’t want to do this.” But it’s then about explaining to the people that want it in the business about the risk and understanding where the level of risk lies and whether you’re comfortable and accepting of that risk. We’ve seen some great examples of it, haven’t we? What was it, somebody bought a car from one of the car companies for a dollar or something, they managed to trick the AI chatbot into it. That’s the type of thing you want to be protecting against, making sure that you’ve got those guardrails in place. Also making sure it’s not going to surface some customer’s phone number or customer data inadvertently. Some customer in a previous call may have turned around and said, “Here’s my email address,” or “Here’s my phone number.” Of course, if that’s in your knowledge base somewhere or stacked in your support tickets, the right teasing of that information might bring it out and suddenly, in effect, you’ve got a customer data breach, which your AI told somebody. I’m just saying you don’t want that. You need to do it with security in mind. Make sure the agents are tied down correctly. Now I saw there was an incident last year. I can’t remember which vendor it was with, Rob, but they had an API. It was an AI tool. They had an API for their customers to use. I think it was about 30 different customers were using it, or using the same ID and password. The password, by the way, I think was “default.” Robert Dutt: Perfect. Tony Anscombe: Right? So there you go. That’s just somebody doing it without too much thought. Put a cybersecurity person in the room, every customer would have had their own ID. There would have been stronger authentication, maybe certificate-based, and you wouldn’t have had that issue. It’s about having the cybersecurity people in the room with the business at the time you discuss it. Robert Dutt: That’s an interesting place for MSPs because especially in the smaller end of enterprise and into SMB, when those discussions are taking place, often that MSP is going to be serving as the security person for an organization. It speaks to, I think, the need for you, ev

    25 min
See All (25)

About

Cutting through the noise for Canadian VARs and MSPs

Information

  • Creator
    ChannelBuzz.ca
  • Years Active
    2011 - 2026
  • Episodes
    25
  • Rating
    Clean
  • Copyright
    Copyright © ChannelBuzz.ca 2026
  • Show Website
    ChannelBuzz.ca