The Gately Report: Sectigo Partners Benefit from Google Chrome Policy Change

Channel Futures: Who will be impacted when Google changes its policy for TLS certificates?

Mark Bloom: It will affect everyone. If you think about it, it takes three to eight hours to change out one certificate. If you have 100 of them and you're doing that five to six times a year, imagine the man-hours and the cost. You're going to have to go out and actually hire people to manage this. So rather than going out and hiring more bodies, you could just bring in a product like us and manage it to where you can set it and forget it, where it does the automatic renewals and everything that it does. The only hindrance is once that announcement gets made, there's going to be a mad rush to get management of this and get it under control. And so it's going to not only affect us, but it's going to affect our competitors, too, in a good way. And it's just a matter of time.

CF: What types of partners are you working with?

MB: We work with a lot of different partners. So we work with SIs, and traditional VARs and resellers. We haven't worked much with the UC space with the TSDs. We haven't worked much with those referral agents. We will be having an MSP product coming out later in the fall so we'll be working with MSPs. There's a segment of the business that manages for customers and so you have to work with MSPs. Especially in the SMB space, they manage a lot of them and then some larger companies, instead of hiring a whole new team, they'll bring in an MSP. And so MSPs are a piece of the business that we just have to plug into.

CF: Did you fill an existing role or was it newly created?

MB: It's a little of both. They had channel managers that went out to partners before, but the challenge is that you really have to educate them. It's teaching them what the product does. So we're going out there and really educating them on the space and the need for what we do. The technology sells itself. It’s better than anything that's out there today. But the industry, if they're not educated on it, a partner is going to look at it and say, "Well, how do I sell this?" So it's the education part that really is the important piece to it and we haven't really had anybody that has taken on that role before. Kevin [Weiss, Sectigo’s CEO] knows me from my past and we worked together at Unitrends. I'm an evangelist, and I go out there with a whiteboard in front of a partner and say, "This is what we do; this is what the product should do; this is what the industry needs." And having that person going out there and being an evangelist to it, especially with the partners where you can get a pen out and whiteboard with them so they understand it, that's the difference. So that's why Kevin brought me in to build up the channel and attack the market with it.

CF: Did bringing you on board signal a shift in Sectigo’s overall channel strategy?

MB: We've always been a channel-friendly company. Our shift is to do this with partners. We don't want to be taking deals directly, and we know that the channel is the key to success. Kevin's vision is we do this with every type of partner that we can. He embraces the channel and he's the main reason why I joined the company, because I know that he has that passion behind the channel and that's our path to success.

CF: Are you going to be building a new partner program, or enhancing the current one?

MB: We have the foundation of the partner program going right now and with it we're going out to partners and if they run into us in a deal, we'll bring them in. If they want to register an opportunity, fantastic, we'll work with you. Even if we're in the midst of a deal and the customer says we want to buy through SHI, we have no problem just saying, "Come on partner; let's work on the deal together." And so it's a little bit different approach. We know that by embracing the channel, it's going to take our company to where it's been trying to go for years. Kevin's a channel person and believer in it.

We just hired Trey McCall from Ping Identity. He's our new sales leader for worldwide, and he's another person that's passionate about the channel and loves working with partners. Our goal over the next two years is 100%-channel. That's what we want. We're getting close. It's something that we believe in from sales to marketing, and everybody else. We believe and we're passionate about the channel, and we know that the only way that we're going to be growing this business is through partners. And it could be different types of partners. They can be referral partners. There are so many different arms in this industry that you can reach out to, so it's really going to be up to the customer to choose where they want to procure through. Whether it's us or partners, we'd rather go through the channel.

CF: What are you hearing from partners in terms of what they like and don’t like, and what works and doesn’t work?

MB: With most partners, when I come in there for the first time and I'm telling them what the space is, they almost have a sense that it seems too easy. They can't believe that there aren't a lot of people in this space that do what we do. When they look at the opportunity that they have, every one of their customers needs us. It's not we're a good fit for one company but not another. We're a good fit for everybody. So when they see the opportunity up there, it's almost hard for them to believe that there’s that much of a need for a product. And when they talk to their customers about it and they ask, "How are you managing your certificates today?" they hate it.

