Listen to the podcast
Read Transcript
Erick and Rich discuss how economic uncertainty is affecting IT spending plans, as well as what MSPs can do to navigate declining markets, supply chain disruptions, and other challenges to service delivery and profits. Then they’re joined by Mark Bloom, senior director of North America channel sales at Sectigo, for a look at the TLS certificate management opportunity and why MSPs not already providing that service will need to soon thanks to forthcoming changes to certificate lifecycles. And finally, one last thing: what happened in Rich’s hometown of Seattle when hackers used crosswalk signals to express their dislike of Amazon board chair Jeff Bezos.
Discussed in this episode:
Rich: [00:00:00] And 3, 2, 1. blast off. Ladies and gentlemen, welcome from another episode of the MSP Chat podcast. Your weekly visit with two talking heads, talking with you about the services, strategies, and success tips you need to make it big and manage services. My name is Rich Freeman. I’m a co-host of this program.
I’m also Chief Analyst Channel mastered, the organization responsible for this show. I am joined as I am every week by your other co-host, our chief strategist at Channel mastered Erick Simpson. Erick, how you doing? I.
Erick: I’m doing great, rich. It’s finally a Friday as we record this today. Now for folks like you and me and many MSPs in our audience, just another day that ends in y but I’m looking forward to the weekend.
How are you [00:01:00] doing?
Rich: I’m looking forward to the weekend as well. As regular listeners know, I’m here in Seattle. The weather can be a little bit gloomy much of the year, and that gloom can extend into wet is summer everywhere else, but we are getting legitimate spring weather here right now, and that’s supposedly gonna extend into the weekend.
I hope to soak up some of that sun before it goes away.
Erick: Yep. And it’s been getting a little cooler here in southern California where I am rich. But yeah, looking forward to a great weekend. We’re going to the angel game tonight by the time this airs, folks will be like, yeah.
Angel game. Yeah, there’s a Friday night angel game. We’ll be rooting on our hometown favorite angel team.
Rich: Later on in the baseball season here on a different episode, we’ll have to talk about this a little bit because I’m, of course, a Seattle Mariners fan, so we need to create some bet here where I’m sending you Seattle Salmon if your guys win and so on.
But we’ll work that out. Let’s let’s get into our story of the week here. Erick. And speaking of soaking up sun while you [00:02:00] still can we’re at an interesting moment interesting in quotation marks interesting economically, interesting geopolitically and in fact conditions around trade and around tariffs are changing on a regular basis.
But what we can say right now as we come early into Q2 still here, tariffs are above where they were in Q4 of last year. They may go significantly higher than they are now. There is a great deal of concern among economists among businesses, among consumers about possibly inflationary effects of those tariffs and of that trade.
And therefore some concern within our industry about what this could mean potentially for vendors, for solution providers, for MSPs et cetera. I had an opportunity earlier this week Erick, to get a glimpse of some moment in time answers to questions like that. And then I emphasize moment in time because by the time people in our audience [00:03:00] are listening to this episode or watching it, everything I’m about to say may have changed.
But as we record this on Friday, April 14th here’s where we are right now based on what we know. From IDC. So first of all, like I said we’re early in Q2. If you look at the numbers for Q1, they’re actually pretty good. And we came into the year knowing obviously that the Trump administration had campaigned on tariffs as a big important policy priority.
So we knew tariffs were coming. During much of Q1, we saw tariffs go into effect, get shifted around delayed, brought back into effect, et cetera. So there was some uncertainty around that, which created economic uncertainty as well. But we knew tariffs were part of the picture, and yet by and large it spending held pretty strong in Q1.
The trick Erick, is we don’t entirely know why which is to say we don’t know if business confidence held strong in Q1, and that’s why spending was good. Or [00:04:00] if people were making decisions in anticipation of higher costs. Later on, we all probably saw the headlines about Apple shipping. 600 tons of iPhones by air out of India before tariffs went into effect to save some money.
IDC thinks there are some businesses out there that have been pulling spending, they plan to do later in the year, particularly around hardware forward so that they can maybe save themselves a little money. So that might, we don’t know that might be making the Q1 numbers look a little bit stronger than they were.
And there’s some more data from IDC that it, points in a couple of different directions. They went out to CIOs mostly in larger businesses in March. And they asked them what they were going to do in response to tariffs, 54% of the CIOs they surveyed specifically in the us and they would be increasing.
It spending. Again, you look at it one way, it’s like those strong numbers in Q1, that sounds pretty [00:05:00] good. And maybe it’s entirely possible that it is pretty good and that these CIOs are anticipating investments in AI and automation. If the economy goes into recession. But what IDC thinks was going on there is basically these businesses were saying we’re gonna be increasing our IT spending above what we budgeted because inflation is gonna make everything more expensive.
And so we’re gonna keep buying more or less what we plan to. It’s just gonna cost us more, and that’s gonna increase our IT spending. More question marks, not quite sure what to anticipate. One thing though, that’s a little bit clearer, the CIO’s IDC surveyed said 38% of them said that because of their economic concerns, they will be quote unquote aggressively.
Renegotiating existing contracts. That tells you that the consumer sentiment shakiness that we’ve seen in surveys, the small business confidence shakiness that we’ve seen in surveys that is extending into the minds of people [00:06:00] responsible for it, purchasing decisions. And they’re already thinking about what am I gonna have to do to make sure I eliminate waste to eliminate unnecessary spending, to cut back where I can by renegotiating contracts.
