SHADOW AI JANUARY - FEBRUARY 2025 Sponsored by MOVE ON-PREM Ecosystem Embrace Volume 24 Issue 1 | channelvisionmag.com CIO CONNECTIONS Partnering to expand in 2025
Eligible services include: • DIA • Broadband/Fiber Internet (AT&T Business Fiber®, Verizon Fios, Cox® DIA Lite) • Wireless - LTE, 5G and Universal Connect II Connectivity Services From December 1st, 2024, through June 30th, 2025, Technology Advisors earn 2X MRC on select Managed Network and Connectivity Services for new EnTelegent Solutions clients. 2X MRC 2025 New Client Energy Eligible services include: • Managed Infrastructure (Consultation, Design, Staging, Deployment, Management, NOCaaS, and Secure Web Portal) • SD-WAN (Cisco Meraki, Fortinet, CATO, and Encompass SD-WAN) Managed Network Services Contact Us: 800-975-7192 www.entelegent.com LetsTalkSolutions@entelegent.com 2520 Whitehall Park Dr., Ste. #200, Charlotte, NC 28273 1. Eligible Services for Incentive: Managed Network Services – Infrastructure Management and SD-WAN; Connectivity – DIA, Broadband/Fiber; Wireless – LTE, 5G, and Universal Connect II 2. Program Duration: December 1, 2024, to June 30, 2025. 3. Submission Requirements: Submit orders within the promotional period. 4. Installation Timeline: Request installation by August 30, 2025. 5. Commission Payment: Partners receive payments on EnTelegent’s normal commission cycle, following the next available report after the End-User is invoiced for service(s). 6. Eligibility: This incentive applies exclusively to new EnTelegent customer orders; existing customers are ineligible. 7. Service Term Requirement: A 36-month service term is mandatory. 8. Special Pricing Approval: For incentive eligibility on EndUser deals with special pricing, written approval is required. EnTelegent reserves the right to approve or decline inclusion on special priced deals. 9. Charge back Policy: Sales incentive payments may incur charge backs if End-Users disconnect within 12 months of activation. Program Details Incentive
JANUARY - FEBRUARY 2025 AI & AUTOMATION 8 AI bubble 8 Popular AI tools 10 Network to fabric 10 AI challenges 12 Collaborating to Control Shadow AI By Gerald Baldino CYBER PATROL 18 AireSpring adds compliance 18 Top security risks 20 A Year of Evolution in Identity Security By David Morimanno BUYERS SIDE 22 Remote Realities RTO mandates and the state of flexible working By Martin Vilaboy 24 The CIO Connection The role of the CIO is evolving, creating new opportunities for partners By Gerald Baldino CHANNEL MANAGEMENT 32 Onboarding importance 32 Channel chiefs hired 34 Ecosystem Embrace Partner ecosystems set to expand in 2025 By Martin Vilaboy 38 NHC’s Winning Formula EDGE TO CLOUD 42 C3 Complete Advances into Pittsburgh By Gerald Baldino 44 Steps to a Secure and Streamlined SASE Rollout By Stephen Amstutz 48 Repatriation Redux New realities leading to a rethinking of on-premises infrastructure By Martin Vilaboy 6 Editor’s Letter 52 ICYMI 54 Ad index CONTENTS Volume 24 – Issue 1 4 CHANNELVISION | JANUARY - FEBRUARY 2025
When it comes to new opportunities or just getting a seat at the table of a potential deal, the reasons a company doesn’t utilize a technology advisor (TA) can be as instructive as the reasons they do. In some cases, there’s little or nothing a TA can do about those reasons. For instance, the top reason for not utilizing an MSP according to a new survey from JumpCloud was simply “I prefer to handle IT myself,” cited by 38 percent of respondents. Given how thin margins can be, much the same can be said about the number two response: “They are too expensive.” One in five respondents, on the other hand, said they don’t use an MSP because “They don’t support the devices, productivity suite or IT systems that we currently deploy.” Another 15 percent said their company had “outgrown the service offerings their MSP supports.” When organizations were asked which tools they would like their MSP to manage that they don’t manage today, IT administrators most often said cybersecurity (63%) followed by SaaS management (53%), Google Workspace (39%) and expanded device management (40%). Of course, when it comes to cybersecurity, MSPs and TAs must be able to display competency before any offerings make a difference. “How MSPs manage security is a rising concern for those using or considering an MSP, with 44 percent reporting they have concerns about how MSPs manage security, up from 39 percent six months ago,” said JumpCloud in its January 2025 report. Compliance is another area ripe for MSPs and TAs. Not only did 37 percent of IT administrators say they would like to see their MSP add compliance and reporting services, 34 percent report having failed a compliance audit or are now required to implement additional security controls to pass an audit. The good news is, customers increasingly view MSPs as advisors that help navigate a rapidly changing tech and business landscape, rather than a source for cost cutting, and the opportunity for MSPs that can successfully demonstrate their value as a partner is big. A full three-quarters of organizations plan to increase MSP investment during the next 12 months, up from 67 percent that said the same six months ago. All told, a full 93 percent of firms surveyed use or are considering using an MSP, and 43 percent of U.S. respondents utilize an MSP to completely manage their IT program. “Increased IT effectiveness” is the top reason IT admins employ an MSP, followed by “MSPs make my job easier.” Moving down in importance since the Q3 2024 survey, meanwhile, was “MSPs are cost effective.” Good news indeed. The Reasons for MSPs LETTER Martin Vilaboy Editor-in-Chief martin@bekabusinessmedia.com Gerald Baldino Contributing Editor gerald@bekabusinessmedia.com Brady Hicks News Editor brady@bekabusinessmedia.com Percy Zamora Art Director percy@bekabusinessmedia.com Jen Vilaboy Ad Production Director jen@bekabusinessmedia.com Berge Kaprelian Group Publisher berge@bekabusinessmedia.com (480) 503-0770 Beka Business Media Berge Kaprelian President and CEO Corporate Headquarters 10115 E Bell Road, Suite 107 - #517 Scottsdale, Arizona 85260 Voice: 480.503.0770 Email: berge@bekabusinessmedia.com © 2025 