We did a trade show with a partner recently, and there were 500 people there, and everybody who came to our booth said they hate managing their certificates. Everybody has a need for this. So when partners see the opportunity in front of them, it's almost like, what's the catch? So for partners, it's just more eye-popping to them that they've never seen an opportunity like this. There's so much greenfield in it because there's not a lot of product. There aren't a lot of people in our industry that do what we do. There are only a handful of companies. And we're going to embrace the channel and show them the way.

CF: Is there anything holding back Sectigo from more growth and expansion?

MB: The only thing that's hindering us is that we're not moving fast enough. So we're just constantly grinding and trying to get to market as quickly as we can because it's every partner that we run into, and we're recruiting for the first time, it's getting them in the door and onboarding them the right way, and making sure the partner is set up to succeed. It takes time to onboard the partner. So for us, the only challenge that we have is multiplying us by 50 to go out there and do the best that we can. That's the only thing that's slowing us down.

I wish I had 15 of me that would go out there and evangelize what we're doing. There hasn't been a partner that's turned us away yet once they see what the market is, and the product and how it works, and the opportunity. Before, these customers were buying certificates, but they just weren't buying them through the partners. Now that they have access to do that, it's going to change the landscape. Now they can get that business back and capture more of their customer spend because that's their whole goal. This is something that has escaped them for years.

CF: Who are Sectigo’s competitors and what gives Sectigo a competitive advantage?

MB: There are companies like Venafi, Keyfactor and DigiCert that do a portion of what we do, but they don't do everything that we do. We sell the public and private certificates, and do the management. Our competitors either do the management, but not the certificates. They do private certificates, but they don't do public. So there are a lot of companies that have a piece of what we do, but they don't do everything that we do. And the fact that we can do all of it, where it's aone-stop shop, that's what puts us at an advantage. And the fact that we can scale extremely high up into the enterprise, we're limitless. We can go enterprise all the way down to SMB. Since we have everything packaged up in one bundle, we can say instead of going to DigiCert or Entrust, you can now buy your certificates through Sectigo, public and private, and also do the management of it. The fact that we do that and nobody else does, we're in a good spot.

CF: What can partners expect from Sectigo in the months ahead?

MB: They can expect leadership from Sectigo in this space. What's important is that not only do you have a go-to-market strategy, but what we're going to do that's a little bit different that I haven't had any of my competitors do, is going in there and saying, "Look, this is the industry, this is how you sell it,  this is how you can get up there with your customers and really take a hold of this because it's going to be a problem for a lot of companies." But it’s also going to affect schools. It's going to affect governments. It's going to affect everybody all the way down through the state in that the management of this is going to be incredibly difficult. And what we're going to be the leaders in is going out there and evangelizing, "This is what the industry needs; this is how you do it and we're here to help you."

In other cybersecurity news …

During RSAC, the Cybersecurity and Infrastructure Security Agency (CISA) reported that 68 software manufacturers, including several of the biggest names in cybersecurity, had signed its Secure by Design pledge.

CISA said secure-by-design principles should be implemented during the design phase of a product’s development life cycle to greatly reduce the number of exploitable flaws before they are introduced to the market for broad use or consumption. Products should be secure to use out of the box, with secure configurations enabled by default and security features such as multifactor authentication (MFA), logging and single sign-on (SSO) available at no additional cost.

We asked Fernando Montenegro, senior principal analyst with Omdia, which shares a parent company with Channel Futures (Informa), if signing this pledge will make a difference in terms of making the cybersecurity industry safer for partners and customers.

Omdia's Fernando Montenegro

“As cybersecurity moves into center stage as a critical component of modern society, movement shifts from purely technology advances to much more complex socio-economical ones,” he said. “I think it’s only fitting that the theme for this year’s RSAC was ‘the art of possible,’ as it reminds us of the famous Bismarck quote of politics as the art of the possible, the next best. I see this CISA announcement in that light. It’s a good step in getting more visible commitments from key cybersecurity vendors in the space, both in terms of having them show they are taking a public position about doing more on cybersecurity, and in signaling that addressing cybersecurity requires political coordination.”