Last but not least, this is data, not from IDC, but from canals that I came across at least just this morning. I’m not sure exactly when they published it, but it was recently because what they did in February, canals went out to MSPs in particular and asked them, how do you expect. Tariffs, an escalation in tariffs to affect your business.
In February, 17% of MSPs said, and I’m quoting, this will be a disaster with a major impact across our business canals. Went back out, asked MSPs again in April. So just within the last couple of weeks, how do you expect rising tariffs to affect your business now instead of 17%? 26% are saying it’s gonna be a disaster.
The number who said they’re expecting an impact, if not a [00:07:00] disastrous impact, has risen from February to April from 15% to 23%. So again, Erick, don’t know, we don’t know what to anticipate. Here in the industry, there are certainly some signs of end users of businesses bracing themselves for higher costs and possibly a recession.
We’re seeing companies in the IT industry, solution providers, MSPs, vendors, distributors, they’re all thinking that same way. The question is there a self-fulfilling prophecy there where everybody bracing for impact actually causes a recession to happen? Or do we discover one month, two month, three months down the road that there was a lot of concern, but we actually came through this.
Okay,
Erick: rich it’s such a moving target. It’s difficult for any organization. The clients that MSP serve, the vendors that we leverage. MSPs themselves. It’s tough to try to insulate [00:08:00] yourself from a potential threat when the game keeps changing underneath us. And I think that uncertainty is probably the most frustrating component of what we’re seeing happening now.
If we think back to the pandemic and the extreme measures and the tactics and strategies that everyone employed to help us get through that, I’m gonna leverage a couple of those tips for my tip of the week that I switched up on you. You may not notice it, but once I realized what the story of the week was, I quickly pivoted for my tip of the week here.
But it is super challenging to try to to figure out what’s gonna happen. And I think the biggest. Response that business owners and leaders make are what you just said is we’re going to try to conserve a war chest. We’re gonna be extra economical, we’re gonna try to reduce waste. We’re gonna try to increase [00:09:00] efficiencies and make several other changes that I’ll talk about in my tip of the week to try to get us through at least this phase of uncertainty in preparation for what comes next.
Rich: And I think you’re right to underscore the uncertainty element. It is a concern and an issue for businesses, for governments, et cetera across the US and around the world, obviously. But it is part, very much part of this picture that we’re painting here right now where businesses are preparing for the possibility.
Some people may say likelihood, but certainly the possibility of economic trouble down the road. And so if I’m, if I’m injecting a hopeful note here I guess there are a couple and one is. If you look back at prior economic downturns, even if we do go into a recession quite often, recessions are good.
Work out well for people in the IT industry because businesses will invest in areas like automation and AI driven automation these days to be more efficient and to save [00:10:00] money. And then we know. From what we saw during the covid economic crash people aren’t shutting down their managed services contract.
In a situation like that, it used to be the last contract you canceled, basically if you were in business was you, or the last thing you canceled was the phone number. ’cause no phone number, you’re not really a business these days. It’s no, it, and you’re not really a business. And so the last thing you do is fire your msp.
So MSPs tend to be resilient in a downturn. Sometimes businesses invest more in tech in a downturn, and maybe are, we’re in a very uncertain place right now, but maybe a month, two months from now, if there is more certainty out there, then maybe businesses can actually make decisions that could result in less caution and more of a return to the spending plans that businesses came into 2025 with.
Erick: I love the positivity in that response. Rich. As as a former M-S-P-I-I, I know a lot [00:11:00] of MSPs and we are very risk averse and plan for, hopefully plan for the worse. And I hope that we’ve learned lessons from the previous pandemic. Yes, the more mature MSPs definitely thrived during the pandemic and the rest of us learned lessons to try to insulate us from economic uncertainty and potential downturns.
Let’s see. But that was when organizations really needed our help. The supply chain disruption, the tariffs and things like that are creating new challenges. Some might be familiar from the supply chain issues in that, but the tariffs and the increased costs. Those are new. So these are uncharted waters for all of us.
And it’ll be interesting to see in a quarter or two how we pull through it.
Rich: Yeah. So the the sun is shining in Seattle, hence that note of optimism that you detected before. But there’s no two getting no getting [00:12:00] around it. Basically tariffs are gonna be part of the picture that is going to have implications for costs and for purchasing.
The question is just how much of an impact does that have? And bring on your tip of the week, Erick, ’cause you’ve got some advice for the folks in our audience about what they should and maybe shouldn’t be doing right now.
Some things to think
Erick: about. Can we assess, so this is navigating economic uncertainty and supply chain disruption.
And then looking towards the impact that these tariffs, whatever they end up being, it seems like they’re changing every couple of days. We know in General Rich, that as growing businesses, managed service providers have to stay on top of their costs and making sure that they are realizing the margins that they’ve set for their services.
So just, again, we’ve talked about this on the program before, but common sense says make sure that you are [00:13:00] truing up every one of your clients to your most current pricing models and rates. Making sure that you are standardizing the things that you are delivering to your clients so that you can become so that you are as, as efficient as possible in delivering these services.
You may begin to look at diversifying some of your supplier relationships. Maybe there are suppliers that you can count on. To maintain a price point for you that may be sourcing their materials from other places, notably the US in this case. That can insulate you from any kind of tariff uncertainty or rising costs or things like that.
How about, and this may be a little bit, late to the game here, but it’s trying to stock up on critical hardware gear and things like that. If you have the opportunity to [00:14:00] warehouse some of the most requested hardware or gear to keep you going and supporting your existing clients, and especially if you’ve got projects on board on deck the sooner that you can source and procure that material, hopefully you can get that taken care of before having to pay increased prices.
Let’s talk about the scenarios Rich, where you’ve already got an approval for a project and your costs of goods now have increased by who knows, 10 to 25%. What do you do then? There is nothing wrong in my opinion, rich, about going to your clients and saying, Hey, these prices are no longer good because of things that are outside of our control.
So we’re going to have to re-quote you. Now, there’s a danger in having that conversation, rich. [00:15:00] There’s two dangers. The danger is by not having the conversation, you are going to erode all the margin that you built into that project. The second danger is the client will say let’s you just wait and you gain no revenue whatsoever.
So that is a very delicate conversation. You’ve gotta navigate that strategically with your clients. Some guidance that, that we learned from the pandemic and in those days is, Hey, we’re all in this together. What can we do together to make sure that we’re continuing to deliver these services?
We continue to support each other through this and come to some sort of an agreement. You may have to skinny down some of your profit margins. I don’t like doing that in general, but if it’s what you need to keep revenue coming in, maybe it’s a little bit lower profit margin. Maybe you work with your clients and maybe work out payment arrangements differently so that you try to maintain as much margin as possible, but just receive that those [00:16:00] payments over a longer period of time, helping the client to say yes to those types of things.
The last thing I would say, rich, is reevaluate what you, what’s in your service bundles. If your service bundles now include required gear that you have to invest in to deliver, of course, increase those prices or rates, or maybe consider alternatives where you’re using less gear and maybe using more virtual solutions, cloud solutions, SaaS solutions.
So you’ve gotta really think about how you can minimize your cost by still delivering the high level and quality of service you can to your clients, and then working together as a true business partnership rather than a customer vendor relationship.
Rich: On the topic of pricing and pricing changes, protecting your margins, you’re reminding me of an exchange of emails that I had last [00:17:00] week with Gary Pika of True Methods a legendary consultant to MSPs just like yourself, Erick.
True methods, it’s part of Kaseya right now, but I asked him what advice would you have for MSPs who are trying to prepare for who knows what exactly? And one of the things he said is, if you find yourself in a situation where customers can’t pay what you’re charging them. And so in, in the scenario you’re talking about there, Erick, if you need to raise your prices because your costs have gone, and your customers are saying they either can’t or won’t do that, Gary’s advice basically is to exchange.
The price they can and will pay for a longer contract term. If they’re not willing to pay you what you really want them to pay you for a one year contract renewal, settle on what they can do, but sign them up for three years, sign them up for five years, something like that so that everybody is coming away from that negotiation with [00:18:00] something.
Erick: I like that advice. And Gary and Pika Gary Pika and I are longtime friends. Friends and colleagues. So we, we exchange strategies too as well. What I would add to that is make sure no matter what term your contract is or your agreement is that you sign with your clients, that there is a clause in there that allows you to reevaluate the price on a regular basis to make adjustments.
Four things that are outside of your control. There is a clause that I include in all of my agreement templates that I provide to MSP partners, which that allows them, and I recommend it to be, an annual kind of a review that allows you to then increase it based upon things that are outside of your control.
Economic stressors, vendor price increases, things like that. And for those of you that are really timid about, having that conversation with clients or thinking that’s gonna be shot down, I don’t recommend this, but I have talked about it before, you can maybe put a, not to [00:19:00] exceed X percent or tie it to, the cost of inflation or things like that.
So you can get really creative. Some folks think rich, that the that writing a long-term contract can be a negative, right? Because who knows what my costs are gonna be in, in three years and things like that. Now I gotta stick to this price. I’m saying no, you don’t. Write that long term agreement.
And doesn’t mean that you’re gonna raise your rates every 12 months, but if you need to, this gives you the opportunity to do with a client understanding eyes wide open that the price of doing business changes and allows you to have that conversation. And the last thing that I would say is maybe not today with the current situation, but in general, I like the ask forgiveness later approach rather than ask permission first when you raise your rates, sending out an a notice to every client and saying, Hey, we’ve been able to keep our costs low for this amount of time, but unfortunately our cost of of goods sold now has increased dramatically.
So we’re going to increase your [00:20:00] costs by X percent. You’ll see that change reflected in your next invoice. We appreciate you. We love you. See you at
Rich: MX QBR. Okay very sound advice, Erick, and much needed by many folks in our audience right now. Folks, Erick and I are gonna take a quick break when we come back on the other side.
We are gonna be joined by Mark Bloom. He is the North AmEricka Channel Chief Force Tigo. He’s gonna be talking with us about something that does not get talked about enough in the world of managed services I believe, which is certificate management. Doesn’t sound like a big deal or a big opportunity for reasons we’re gonna get into it is.
So stick around Erick and I. We’re gonna be right back.
All right, and welcome back to part two of this episode of the MSP Chat podcast, our spotlight interview segment, where we are very pleased to be joined by Mark [00:21:00] Bloom from Tigo. He is the senior channel director specifically for north AmEricka there. And we are going to be speaking with him about certificates, certificate management for MSPs which is a a neglected topic in my longtime opinion.
But before we get into that, mark, first of all, welcome to the show. Thank you. For folks who don’t know you, don’t know Tigo, just introduce yourself a little bit.
Mark: Yeah I’m a 18 year channel vet. I’ve been in the channel what seems like an eternity. I’ve worked for. Companies in the backup space, disaster recovery as a service, both the UCAS and CAS cybersecurity and then with Tigo, with certificates.
And so I’ve had the luxury of not only seeing all the different types of partners out there that work in the different sectors, but I’ve had an opportunity to also build a lot of those channels. And taking something from the ground up is something which is my expertise. And one of the reasons why [00:22:00] Tigo brought me in was to get their channel running and going like a machine.
And that’s what we’re doing. It’s been an exciting run here so far this past year and a half. And it’s only getting busier. And I
Rich: suspect it’s gonna get busier still for reasons we’ll get into a little bit later in the conversation where there’s actually a lot of change happening right now in the world of of TLS certificates.
We’ll get into that in a little bit. I kind of wanna start though with a longer term, bigger picture question. ’cause I’ve been writing about managed services and MSPs for a long time, and it’s long occurred to me, seemed strange to me that given that pretty much a hundred percent of SMB end users out there have certificates.
Why are relatively speaking, so few MSPs doing certificate management for their clients? Do you do you have any thoughts basically about that? Yeah,
Mark: it, because initially it wasn’t a channel product, it was a direct [00:23:00] product that, even today, a lot of the certificates when they go and get purchased are purchased directly from retail sites.
And that’s one of the things that Tigo, that we’ve done a transformation on within the channel is that when we talk to partners and we have resources that we could show them what their customers footprint is in regards to public certificates. When we show ’em those numbers we go through ’em and say, look, they’ve been buying certificates all this year.
They’re just not buying ’em through you. And the education piece is something that we’ve talked about that we have to really get out into the community and let partners know that this is actually channel product and you can’t sell it. Instead of letting this basically go directly, partners can get a better pricing from us directly rather than going direct.
And so it’s, that’s always been like a misconception is that going direct to get better pricing. And that’s a urban myth, is that working with channel partners and. Utilizing their discount structure is something that [00:24:00] customers should be taking advantage of. And on Tigo side, when I look at, the footprint that the s and b market has is that they don’t really have a large number of certificates that are on the public side, but depending on how many applications and devices and everything else, there could be hundreds if not thousands.
And so when we talk about SMB is that it’s always defined sometimes by revenue, sometimes by company size. And I think where MSPs can come in is that this is a absolute play for them because what MSPs are doing in managing all different types of Microsoft services and other services they provide for their customers.
Adding certificates as a service is something that is not only a line item they can instantly include, but manage it through multi-tenancy. So that’s really the exciting part of it.
Erick: Mark, as a former MSP myself we, I remember the [00:25:00] days, and I’m aging myself, right? This was in the early two thousands.
I remember the, we didn’t have a very strategic view of managing certificates. Typically what would happen is a client would call us freaked out because their website was down, or email wasn’t working, or something like that. And we had to go in very reactively and figure out what was going on and then fix it for them.
And then, because we didn’t really have a strategy or we weren’t as mature as MSPs are today, or as we got to be later on, before we sold our MSP practice, we really weren’t charging clients for that. We thought, oh, it’s happening so infrequently. We’ll just throw it in with our normal, monthly fee.
So my question to you is, how other, other than adding this to an MSP’s kind of responsibility, how are MSPs able to really charge for it? It may be a [00:26:00] smaller kind of margin type of a, of a sale to their clients, but in the overall scheme of their bundle, how can they generate even more revenue through not only purchasing these certificates on their clients’ behalfs, but what other services and pull throughs and value, strategic value are you seeing MSP partners gaining from taking over this very critical function for for their clients?
Mark: You, to save you on the age thing is that certificates used to be a 10 year cycle, and so they would buy certificates and you wouldn’t have to touch ’em for 10 years. Now, those cycles over the time have gone down and with last weekend, them making the announcement that eventually they will go to a 47 day path is that it’s increased the amount of work that customers would have to do on their end, on the certificates.
And so now the initiative for next March is that it goes down to 200 days. So what does that mean for an IT department? They now have [00:27:00] double the work they did before imaging the certificates. And every time that we do a treat show or an event where we have a large amount of customers, I, we talked about in Green Room before this the event that we did yesterday and everybody was coming up to us when we mentioned certificates.
They had that pale look on their face and how much they didn’t like managing them. Imagine now throwing, double the work on top of that, which basically takes time away from projects that they can do. And most MSPs are, or. Necessarily not coming in doing the whole IT environment, but they’re augmenting services for customers in various different ways.
And so with MSPs now going in and helping them manage that certificate as a process, they can actually go back and do the work that really they’re hired do in the IT department. They’re not wasting their time on on certificates, which can take anywhere between three to eight hours to renew. It’s not an easy process.
And [00:28:00] so it’s really important that we focus, especially in the MSP market, is getting that ability to put it in front of them to where they can charge it. And then all the MSP really has to let them know is that this is a service we can provide for you too, so that you will avoid outages. And I think that the hardest thing with an MSP in any shape or form is really where their value comes into play and.
With an outage of any type is that you’re losing anywhere between five to $9,000 a minute depending on your business. And with an MSP, they can almost guarantee that if they’re managing it, have it automated that they’re never gonna have any downtime. And that’s really what a customer wants to hear is that their MSP is making sure that they’re up and going 24 7 365.
Rich: Mark. I wanna clarify something here, underscore a distinction because I keep talking about certificate management, but [00:29:00] if you look at the certificate business for an MSP, there are actually two different businesses there as I understand it. And one is issuing, like buying the certificates, and then the other is managing the certificates.
Those are different functions. They quite often involve different vendors. Should, can MSPs be doing both of those things? And it, assuming this is something that’s practical for them what are the advantages of having both pieces of that business?
Mark: It’s a great question. I think that what, when you really have to peel back the onion a little bit, is that when they’re issuing certificates, is that the value to the MSP is that of course they’re coming in renewing the certificates.
Again, augmenting their services on top of that IT department so that the IT department can go out and do the normal projects that they’re assigned to do while they don’t have to wait on certificates. That’s one thing that MSPs can come in once they get their certificates, they can go in change [00:30:00] them out, get ’em up and going, and it’s, it takes a couple hours to do that.
And so when you have an MSP doing that for you in the background, that’s one thing, but when also when you loop into the management piece to it, they really go hand in hand. So if you are managing all these certificates and issuing for the customer, basically, is that you’re gonna wanna be able to have an idea of where all their certificates are, whether they’re public or private, and help them understand.
Exactly. Again, they could pull up a, our management tool, for example, and show you exactly what certificates you have, where they’re, where they’re located. Also, basically when they’re coming up for renewal, having that visibility and providing that to their customers is more than a value add because anybody knows that once a certificate becomes expired, your website goes blank and says, proceed with caution.
And so that’s, nobody wants [00:31:00] to see that. What MSPs will do is they’ll build that foundation form on the certificate side, not only handing the issuance of it, but also the management of it. Customers can rest assured that they’re always gonna have uptime rather than downtown.
Erick: Mark, you mentioned a minute ago when I was talking about my experience, in my Ms P practice and you made a comment that certificates used to be 10 years.
Now those timelines are shrinking and I would love for you to unpack that a little bit more. Tell us exactly what is going on. With these changes being made by Google and Apple and others and how and what do you foresee on the horizon and what does that mean for certificate holders and managers of the MSPs that are, trying to stay
Mark: ahead of this?
What it comes down to, and the reason why these certificate lifecycles have shortened, has nothing to do with the cash grab from their, the [00:32:00] certificate or the cab form. There’s no monetary value that this is really driving. What it’s designed to do is security posture. And I’ll unpack that a little bit, is that when you have bad actors that sit on your information, and right now there’s a big thing with information gathering to where they’re sitting on your system and learning how you handle incident response what you do during your, daily security checks.
They go in and study how you go through the data. Is that they’re learning everything that they’re doing by going through and changing these certificates more often than the next is What they’re doing is they’re making it harder for the bad actors to sit in your system and learn what you do.
They have to re crack that certificate every single time that they’re wanna sit in your network. So by shortening the life cycles, what it does is it creates a level of security that you have that eventually it’s gonna get down to 10 days. That’s the goal. And if you have the ability to automate that process to make it as [00:33:00] difficult as possible for bad actors it throws out the question that everybody should be asking.
Why? Why don’t we do that? If this is the best way for me to make sure that I have security across not just my public facing, but my private facing certificates and all my devices, then it’s something that should be part of our protocol. We should be analyzing. How many often, how often are we renewing these?
Are we doing it within the 47 days? Why can’t we get this lower? You really want to improve your security posture. And when you look at the way that it spends money, 60% of it goes to security. So it’s a, it, in my opinion, it’s a no brainer decision that this is not only what’s good for the community as a whole, but is basically setting the precedence from when quantum computing comes down and how these computers will be smarter and able to, crack your certificates at a much higher [00:34:00] rate because they’ll learn basically the patterns and everything to be able to do it.
And so with quantum computing and really the push coming down the highway is that certificate management and how this is all done nowadays is really in the best interest of the customer. Consumer at this point.
Rich: I should say we are recording this interview on Friday, April 14th.
My understanding, and you’ll correct me if I’m wrong is that voting on Apple’s proposal to shorten the lifespan of certificates to 47 days ends today. And in fact, I got a message from somebody on your PR team earlier this week that as of, Tuesday or Wednesday precisely zero no votes had been cast on that proposal.
So by the time people are hearing or watching this podcast episode that shortened timeframe will have been approved, almost certainly. And I guess the only question is when does that go into effect? And so what that [00:35:00] means is somewhere down the road, I don’t know how long maybe you do there, there are going to be a lot more or there is going to be a lot more risk maybe of expired certificates.
So yeah. For sure make the case for the MSPs in our audience who are new to this, and they’re thinking about how do I make the case for c certificate management as a service to my end users based on this change? What do they need to understand about the implications for the end users of these certificates, turning over every 47 days, and as you said, it’s going to 10 at some point.
Mark: Yeah, I would look at it from the standpoint is that with MSPs and with everything that, that the cab form did in this past week, it was a unanimous decision. And so as I always tell partners, that there’s two types of companies out there. There’s a proactive and reactive. The people that are [00:36:00] proactive to this announcement will now.
The next, I would say less than a quarter, we’ll start investigating CLMs and the benefits to it, right? They’ll start doing their information and their research and we’ve already seen an uptick in not only our lead volume, but questions from partners on this. And it’s only been a couple days. And so when we see the community like this re be proactive and go out there and start doing the information gathering to choose the right solution is that, that’s the approach to take when companies say we’ll wait till that date has been announced, or wait until something comes up.
What might happen to them is they, it’s a process to take all of your certificates and put them into ACL M. It’s not something you can do at a snap of a finger. And I know that there’s different providers out there that provide professional services to go with it. That it’s a. A project [00:37:00] that takes some time to do.
So by being reactive to the situation, you’re basically on the clock. You’re gonna have a certain timeframe and it’s gonna be a year from now that it goes down to 200 days. And so with that is that you’re either gonna be proactive about the situation or reactive, proactive, make sure that you’re safe, reactive, puts you in jeopardy.
Do I have enough time to do this? And so I think that to get in front of it is that companies are right now, like even with everybody that we were talking to at our trade show yesterday, that they heard or read about it somewhere about the certificates coming down the pipe. And so that’s why we had such a high interest in information that really, that they were kept asking us about was automation.
How can I get this au to be an automated process where I can set it and forget it? Just monitor it like I would opening up an application, seeing how everything’s performing, checking to make sure that all my [00:38:00] certificates are in line, and then you can go on here with your day. That’s eventually where you wanna get to and where customers were asking a lot was that automated process to do that.
And so I think it’s important that when MSPs, they should really look at and evaluate what kind of customer do I have? It’s good that they put out that information and inform their customers that, Hey, this is something that’s coming down the road. This is a service that we can provide for you.
Let us be proactive and get you set up so that nothing disrupts your service so that you don’t have to worry about it when the actual shift comes. And I think that’s something that MSPs can do today, is get the information out to their customer base and let ’em know that, hey, we can actually do this as a service for you.
This is the reason why we’re doing it and making the offer to you is that if this is not something you’re gonna have a choice over, this is something you’re gonna have to do.
Erick: Mark, I [00:39:00] talk a lot about asking forgiveness later rather than permission first when we’re trying to get a client to move in the right direction that they need to move in, especially when it’s concerning strengthening a cybersecurity posture and things like that. What kind of a competitive advantage could an MSP leverage if they go all the way to the discussion with a client that says, we’re going to change out your certificates more often than what the minimum requirement is going to be coming down the pike?
How is that something that. You’re, that you see partners thinking about, is that something that if you were doing this directly for your clients, you could you know, considering that it’s, that it can be automated and done automatically how could you leverage that as a competitive advantage? And is there a reason to do it that way?
Mark: Way? Yeah, I think that with MSPs is that [00:40:00] they always wanna show their value in what they bring to the table, more so than their competitor does. And so usually with MSPs they provide, or they’re specialized in certain services. And the fact that when they’re adding this into the portfolio, there’s not many people that do.
And so the competitive advantage that you bring is by leveraging this inside your portfolio, you are a total services package rather than just a a. A specialized company doing Microsoft or backups or, augmenting certain things, is that they can go in and adver and advertise all their services rather than just a few that they can offer.
Is that the more robust you can be as an MSP, the more attractive you are to a client. And eventually, and I know that it departments don’t like hearing us, but MSPs can come in and be that backbone to it. It’s always [00:41:00] the, when we used to talk to a lot of MSPs is make sure you don’t say we’ll come in and take over because customers run and get scared when they hear that augmentation is the word that they should be using and saying, these are the service we can provide on top of what you can doing to make sure that, help desk and everything that you need.
Microsoft licensing, all that’s done with us. And so by adding those additional services that. I would say 99% of the MSP community doesn’t have today. That adds value.
Rich: The 47 day lifespan we’ve been talking about here, that is a near term issue that is coming soon to an end user near you.
But let’s talk a little bit about a longer term issue. You referenced this briefly before quantum computing. I wrote a post about post quantum cryptography in my blog channel holic not long ago. Erick and I talked about that issue on the show in a recent episode as well from your point of view inside the world of certificates.
Talk a little bit about what the [00:42:00] implications of quantum computing are and will be for CER certificates and the way in which quantum computing is gonna make a 47 day lifespan. Look ridiculously long.
Mark: Yes. And that’s really the main point of it. And that’s when we talk about shortening that down as much as we can.
The harder we make it for quantum computing to be able to crack these certificates is the objective. And I think that they always said by 2031, quantum computing will be around. And I, I think just based off conversations that we’ve talked with our company, we’ve got some of the smartest guys in the business that understand this industry and have a full in depth knowledge on, on what’s coming from quantum computing.
And we, I think personally it’ll be here faster than 2031. I’d say it the way that AI is, it’s advancing it, that today, I’m sure there’s computers that, that could crack those [00:43:00] certificates quicker. And as they learn through, AI gets smarter to do this, it’s. Quantum computing is not just a boogeyman that exists on the road.
It’s a real thing and it’s gonna make it difficult for the industry. Now there are some things that, that will make quantum computing difficult. When it comes to, cooling down those computers and, ’cause they do suck up a lot of heat and it’s challenging. So there’s a, with the challenges of the equipment, that’s what’s basically, I think, slowing it down a little bit.
But the actual technology of it, it’s getting smarter and smarter each day. So it’s important that, from a security standpoint is that the better that you make your security posture, again, it goes back to being proactive or reactive about a situation. And the companies that are proactive about it and they get in front of situations, what, you’re a reactive IT [00:44:00] department.
That’s what costs you money because you’re reacting to the situation and you really can’t quantify those costs because you’re reacting to ’em and you’re of course gonna pay more. How many times especially with ransomware, getting into your backups and encrypting them, is that there’s ways that you can have in beat ransomware just by doing your backups at a a certain way to where if you do get attacked, all you do is you wipe the drives and reissue ’em, reissue the data that’s on there. And you’re not losing data, but especially if you’re doing point in time recovery, it’s the same thing. Is that with quantum computing, is that it’s gonna be challenging. And I think that at the end of the day is that the more that you’re astute with your security policies and everything else, is that by the time that this really comes and hits.
You’re ready for it. The ones that are being reactive about it will feel the pain.
Erick: So Mark, [00:45:00] MSPs are like, as you talked about, always trying to become more strategically valuable to their clients. We’re seeing more and more workloads move from on-premise applications to the cloud, SaaS solutions, things like that. Certificate management seems to me to be something that could apply to lots of different areas in an organization.
Could you take a moment and just describe the, what are the qualifying questions that an MSP could begin asking their clients to explore The total potential of all the different certificates that a an SMB business would need. For them to keep track of and manage and make sure they’re being renewed and rotated to avoid the constantly modulating phase or fire, if you will, that quantum computing is going to bring to us.
So just give us an idea of kind of what that looks like and then maybe how to have a conversation with a client to let them know [00:46:00] that where we’re going.
Mark: It’s something I honestly spent a lot of time doing this week with partners. They initially called in to say, Hey we saw the all the news with going down to 47 days.
They were like, what does this mean? Like, how can I have these conversations with our customers? And one of the things that, that we do internally is that we actually can show a partner their customer’s footprint that’s public. So when we do that, we bring up. Their entire public footprint and all the different certificates when they were issued, who issued them.
And we give them kind of that information before they talk to their customers so that when they do get on the call, they can go through and say, company A, B, C is that, look, just by doing some initial analysis we see that you have five to six different types of certificates in here. My, my question is how do, how are you managing all these different types?[00:47:00]
Because the only CLM players that manage agnostically are us key factor and vinify, and now vx, those are the only ones that really go in there and manage those certificates across the board. We’re the only one that actually certificate authority. So we’re put up at a different level at this time, but when we actually show that footprint.
To the partner and they’re able to have those conversations with the customer. They go in with a logical conversation. If you have a pretty good size footprint of certificates, the question should be how are you managing them? And it’s really the customer will. That’s where you get to hear the pain of how much time this takes.
And I said it probably 10 times yesterday. I can always give you ROII can always save you money through a discount, but what I can’t give you back is your time. That’s the one thing I [00:48:00] can’t do. I can do those some other things, but that’s the one cognitive thing that I can’t do. And time is money.
And when you have the time that it takes customers to do this process, again, it just sucks up resources that they could automate and just go ahead and do. And that’s why MSPs. When they have the conversations and actually break this on for the services that they’re currently doing, is that it goes to show that they’re at, they’re being more proactive with their customers saying, Hey, this is a concern of ours for you as your MSP, this is what we see.
This is what we recommend. Hey, by the way we do this, it’s, they could either add it as a significant charge or just include it in the value that they do. It’s really up to the MSP on how they charge or weight that if they have already a significant footprint with the customer, it’s something that they’ll maybe [00:49:00] either add on or charge for, but the value of what they’re doing for the customer is there.
And so when I explained that, that whole scenario to ’em about giving their time back, the money and everything else just went out the window. When I said, I can’t give you back your time. You’re like, you’re right. My time is the most important thing as an IT administrator. And that to me, discounts aside in special pricing and all that good stuff, that’s, it’s good, but I’d rather have my time back because when you don’t have time to do projects, they pile up.
And that’s really where an MSP can come in and allocate the time back to the consumer that they’re working with on, Hey, this is something you don’t have to kill your time on. Let us do it for you.
Rich: Mark. This has been a a very interesting and also I would say timely conversation. The three of [00:50:00] us talked about this just a few weeks ago at a conference. And right away I knew I wanted to get you on the show. To alert our audience to what’s going on out there right now. Four folks who are listening or watching right now, who wanna get in touch with you wanna learn more about Tigo and the business that we’ve been discussing here.
Where should they go?
Mark: You could always go to Tigo and learn. I think that one of the things as a company that we really made a conscious decision to do is educate the community on the why factor. Going to our website and understanding all the different things that, that certificates do, all the changes that are coming about, the reasons behind them.
I think of, and our competitors do a good job of this too, but I think we do it better than most, is that our education that we’ve put this year out in the community is soup to nuts the best in the business. And I think as. Our responsibility as a [00:51:00] certificate authority and also as ACL M, us being the leader in this space it really is up to us to be the leader and putting on all the information.
You can go to tigo.com to get that. In regards to picking my brand and get more of an insight, you’d always find me on LinkedIn. I’m very active on that and I put out as much information not just to consumers, but the channel as well through LinkedIn because I’ve got a solid base of about 12,000 people that I’m connected to.
And it was funny, I get to see all the different clickthroughs on all the different stuff that I post. And this top one this week was the shorten of certificate lifecycles. It actually took up my analytics through the roof starting on Wednesday when I started pushing stuff out. It’s been a busy week and.
You could always go to Tigo and reach me directly. And when it comes to helping out the MSP community is that we have several members on our team that specialize this. Max Edwards is one of our leaders in Nest. We will take the time with them at any time [00:52:00] to go through this because this being a kind of a new business for not only the our community, but for the MSP community, educating ’em on the right things to do best practices, these are the things that we’ll take the time to do and walk through the partners with so that they understand is that this is gonna be a significant add-on to my product.
What are the things I need to do to get prepared for it? And that’s one of the things that’s tego that we are really gonna spend a lot of time with in the next couple months here, is educating the community on the, on what’s best to do. And you leverage us as a resource to do it.
Rich: All right mark Bloom from Tiga.
Thanks again for joining us on the show. Folks, Erick and I are going to take a quick break here. When we come back on the other side, we’re gonna share some final thoughts about this conversation with Mark. We’re going to have a little fun wrap up the show. Stick around. We will be right back[00:53:00]
and welcome back to part three of this episode of the MSP Chat podcast. Like I said, Erick, timely conversation with with Mark Bloom there. As I suggested at the beginning of the conversation, certificate management has long struck me as one of these overlooked services that MSPs could be doing.
But I really didn’t understand just how big an issue this is until you and I had a chance to meet and speak with Mark just a few weeks ago at a conference. And all of a sudden it, it just became crystal clear to me. There is a certificate, tsunami headed for businesses, small businesses, large businesses, everything in between.
And particularly now. Now as of today, we know this is coming and those 398 day lifespans are at some point relatively soon, gonna become 47 day lifespans. And very few of the businesses that are gonna be affected by this, know that right now, or understand that right now. And so there is this huge [00:54:00] window of opportunity for MSPs.
Basically. So if you are the trusted advisor who goes in and explains this to an existing account that is going to make you even stickier with that company, it’s gonna be a, a. Probably for a lot of folks in the audience, a brand new revenue opportunity for them as well. If you’re looking to break into an account, with a company that already has an MSP, this is one of those things to ask in the conversation.
Have you talked at all with your MSP about this certificate thing? Do they know what to do about it? Because here’s what’s coming your way and you are gonna need some help with this. We can help you with that. One, one last thing, Erick, and this is something that Mark said to us off the air as we were thanking him again, for joining us on the show.
He really underscore the automation element of this story here. He touched on this during the during the conversation with us, but obviously that same burden that end users who are self-managing certificates right now are gonna face [00:55:00] when those lifespans drop to 47 days, you pick up that business, that’s your burden as well.
And so in order for you to provide the service to your customers, but do it cost effectively automation is gonna be really critical.
Erick: Yeah. Rich it really struck me when we had our conversation at that conference with Mark. It hit me like a ton of bricks because I immediately.
Recalled the pain that we had and the reactive nature of us trying to save a client who had let their certificates expire. That could even happen to us in our MSP practice one time. It, it happens to everybody when you’re not managing it, monitoring it, et cetera. And I would say that whenever there is a, a point in time, like there’s a sense of urgency now that can be applied to these conversations that MSPs can be having with their existing clients and with potential prospects that may have another incumbent [00:56:00] MSP competitor in the mix that, as you just alluded to, I think it it definitely accelerate sales velocity and sales close time.
I think the other thing that I would also say is, the, what strikes me as leveraging such an important critical component, I. Of a business’s brand and image and operations, like you said, that can be automated and self-managed by, a platform so that, you’re just you know that you’re always going to be delivering the most critical and most important aspect of that service in an automated fashion without human labor involved.
I think that’s called Mailbox Money Rich. I don’t know.
Rich: Yeah. No you make a really good point too. Folks like yourself advise MSPs to manufacture urgency in the sales process to get, accelerate decision making. You don’t have to do that in this case. There, there is [00:57:00] real legitimate urgency attached to this issue here, and it’s, all the more reason to be having that conversation now with current and and prospective clients.
And folks, that leaves us with time. For one last thing on this episode of the show here, and as regular listeners and viewers know I am a resident of Seattle. That’s where I’m coming to you from here on the show. Two things to say about, there are many things to say about Seattle.
I love the city a great deal, but two things that the city is probably well known for. One is this is a very. Liberal city, regardless of what your politics are. We’re not gonna get into politics here, but I will just tell you as somebody who lives in Seattle as this is a deep blue city here, and it’s also obviously a city well known for the tech industry here.
Companies like Microsoft and Amazon and WatchGuard and SkyKick that ConnectWise recently bought. They’re all based, and so we have a lot of people with technical skill who are [00:58:00] also. Pretty left wing and not terribly fond, therefore, of Jeff Bezos’s apparent political affiliations these days.
He was at the inauguration of president Trump. There are a lot of folks here who weren’t happy to see that. And what do you get, Erick, when you get people with technical skill who are unhappy with Jeff Bezos for being a a friend apparently of Donald Trump? What you get is a very interesting hack.
So I, I don’t know how widespread this is in the rest of the country here in Seattle, especially downtown, the crosswalk signals all speak to you. You press the button ’cause you wanna cross the street and the crosswalks tell you whether it is or is not safe to cross. Except recently, that’s not what they were telling people.
What they were telling people is quote, hi. I’m Jeff Bezos. This crosswalk is sponsored by Amazon Prime with an important message. Please don’t tax the rich otherwise, all the [00:59:00] billionaires will move to Florida too, and it goes on from there. But if you can imagine everyone crossing a street in Seattle for some period of time and hearing the the voice of Jeff Bezos delivering that message to them that the a new animal in cybersecurity here in Seattle, Erick,
Erick: I’ll tell you what folks have a lot of time on their hands for pulling these kinds of pranks.
If only we could do leverage these, these skills for good. But it is a funny story, rich.
Rich: And it it brings us to the conclusion of this episode. We thank you so much for joining us. We’re gonna be back in a week with another episode for you. Until then, I will just remind you, this is both a video and an audio podcast, which means that if you are listening to us, but you’d like to check us out on video, you can go YouTube, book up MSP chat.
You’ll find us there if you are watching us on YouTube, but you like to listen to podcasts as well. Go to Apple, Google, Spotify, wherever it is to get your podcast. You’re probably gonna find us there. And wherever you find this, please [01:00:00] subscribe, rate, review. It’s gonna help other people find and enjoy the show just like you do.
This show is produced by the great Rus Johns. It is edited by the great Riley Simpson. They’re part of the team with us at Channel Mastered. They’re here for you if you wanna create a podcast of your own. Podcast folks, though are a little tiny sliver of what we do for our clients at Channel Mastered.
If you wanna learn more about that, please go to www.channel mastered.com channel. Mastered has a sister company called MSP mastered, that’s Erick working directly with MSPs to help them grow and optimize their business. You can learn more about that at www.mspmastered.com. So once again, we thank you for joining us.
We’ll see you in a week. Until then, folks, please remember, as we always urge you to do you cannot spell channel. Without [01:01:00] MSP.
Check out more episodes