Beka Business Media, All rights reserved. Reproduction in whole or in any form or medium without express written permission of Beka Business Media is prohibited. ChannelVision and the ChannelVision logo are trademarks of Beka Business Media We use MSPs because … They increase my effectiveness at managing IT 54% They make my job easier 43% They are cost-effective 41% They offer strong customer support 41% They are up to date on latest technologies 40% They can provide a better user experience 38% They save us money 36% They can secure users’ access and identify better than we can 33% Source: JumpCloud We don’t use MSP because … I prefer to handle IT myself 38% They are too expensive 35% They don’t support the devices … or IT systems that we currently deploy 21% They offer more than what we need 17% We’ve had bad customer services experiences with MSPs in the past 17% We’ve outgrown the service offering they support 15% We are too small to be a client if we wanted one 13% Source: JumpCloud 6 CHANNELVISION | JANUARY - FEBRUARY 2025
Contact us astoundwholesale.com | 1.800.246.2455 EVANSVILLE SEATTLE SAN FRANCISCO BAY AREA SAN LUIS OBISPO/ SANTA MARIA LOS ANGELES SAN ANTONIO VANCOUVER, B.C. ODESSA/ MIDLAND PORTLAND DALLAS SAN MARCOS HOUSTON CORPUS CHRISTI WASHINGTON, D.C. SACRAMENTO ASHBURN ALLENTOWN NEW YORK PHILADELPHIA WACO EVANSVILLE CENTRAL VALLEY LEGEND Robust metro fiber footprint and/or data center presence High Capacity Backbone Links Coastal submarine cable access Transpacific and Transatlantic routes Take a di erent route with our Astounding Network Here is an example of how dense our fiber is in Chicago, one of our 20+ metro markets. Astound Wholesale AUSTIN MASSACHUSETTS BAY W. PEABODY WAKEFIELD LEXINGTON ARLINGTON SOMERVILLE BOSTON WALTHAM BROOKLINE NEEDHAM FRAMINGHAM DEDHAM 0 2.5 5 7.5 miles Fiber L E G E N D 20+ METRO AREAS IN 12 STATES 42,000+ FIBER ROUTE MILES 20,800+ ON-NET BUILDINGS 262,000+ VETTED NEAR-NET LOCATIONS 120+ DATA CENTERS CHICAGO L A K E M I C H I G A N INDIANA ILLINOIS ELGIN ARLINGTON HEIGHTS EVANSTON CHICAGO NAPERVILLE HAMMOND Chicago 0 5 10 miles Fiber L E G E N D
Experts and commentators are predicting the bubble around AI could burst in 2025, as obstacles impede the continuation of hype, particularly in the case of generative AI. After years of attracting enormous investments and stirrup up huge expectations, companies and investors will have to lower their expectations regarding what Gen AI and large language models (LLMs) can do, warned Adi Andrei, co-founder of Technosophics, and research fellow at University College London (UCL) Ali Chaudhry, both of whom are members of Oxylabs’ AI/ML Advisory Board; along with the company’s CEO Julius Černiauskas. According to Chaudhry, in some cases, technology is not as scalable as expected. “I think we will see diminishing returns in the capabilities of LLMs. Some AI labs are already hinting that scaling laws are not as effective anymore,” he said. Chaudhry names increasing regulation and general concerns regarding the dangers of AI as factors that will play into taming the Gen AI enthusiasm: “Generally, 2025 will be very important for AI safety, and we will see a lot of work (technical and non-technical) in this space.” Similarly, “responsible AI” and “green AI” will become bigger topics next year, Černiauskas concurred. “Servers that support AI development put a strain on the environment, and there are many risks flowing from a lack of transparency in how AI is developed and functions. AI companies must answer these concerns to earn and keep public trust in the benefits of this technology,” he continued. Andrei, who has more than 25 years of experience in AI/ML and data science, including at NASA, is perhaps the most skeptical of the three. “The Gen AI bubble will most likely burst in 2025,” he predicted. “I was talking about the hype going away last year, but the new influx of money pumped into it without any proof of ROI transformed the dying hype into a bubble about to burst big time.” Andrei points to a diverse and growing list of writers, artists, computer scientists, engineers and philosophers who found common ground against the Gen AI paradigm. “This has raised awareness within the general population of the irreconcilable issues posed by technology and the fact that it is being forced onto people by billionaires and their organizations,” concluded Andrei. Even so, the experts foresee some positive developments coming next year along with some interesting technologies. For Andrei, progress in decentralization technologies, rather than AI, will be fascinating to follow. “2025 will be a year of paradigm changes in the social system, and we will see the emergence of technologies – including information technologies – to facilitate a decentralized way of life and of building community, most likely decentralized social networks, local currencies, and so on.” Chaudhry foresees more AI contributions for scientific discovery. “I think 2025 will be a big year for multi-modal models, especially textto-video models, which will improve significantly in terms of the length of videos, their quality and their obedience to the laws of physics,” said Chaudhry. “We might get some interesting insights into the inner workings of deep neural networks in foundational models.” Černiauskas is hopeful for advancements in automated machine learning (AutoML), which opens this field for those without specialized ML expertise by delegating ML development to algorithms. “AutoML is a crucial step toward democratizing machine learning and AI. With more experts in diverse fields being able to create ML tools tailored to their needs, AI and ML adoption in business can accelerate and open new possibilities,” said Černiauskas. A new study by data collection experts SOAX has analyzed and determined the most popular AI tools for businesses, based on a range of user metrics spanning various categories that were tagged as “business” on AI tools directory, aixploria.com. After categorizing a list of websites that offer AI tools, SOAX gathered five different metrics to create its overall score. Here’s how the top 10 tool categories ranked in terms of use by business: AI Bubbles and Bursting Optimism The Most Popular AI Tools Transforming Businesses AI & AUTOMATION #1 Developer Tools #6 Education & Studies #2 Websites & Design #7 Presentation #3 Productivity #8 Transcriber #4 Automation #9 Data & Analytics #5 Chatbots #10 Sales & Conversion Source: SOAX 8 CHANNELVISION | JANUARY - FEBRUARY 2025
It’s Here: 2024-25 Telarus Tech Trends Report Executive IT buyers are leaning harder on outside advisory for help throughout the discovery and purchase process. The 2024-25 Telarus Tech Trends Report was curated specifically for the channel community and is a must-read for technology advisors looking to take advantage of new growth opportunities ahead. Uncover the Latest IT Buying Trends and Help Your Customers Thrive in the New AI Era telarus.com/techtrends Scan here to view the report today!
The headline might be a little dramatic, but the term “networking” in the data center could eventually be seen as dated due to AI, argued Gilad Shainer, senior vice president of networking at Nvidia. Rather, data center architecture will transform into “an integrated compute fabric” that enables thousands of accelerators to efficiently communicate with one another via scale-up and scale-out communications, spanning miles of cabling and multiple data center facilities, explained Shainer. This integrated compute fabric will include NVIDIA NVLink, which enables scale-up communications, as well as scale-out capabilities enabled by intelligent switches, SuperNICs and DPUs. “This will help securely move data to and from accelerators and perform calculations on the fly that drastically minimize data movement,” said Shainer. “Scale-out communication across networks will be crucial to large-scale AI data center deployments — and key to getting them up and running in weeks versus months or years.” As agentic AI workloads grow — requiring communication across multiple interconnected AI models working together rather than monolithic and localized AI models — compute fabrics will be essential to delivering real-time generative AI, he continued. In this world of distributed AI, all data centers will become accelerated as new approaches to Ethernet design emerge that enable hundreds of thousands of GPUs to support a single workload. This will help democratize AI factory rollouts for multi-tenant generative AI clouds and enterprise AI data centers, said Shainer. This breakthrough technology also will enable AI to expand quickly into enterprise platforms and simplify the buildup and management of AI clouds. “Companies will build data center resources that are more geographically dispersed — located hundreds or even thousands of miles apart — because of power limitations and the need to build closer to renewable energy sources,” Shainer concluded. “Scale-out communications will ensure reliable data movement over these long distances.” The benefits of artificial intelligence are fairly well understood: the automation of routine tasks and processes in order to save time and money, deeper dives into data and thinking in ways that were untenable without high-powered intelligence. Realizing those benefits of AI, however, will require overcoming a diverse set of challenges, suggests CompTIA survey data. And those expected challenges include “identifying uses cases,” which ranked as high as third on the list of expected challenges with AI. Goodbye Network, Hello Computing Fabric The Challenge of AI Challenges AI & AUTOMATION 10 CHANNELVISION | JANUARY - FEBRUARY 2025 AI’s Diverse Challenges Source: CompTIA, 2025 Cybersecurity/privacy concerns Expected/experienced challenges Expected/experienced benefits Time savings on routine tasks Automating IT operations Deeper data analysis Automating business workflows Ability to redeploy employees New insights/suggestions Cost of new applications Identifying use cases Balancing AI and human efforts Cost of infrastructure Building datasets for training Insufficient technical skill Lack of understanding on AI output Difficulty changing workflows 40% 35% 33% 33% 32% 28% 26% 26% 25% 32% 33% 44% 45% 49% 51%
In an industry where products can feel interchangeable, AireSpring’s commitment to service and support really sets them apart. Ashley and Ryan Rowland Co-Founders of Adaptiv Advisors AireSpring truly understands the value of a customized approach To learn more about AireSpring or to become an AireSpring Partner call us today at 888-389-2899 or email us at sales@airespring.com This is the AireSpring Advantage.
Collaborating to Control Shadow AI Companies across the board are struggling with shadow IT, or unsanctioned hardware and software. On one hand, employees need fast and easy access to productivity apps and cloud services to complete their work. Yet companies often have rigid IT policies in place restricting their usage – putting workers at a disadvantage, while doing little to protect against security threats. With shadow IT increasingly looking like an unwinnable war, IT leaders are gradually shifting away from traditional “command and control” management in favor of flexible, worker-centric policies that aim to boost productivity and improve collaboration. This shift is creating an abundance of opportunities for partners to expand their advisory roles, engage with different business units and create additional revenue streams. Let’s explore how shadow IT negatively impacts organizations, and why technology advisors should advocate for stronger partnerships between IT and business units along with greater autonomy and collaboration. By Gerald Baldino In my opinion, employees most commonly use applications not officially sanctioned by IT … To make their jobs easier 54% To be more productive 51% To test out new technology 45% To gain functionality that authorized tools don’t offer 43% Because the procurement process for new apps takes too long 36% Because the existing process for adding apps are onerous 32% Source: JumpCloud AI & AUTOMATION 12 CHANNELVISION | JANUARY - FEBRUARY 2025
GET YOUR NO-COST BENEFITS ANALYSIS Contact your Regional Manager! granitenet.com/partners Deliver a Reliable, Seamless Connectivity Solution Your Customers Can Count On!
How Shadow IT Harms Organizations IT needs real-time visibility into end-user behavior to protect against threats such as data leakage, malware infections and account takeovers. When shadow IT takes place at scale, it introduces significant risk. Shadow IT is to blame for expanding attack surfaces and costly security incidents. In a recent Red Canary report, 73 percent of security leaders said their attack surface has widened by an average of 77 percent in recent years. In addition, 87 percent of respondents said they had a security incident in the previous 12 months that they were unable to detect and neutralize before it caused a negative impact. At the same time, shadow IT is highly resource intensive. Companies often allocate a sizable portion of their technology budgets to shadow IT in the form of duplicate accounts and unnecessary licenses. IT workers also typically spend a significant amount of time detecting and enforcing shadow IT, which creates time waste and pulls them away from higher-value tasks. And shadow IT is accelerating, with Zendesk reporting that shadow AI usage has increased by as much as 250 percent year over year in some industries. Gartner predicts that 75 percent of employees will acquire, modify or create technology outside of IT’s visibility by 2027. The issue is also becoming more complex, with workers now using a variety of AI-driven tools to streamline workflows and boost productivity – often with little regard for how they impact security. According to Microsoft, 78 percent of AI users are bringing their own AI tools to work, in a trend known as bring your own AI (BYOAI). Meanwhile, 52 percent of people who use AI at work are reluctant to admit using it for their most important tasks. Looking ahead, shadow AI is bound to get worse as we transition into the agentic AI era, or the “third wave of AI,” and a new class of productivity tools become available to workers. It’s important to keep in mind that shadow IT is a policy-related issue. Today there are a wide range of solutions for mitigating shadow IT, including endpoint detection, security information and event management (SIEM) and data loss prevention (DLP), among others. But while these services can help detect unsanctioned technology usage and protect assets, they all fail to address the underlying issue: When IT fails to meet workers’ needs, employees will likely go rogue and acquire tools on their own. This is the root cause of shadow IT, and it will always persist regardless of what technology you throw at it. Partnering for Success Faced with the realization that shadow IT isn’t going away, a growing number of technology leaders are abandoning command and control management. Instead, they are partnering with business units to understand their technology needs more closely and improve visibility and collaboration. This shift aligns with a broader business trend that has been picking up steam in recent years. O.C. Tanner found that command and control leadership practices contribute to a 43 percent decrease in overall employee experience, as well as a 42 percent decrease in workers’ sense of opportunity. Companies with traditional command and control leadership are also 84 percent less likely to increase revenue. Attempting to place an outright ban on shadow IT wastes resources and positions IT as a barrier to success instead of a trusted ally. Leaders that The Differences Between Shadow AI and Shadow IT Shadow AI Shadow IT Definition Use of AI tools and technology without IT or data governance team approval Use of unapproved IT software, hardware, or infrastructure on an enterprise network Adoption Adopted by individual employees seeking to improve productivity and tool convenience Adopted by employees or teams to address IT challenges in real time Government and Compliance Lacks IT or data team oversight and control Lacks larger IT or organization oversight Risks • Data privacy • AI model biases • Compliance violations • Lack of transparency • Data breaches • Regulatory non-compliance • Network security threats Cultural Impact Encourages innovation but risks inconsistency in data usage and decision-making Promotes agility but risks a fragmented IT environment and reinforced silos Example Customer service team uses an unapproved AI tool to analyze customer sentiment Employee uses an unapproved storage service to store and share work files Source: Zendesk Workers Using AI Tools Not Provided by Organization Generation Z 85% Millennials 78% Generation X 76% Baby Boomers 73% Source: Microsoft; LinkedIn 14 CHANNELVISION | JANUARY - FEBRUARY 2025
MAKE INTELLIGENCE YOUR ADVANTAGE JOIN THE REVOLUTION INTELLIGENT CELLULAR www.cellsmart.io INTELLIGENCE Leverage 15 million RF data point and bespoke testing carried out for your customers. SIMPLICITY Gain a dedicated team that are experts in monetising FWA. AGILITY Deploy FWA in 5 working days or less across the continental US. We’re ready to help you win high-margin contracts, and rapidly grow profitability with FWA. Contact our partner TMR on: cellsmart@ask4tmr.com. Call the team on: (248) 419-7120.
continue this approach risk hampering their workforce, slowing productivity and falling behind savvier competitors that are using emerging chatbots, automation services and analytics tools. As Compoze Labs partner and data lead Jeff Rogers pointed out, banning shadow IT is especially dangerous for CIOs who are fighting for influence in the C-suite, and whose jobs are under the microscope from other executives and line of business (LOB) leaders. Instead, Rogers advocates IT leaders “be a cheerleader for the organization, as opposed to the mean coach telling users they have to use certain tools. “What happens now is that people do shadow IT, and they’re also viewing the IT department as useless,” explained Rogers. “I would much rather have them be doing shadow IT that I am embracing, by partnering with LOBs and enabling them to do their jobs. This helps the organization, even if it means giving up direct responsibility or management aspects.” As it turns out, this trend is catching on – particularly around AI. In Foundry’s latest “State of the CIO” report, 68 percent of North American CIOs said they are working more closely with LOBs on AI applications, while 61 percent said they agree that LOB is pushing the adoption of AI-enabled products and solutions. Establishing collaborative partnerships with LOBs empowers IT and technology advisors to assume more strategic roles by guiding technology adoption, ensuring compliance with emerging regulations such as the EU’s new AI Act and driving crossfunctional collaboration. “From my perspective, the strategic advisory aspect of the business is really where this is going to become valuable,” Rogers continued. “Advisors can use it to help build bridges so that they become more helpful to the organization. The side benefit is that you connect with the actual decision makers and the people that have the money, which is the LOBs. Now you are a connection to them and can maybe provide managed services. And from an advisory perspective, you will become much more embedded in the organization as a trusted, strategic partner.” Preparing for Change It’s important to tread carefully when suggesting IT leaders alter their approach to shadow IT – keeping in mind that departments with established Why are you unable to address shadow IT? Q3 2024 Q1 2025 Our business moves too fast to keep up with current needs 31% 39% Lack of visibility into all apps employee use 32% 38% We have other more important priorities 36% 35% Lack of partnership and communication with our business partners 29% 29% No SaaS/asset management solution in place 24% 28% Source: JumpCloud 16 CHANNELVISION | JANUARY - FEBRUARY 2025 Managing The Risks of Shadow IT Source: Wallarm
policies may be resistant to change due to security or cultural concerns. Considering this, the first step is to connect with technology and security leaders to understand their environments, discuss pain points and implement a modern security and governance framework to combat shadow IT. After all, granting autonomy into technology management shouldn’t imply throwing in the towel or ignoring the issue. In fact, more visibility and communication will be necessary to make the strategy work. API security provider Wallarm recommends using a three-phase policy, which centers around discovering and identifying shadow IT, evaluating risks and usage and establishing continuous monitoring. Technology advisors also can grease the wheel by explaining how this shift benefits IT and security leaders. As Gartner stated in a post, “the CISO and purview of responsibility is shifting from being control owners to risk decision facilitators.” Spending less time fighting shadow IT will free more resources to focus on critical initiatives such as driving business transformation and implementing new ways of working – both of which are sorely needed. Of course, obtaining buy-in from IT is only half the battle. The next step involves building bridges with different business units and teams. This requires taking the time to understand how individuals and departments interact with technology and creating an environment where business users feel they can be honest about reporting the tools they are using daily. To get the ball rolling, technology leaders and advisors can set up pilot tests and communication channels with LOBs to discuss different technologies, observe how employees work and answer questions about IT oversight and monitoring technologies. As Rogers explained, this can be an effective way to evolve beyond command and control management and create trust. “Getting anything deployed in a big organization can take months or years of compliance checks, security ticketing and so on,” Rogers said. “I had a large company that took a different approach by creating committees with partnerships between IT and LOBs. They set up show and tells and knowledge sharing – things that were positive and drove alignment around the organization but were geared toward active participation.” At the end of the day, technology advisors have an opportunity to connect IT and business units and help organizations evolve their workflows for the AI era. By knocking down silos and starting conversations with LOBs, advisors can help transform shadow AI from a pain point into a strength, while building relationships and diversifying revenue streams. o 17 JANUARY - FEBRUARY 2025 | CHANNELVISION
CYBER PATROL When cybersecurity company Fortra asks companies to name the top 5 most plaguing security concerns facing their organization this year, the top two remained the same from 2024: phishing and malware. Due to the explosion of sites, tools and services leveraging emerging technologies such as GenAI, it’s not surprising that “evolving technology” leaped to one of the primary security threats of the coming 12 months. AireSpring announced that it’s achieved SOC 2 Type II + HIPAA certification. This certification affirms AireSpring’s dedication to protecting customer data, upholding industry standards for security and privacy and meeting the enterprise need across diverse industries, including healthcare, said the company. The certification process evaluates an organization’s adherence to rigorous trust services criteria (TSC), as set by the American Institute of Certified Public Accountants (AICPA). This includes key areas such as security, availability, processing integrity, confidentiality and privacy. AireSpring’s certification demonstrates the company’s robust measures for data protection, including encryption controls, intrusion detection, user access authentication and disaster recovery, ensuring customer trust and operational excellence. Demonstrating HIPAA compliance also underscores AireSpring’s commitment to safeguarding sensitive health information. The certification ensures AireSpring meets national standards for data security, providing healthcare organizations and related industries with confidence in its secure handling of their protected health information. Stellar Cyber and Sophos announced a strategic integration that brings together Stellar Cyber’s Open XDR platform with Sophos’ advanced Sophos Endpoint and Sophos Firewall. The integration provides organizations with streamlined visibility across their entire security ecosystem, enabling faster detection and response to emerging threats, said the companies. The partnership enables security teams to leverage Sophos’ AI-powered threat intelligence and automated protection in tandem with StellarCyber’s ability to consolidate and analyze data from across the security stack. The combination enhances the productivity of security operations centers (SOCs), allowing teams to focus on what matters most: protecting their organizations. AireSpring Achieves SOC 2 Type II + HIPAA Certification Stellar, Sophos Partner on Unified Threat Detection and Response JumpCloud continued its identityfirst momentum by acquiring Stack Identity, a next-generation identity security and access visibility platform. Stack Identity offers cutting-edge data analytics technology that helps reduce key risks in securing workforce access, especially in remote or hybrid work. Customers will be able to detect unmonitored and unauthorized access pathways that most IAM tools miss, said the company. The technology deepens JumpCloud’s existing and planned capabilities in identity governance and administration (IGA), privilege access management (PAM), identity security posture management (ISPM), identity threat detection and response (ITDR) and cloud infrastructure entitlement management (CIEM). “Stack Identity’s world-class team and advanced data analytics technology will accelerate our ability to productize the billions of data signals our platform generates each month,” said Greg Keller, co-founder and chief technology officer, JumpCloud. “This will enable new forms of access control, improved identity visibility and assurance that the right people have the correct access and entitlements every time.” JumpCloud Acquires Stack Identity Top 5 Security Risk for 2025 18 CHANNELVISION | JANUARY - FEBRUARY 2025 ctured Hybrid Full Time in Office 2024 2025 ons currently have in place Days Required in Office per Week er the most important dor lock-in ere are no ernatives Multi-vendor are more challenging to manage ourselves, we need a partner to help us While controls might be better, sometimes this doesn’t represent the best velue The pricing isn’t always clear Le. what is included and what is extra Majority cloud, minority on-premises 44% 100% Cloud-based technology nothing on premises) 17% 25% 28% Average = 2.78 days 15% 20% 25% 30% 5% 32% Targeted live or on-demand training Clearly stated objectives 16% 13% Source: CompTIA, 2025 Difficulty changing workflows 25% What are the top 5 security risks facing your organization in the next 6-12 months? Source: Fortra Phishing/ Smishing Malware/ Ransomware Social engineering Accidental data loss/data leakage Evolving technology (e.g. generative AI) Third-party exposure Skills shortage Zero-day attacks Digital risk (e.g., domain impersonation) BEC 81% 83% 76% 71% 55% 60% 63% 58% 35% 50% 52% 50% 39% 45% 50% 38% 32% 24% 19% 21%
Easton Telecom has been has been a full service business-to-business telecommunications supplier for 30 years. Easton is a great fit for multi-location accounts, all services and locations are billed on one invoice with one place to call for customer service. Easton Telecom Distributor Program Partner with Us Today! Why Choose Us? Consultative Sales Approach- Easton will qualify, quote and complete all necessary paperwork for you Buy Rates Offered- YOU control the commission percentage by setting your own retail rates Provisioning, Customer Service & Monthly Invoicing- All handled by our experienced representatives 24/7 Customer Service & Expertise- Always answered by a live person. On average, our reps have 25+ years industry experience Get in Touch Have questions or need a quote? Our Channel Manager is here to help you find the best solution for your customers. 1-800-222-8122 Channel Manager Jim Leedy jleedy@eastontelecom.com www.eastontelecom.com Internet Fiber, Broadband, COAX, SD-WAN, Fixed Mobile Broadband, Collocation Services & MPLS Voice Sip Trunks, UCaaS, SIP PRI, Business Lines & POTS Replacement Services Wireless Voice/Data/Text
A Year of Evolution in Identity Security The year 2025 will not be a revolutionary one, it will be evolutionary, with developments coming into effect that were necessitated by events and happenings in 2024, and solutions to address these events reaching maturity levels that allow an appropriate, comprehensive response. With threats like ransomware certain to continue, identity resilience is going to become more important in the year ahead and, as such, identity will become the critical component of security. This shift in emphasis started to take place in 2024, but there will be a greater focus on it among business leaders in the year ahead as they start to understand that identity is one of the biggest threats to any organization as it is a key vector for attackers. Based on this there will be six key trends that we will see evolving in 2025: 1. Machine identity management will become the cornerstone of identity and access management (IAM), requiring governance, automation and cloud infrastructure entitlement management (CIEM) tools. Machine identities are not new. They’ve been around ever since people have been accessing information and data, but we have realized that these identities can be easily compromised because they are not governed properly with sufficient controls and, in some instances, security teams do not even know what identities exist or where they are. As such identity, observability, discovery and awareness are going to be vital focus areas for security teams in 2025 as they set out to find all the shadows in the organization and discover where all the different types of accounts are hiding, so they can manage and govern them properly. This will be a cornerstone of identity conversations this year. 2. Identity threat detection and response (ITDR) will emerge as a critical layer in the IAM stack to combat identity-centric attacks. With the increase in ransomware attacks, identity resilience is a vital component in combating identity-centric attacks and protecting an organization and its data. However, if companies do not know what identities exist or where they are, they cannot protect them. As such observability, awareness and visibility of all identities within an organization will be critical in driving better identity resilience. To achieve this, By Martin Vilaboy CYBER PATROL By David Morimann 20 CHANNELVISION | JANUARY - FEBRUARY 2025
companies will need to implement identity threat detection and response (ITDR) to be aware of where the identities are, how they are being leveraged and what to do when that identity is compromised. By adopting this approach, when combating identity-centric attacks, security teams will know exactly where the identities are, how to respond and how to appropriately wall them off as needed, as ITDR forms the center of the detection response solutions and gets them working together. 3. AI-driven IAM will automate processes, detect risks and address workforce skill shortages. With AI adoption on the rise, it is not surprising that AI tools and solutions will continue to be used and implemented across businesses. In the case of IAM, AI will aid in addressing workforce shortages. To achieve this, AI will be leveraged with the industrial edge management (IEM) stack to provide better analytics and predictability and automate processes to enhance the security of these identities. This will aid in early threat detection as ITDR leverages AI-driven processes to improve monitoring and response detection. A further benefit is that AI will also automate repetitive tasks within the IEM, addressing the skills gap and alleviating some pressure from the security teams. GenAI will also play a role in plugging the skills gap as it removes the need for highly skilled teams to decipher entitlements when working on attestation processes. GenAI will provide a clear, concise view of what access is being granted, approved and to whom. 4. Passwordless authentication will become mainstream, driven by FIDO2 adoption and improved user experience. In 2024, passwordless authentication started to gain the attention of security teams, and in 2025 it will become more mainstream as businesses start to realize the security benefits that it offers. However, this does not mean that it will eliminate the password in its totality, rather, there will be fewer passwords and less frequent prompting for passwords as companies adopt other verification tools such as tokens and biometrics to allow access to company systems and data. This year will be a transitional one for the password as companies start to see the value in removing it to provide a more secure but flexible solution. This is being driven partly by the increased adoption of FIDO2, which reinforces that there are more viable alternatives to validate user identities than the password. However, passwords will continue to be widely used throughout the year, but as we move into 2026 and beyond, they will be used less and less and be replaced by passwordless authentication. 5. Decentralized identity (SSI) will rise due to privacy mandates and interoperability requirements. Policy mandates, privacy mandates and interoperability requirements are driving companies to decentralize their identities into different directories, pockets or systems. Rather than storing them in a centralized repository, organizations realize that the central orchestration and management of these identities according to proper standards and controls is more important than keeping them centralized into one solution. This shift will see a decline in companies investing heavily in centralized solutions that do not deliver the value for the time, effort and money that they need to get everything into one solution and manage it all. Rather, decentralized systems that use AI to deliver orchestration and implement rules will provide a more beneficial solution for many organizations to monitor and secure their identities. 6. Continuous identity assurance will be a critical zero trust enabler, ensuring real-time adaptive access controls. Aligned with automation, continuous identity assurance will become a more widely used approach to driving zero trust in an organization by monitoring usage patterns in real-time, verifying users and providing access based on these patterns. This will be achieved as companies embrace AI, passwordless and ITDR to close the visibility and skills gap and ultimately deliver true real-time adaptive authentication access controls. On the other end of the spectrum, adaptive access controls will deliver better identity observability, identity resilience and continuous identity assurance of what is going on in the system and respond as necessary to prevent access if it is not required. While none of these solutions are new or revolutionary, they will start to become more mainstream during the next year as companies strive to tackle some of the major identity challenges and issues that they are wrestling with, particularly in terms of machine identities, which present a big threat to organizational security. As technologies and tools such as AI gain traction, they will help to close the skills gap which in turn will close a growing security gap, as they provide enhanced observability, visibility and awareness and allow organizations to safeguard their assets against identity-centric attacks. From this, it is evident that companies will move from traditional security approaches to prioritize identity resilience and protect their data in 2025. o David Morimann is director of IAM technologies at Xalient. The cyberattack surface is expanding, leading to additional risk exposure. Expected increase in risk exposure in the next 3 years, select example, % Traditional perimeter Endpoints Identities Cloud/workload Internet of Things devices +30% +10% +7% +10% Traditional perimeter Expanding perimeter Expanding perimeter Source: McKinsey & Co. 21 JANUARY - FEBRUARY 2025 | CHANNELVISION
With the high-profile announcements from major brands and presidential orders surrounding the return to full-time in-person working, there is wind in the air that 2025 will be a watershed year for return to office (RTO) mandates. Of course, this is of the utmost importance to providers of business communications and network services, as it impacts how and where workers are connected and protected. So where exactly do things stand with the American workforce, beyond the politics of federal workforce RTO executive orders and the calls from major corporations such as Amazon, Dell Technologies and Starbucks to come back to the office? As usual, the expectations and hype outpace the rate of change. Currently, about three in 10 U.S. companies no longer embrace remote work and expect workers to be in-office full-time. That 30 percent is pretty consistent throughout all of 2024, and it’s actually down from most of 2023, when as many as 49 percent of firms cited themselves as full-time in- office, showed data from the Flex Index, which takes quarterly looks at the state of flexible working. By year end 2025, that 30 percent isn’t likely to change all that much, according to surveys of U.S. companies by ResumeTemplate. Meanwhile, only about 5 percent to 6 percent of respondents are fully remote. The remainder of U.S. firms, or about 65 percent, operate under a “hybrid” model, whereby workers split their days between in-office and remote working, making it far and away the most prevalent work arrangement. It likely will remain the overwhelmingly most popular form of working in the near and far term, suggests findings from both ResumeTemplate and the Flex Index. Within the hybrid work category, the vast majority of companies operate within a “structured hybrid” framework, meaning there is a set expectation as far as how many days or which days an employee goes into the office, versus the employee choosing when to come in. “Structured hybrid is becoming the increasingly dominant work model in the United States,” said Flex Index analysts. Compared to the quarter of organizations that are either fully remote or allow employees to choose, 43 percent of total firms work under a structured hybrid arrangement. That’s up from 20 percent of respondents who did the same in the first quarter of 2023 and the 38 percent in the third quarter of 2024, showed Flex Index data. The vast majority of those organizations (or about eight in 10 of structured hybrid operators) established a minimum number of days per week that employee must work in-person, versus the small amounts that either established specific days or a minimum amount of hours per week. The average amount of days hybrid workers are expected in office is 2.78 days per week, as of the end of 2024. This represents a steady shift upward in required office times for U.S. companies, up from 2.49 days per week in the second quarter of 2024. The change is predominantly driven by two movements in policy, said Flex Index analysts. First, the percentage of firms requiring 0 days per week in-office decreased from 32 percent to 25 percent in 2024, while the percentage of firms requiring three days per week in office increased from 19 percent to 28 percent during 2024. “These are relatively small changes but combined are leading to an increase in the average expectation of time spent in office across the United States,” explained the Flex Index report. Looking specifically at companies that establish a minimum number of days per week of in-office work, about two-thirds require three days per week in-office, while just less than a quarter require two days, while 7 percent and 4 percent require 4 days and 1 day, respectively. Remote Realities By Martin Vilaboy RTO mandates and the state of flexible working BUYERS SIDE 22 CHANNELVISION | JANUARY - FEBRUARY 2025
Breaking down the Flex Index data by verticals, technology and insurance continue to be the top two industries for flexibility, with 96 percent of U.S. tech firms offering some type of work location flexibility, along with 92 percent of U.S. insurance firms. Financial services returned to the top five with 83 percent of firms offering work location flexibility, while professional services and media & entertainment round out that list, despite the Washington Post’s move back to full-time in office. At the other end of the spectrum, restaurants & food services companies (46 percent) are least likely to operate under flexible work arrangements, followed by the education (50 percent) and hospitality (53 percent) industries. Transportation (58 percent) and automotive (58), along with the broader real estate industry (61 percent), round out the bottom five. There also continues to be significant distinctions in flexible work approaches by company size. Excluding the tech vertical, which tends to skew the numbers toward fully flexible work arrangements, about a quarter of firms with 500 or less employees require fulltime in-office compared to 41 percent of firms with 500 to 5,000 employees that do the same. Among firms with 25,000 or more employees, the structured hybrid approach is vastly preferred, while just 13 percent require office workers to be in-office full-time. Ultimately, the recent announcements and headlines around RTO mandates have not gone totally unnoticed. More than half of companies surveyed by ResumeTemplate (54 percent) said they have been at least somewhat influenced by the RTO mandates of large companies such as Amazon and Starbucks. Government actions also have played a role but to a lesser extent. President Trump’s executive order requiring federal employees to return to the office has influenced 35 percent of companies. When asked about the reasons for requiring employees to return to the office full-time, desires for improved productivity, collaboration and communication, interestingly enough, weighed higher than easier employee management. The biggest changes we are likely to see in 2025 in regard to RTO efforts and strategies will come in the levels of monitoring and enforcement. According to ResumeTemplate surveys, eight in 10 companies are increasing RTO enforcement measures in 2025, and among companies requiring a five-day office schedule, 47 percent plan to use termination or disciplinary actions against employees who do not comply. Additionally, 29 percent now consider office presence when determining promotions and salary increases, while 32 percent factor attendance into performance evaluations. Beyond direct disciplinary action and performance criteria, an increasing number of businesses are turning to systems for stricter monitoring, the data suggested, potentially creating an opportunity for technology advisors. Already, badge tracking and attendance monitoring have been implemented by a third of companies surveyed by ResumeTemplate. o 23 JANUARY - FEBRUARY 2025 | CHANNELVISION 3 Fully Flexible Structured Hybrid Full Time in Office te % of US Companies by Number of Days Required in Office per Week Source: Flex Index Which of the following to you conder the most important aspect of partner enablement? Source: Canalys al ments e ers % 0 Days 1 Day 2 Days 3 Days 4 Days 5 Days 25% 2% 10% 28% Average = 2.78 days 3% 0% 5% 10% 15% 20% 25% 30% 5% 32% Days in Office/Week Ease of onboarding process Compelling incentives/rewards Guided next step of journey Targeted live or on-demand training Clearly stated objectives 28% 23% 20% 16% 13%
Today there is a growing emphasis on outcome-based selling and prioritizing customers’ needs and goals. But to succeed with this approach, partners must be in tune with the complex and evolving personas that shape technology strategy – with one of the most important being chief information officers (CIO) who oversee IT budgeting, leadership and management. Technology leaders have long joked that CIO means “career is over,” for its reputation as a thankless position with limited influence outside of IT. But times are changing, with technology transforming all aspects of business operations. Instead of just keeping the lights on, CIOs are increasingly assuming greater strategic importance and being asked to spearhead business transformation. According to Foundry’s State of the CIO Survey, almost half (49 percent) of IT leaders said they expect to play a greater strategic role in their organization, while 36 percent anticipate gaining transformational responsibilities. And in a Deloitte study, 54 percent of CIOs said they identify as change agents, while 59 percent see themselves as enablers of transformation. Notably, Deloitte revealed that 63 percent of technology leaders now report directly to the CEO – a departure from the days when CIOs had to fight for a seat at the table in the C-suite. That said, not all technology leaders buy into this evolution. As Deloitte pointed out, “When asked to rank the defining characteristics of a leading CIO, respondents were split between the conventional (those viewed by themselves and others as running IT) and contemporary (those embracing the opportunity and reinventing the CIO role), saying the traditional, more IT-centric qualities are just as important as the strategic and more customer-focused ones.” Deloitte also indicated that company size seems to influence CIO characteristics. Technology leaders at large companies are more likely to be tasked with taking on organizational risks. Leaders at small By Gerald Baldino The role of the CIO is evolving, creating new opportunities for partners to deliver guidance and support The CIO Connection BUYERS SIDE 24 CHANNELVISION | JANUARY - FEBRUARY 2025
channelvisionmag.comRkJQdWJsaXNoZXIy NTg4Njc=