This is an evolving discussion involving three main stakeholder groups, Montenegro said. Those are vendors, consumers (primarily organizations, not directly individuals) and broader government.

“And these steps are, to me, positive movement in the right direction,” he said. “That said, there is still much to be worked on in terms of the balance of responsibilities between these groups.”

A new Veritas Technologies survey released Monday shows many employees have a false sense of security and are putting their organizations at risk for ransomware attacks.

One thousand employed individuals aged 18 and older and 600 IT professionals aged 25 and older were polled in the United States.

“In a world where entire online meetings can be falsified with deep-fake videos of senior executives to dupe employees, it’s concerning that many people still think phishing attempts are only going to come in the form of clumsily worded emails,” said Matt Waxman, senior vice president and general manager of data protection at Veritas Technologies. “This survey highlights the dangers of relying on employees to recognize ransomware attacks and the critical need for businesses to embrace their own AI-powered solutions to fight back.”

More than two-thirds of non-IT employee respondents said they’re confident they can detect a phishing email that could lead to a ransomware infection. Notably, the youngest sample of respondents and presumably the most tech savvy, employees aged 18-24, aren’t as confident in their ability to spot a suspicious email as those aged 25 to 44.

Regardless of their confidence level, the survey found employees are still likely to open email, even when it seems suspicious, if it appears to come from a friend (63%) or colleague (63%). Similarly, questionable emails that appear related to employer benefits (60%), an online order (56%), or bank or credit card issuer (54%) also have a higher likelihood of being opened.

Employees said they look for signs like misspelled words or poor grammar to identify email phishing attempts, which have historically been telltale signs that messages come from hackers. 

However, the IT professionals surveyed recognized in vast numbers that attackers now use AI to eliminate these giveaways.

The survey also showed some encouraging steps many organizations are taking to protect their data against cyber threats. More than 80% of IT professionals said their organizations have invested more in technologies like AI to counter ransomware attacks. Additionally, 66% said their organizations are implementing more frequent security audits. Stricter data access controls were also reported by 62%.

Other findings include:

A new Veritas Technologies survey released Monday shows many employees have a false sense of security and are putting their organizations at risk for ransomware attacks.

One thousand employed individuals aged 18 and older and 600 IT professionals aged 25 and older were polled in the United States.

“In a world where entire online meetings can be falsified with deep-fake videos of senior executives to dupe employees, it’s concerning that many people still think phishing attempts are only going to come in the form of clumsily worded emails,” said Matt Waxman, senior vice president and general manager of data protection at Veritas Technologies. “This survey highlights the dangers of relying on employees to recognize ransomware attacks and the critical need for businesses to embrace their own AI-powered solutions to fight back.”

More than two-thirds of non-IT employee respondents said they’re confident they can detect a phishing email that could lead to a ransomware infection. Notably, the youngest sample of respondents and presumably the most tech savvy, employees aged 18-24, aren’t as confident in their ability to spot a suspicious email as those aged 25 to 44.

Regardless of their confidence level, the survey found employees are still likely to open email, even when it seems suspicious, if it appears to come from a friend (63%) or colleague (63%). Similarly, questionable emails that appear related to employer benefits (60%), an online order (56%), or bank or credit card issuer (54%) also have a higher likelihood of being opened.

Employees said they look for signs like misspelled words or poor grammar to identify email phishing attempts, which have historically been telltale signs that messages come from hackers. 

However, the IT professionals surveyed recognized in vast numbers that attackers now use AI to eliminate these giveaways.

The survey also showed some encouraging steps many organizations are taking to protect their data against cyber threats. More than 80% of IT professionals said their organizations have invested more in technologies like AI to counter ransomware attacks. Additionally, 66% said their organizations are implementing more frequent security audits. Stricter data access controls were also reported by 62%.

Other findings include: