Ninja One's $500M Funding, Zoom's Revenue Drop, Europe's AI Push, and CMMC Certification Risks

[00:00:02] It's Wednesday, February 26th, 2025, and I'm Dave Sobel. Four things to know today. As Ninja One raises $500 million, its cybersecurity strategy remains unclear. Zoom's pandemic high is fading and AI can't save it yet. Europe's AI push is gaining momentum, but will regulation be its strength or its weakness? And MSPs without CMMC certification are risking losing government business. Here's why.

[00:00:29] This is the Business of Tech. Ninja One has recently secured $500 million in Series C funding, raising its valuation to $5 billion. This investment, which comes from iconic growth in capital G, will be directed toward enhancing autonomous endpoint management, patching, and vulnerability remediation, as well as improving customer support and facilitating the acquisition of DropSuite, that SaaS backup and data protection firm.

[00:00:56] According to Canal's reports, Ninja One is gaining significant market presence in the remote monitoring and management space, competing closely with Kaseya and ConnectWise. Ninja One's customer base includes major organizations such as NVIDIA and Lyft. Why do we care? I want to highlight two elements to Ninja One's moves here. First, a portion of this is facilitating the acquisition of DropSuite. I'm reading that to say that some of this money is spent.

[00:01:24] Second, Ninja One has a gaping hole in their cybersecurity play as an MSP platform. The DropSuite acquisition brings SaaS backup, but backup is not cybersecurity. It's a reactive layer. No clear EDR, MDR, or SOC direction means MSPs using Ninja One must bolt on security solutions themselves, unlike competitors offering an integrated approach.

[00:01:47] Cybersecurity differentiation is becoming a selling point for platforms, and Ninja One risks becoming just another RMM tool in an era where RMM is table stakes. And consider this. Why leave this open? Is the funding to plug that hole via further acquisition? Or are they positioning to be acquired by a security player?

[00:02:10] This episode is supported by Flexpoint. Flexpoint offers a purpose-built payment solution from managed service providers, automating billing operations to enhance efficiency and cash flow. With features like accounts receivable automation, branded client portals, and secure same-day payments, Flexpoint streamlines financial management. Integrations with accounting software such as QuickBooks and Xero, as well as professional services automation tools like ConnectWise and Autotask, ensure seamless data synchronization.

[00:02:39] Experience improved cash flow and client satisfaction with Flexpoint's comprehensive platform. Learn more at getflexpoint.com slash msp-radio. Zoom Communications has issued disappointing revenue forecasts, predicting full year and first quarter earnings below Wall Street estimates as demand for video conferencing wanes.

[00:03:02] The company expects revenue between $4.79 billion and $4.8 billion for fiscal 2026, slightly under the average analyst estimate of $4.81 billion. In the first quarter, revenue is projected to range from $1.16 billion to $1.17 billion, compared to expectations of $1.18 billion. Despite a strong increase in users during the pandemic, the company faces challenges as many employers shift away from hybrid work models,

[00:03:31] with major firms like JPMorgan Chase and Amazon requiring employees to return to the office full-time. Zoom's shares fell by 2%, closing at $79.40 in extended trading. The integration of artificial intelligence into its tools has yet to prove effective, with analysts describing it as more of an expensive experiment than a transformative solution. But Lenovo has achieved a record in sales for the third quarter, attributing this success to the surge in artificial intelligence and a refresh of personal computers.

[00:04:01] The company reported significant growth, driven by increased demand for both consumer and enterprise products. The surge reflects a broader trend within the tech industry, where investments in AI technologies are impacting the market dynamics. The specific figures for revenue growth and market share were not disclosed. Why do we care? Zoom's disappointing revenue forecast confirms what many in the industry already suspected. The video conferencing boom was temporary, and its post-pandemic reality is far less favorable.

[00:04:31] Zoom has leaned into AI-powered features, but so far, these haven't meaningfully boosted adoption. It suggests that AI enhancements in video conferencing alone are not a revenue driver. Perhaps they're table stakes, not differentiators. Their recent moves to lean into productivity and workflow enhancements? We'll see if they resonate. Lenovo claims the growth is increased demand. I wonder if it's a sugar high due to worries about tariffs.

[00:04:58] Large language models made a significant entry into Europe's digital sovereignty agenda with the announcement of the OpenEuro LLM project aimed at developing open-source language models for all European Union languages. Co-led by two computational linguists, the initiative has a budget of 37.4 million euros, with 20 million euros sourced from the European Union's Digital Europe program. The project includes partners from academia and industry across several countries,

[00:05:28] including Spain, Italy, Finland, and the Netherlands. However, concerns have been raised about the project's feasibility due to the involvement of over 20 organizations, leading to some question whether it can achieve its ambitious goals. The aim is to create foundational models that preserve linguistic and cultural diversity, with the first version expected by mid-2026 and a final iteration by 2028. In a significant move to enhance artificial intelligence capabilities in Europe,

[00:05:56] the EU has launched the Invest AI initiative, aiming to mobilize 2 billion euros for investment in AI, including a new European fund of 20 billion euros for AI gigafactories. The initiative was unveiled at the Artificial Intelligence Action Summit in Paris. The Invest AI fund will finance four future AI gigafactories across Europe, specializing in training complex AI models, and will include around 100,000 of the latest AI chips.

[00:06:23] This public-private partnership seeks to ensure that every company, not just the largest, can access substantial computing power. The EU Commission's initial funding will come from existing EU funding programs, and the initiative is expected to unlock over 10 times more private investment, contributing significantly to Europe's AI landscape. And European regulators are scrutinizing DeepSeq due to concerns over its data practices. This follows Italy's decision to block DeepSeq's chatbot

[00:06:52] for lacking transparency regarding personal data usage. The European Data Protection Board, or EDPB, has noted that regulators in France, the Netherlands, and Belgium are also questioning DeepSeq's data collection methods. The board has established a quick-response team to assist national authorities with these sensitive issues, reflecting Europe's commitment to enforcing its general data protection regulation, recognized as the world's most stringent privacy law.

[00:07:19] President Trump has initiated widespread cuts to federal cybersecurity programs, resulting in the dismissal of over 130 employees from the Cybersecurity and Infrastructure Security Agency. The move has raised alarms among cybersecurity experts, with some warning that the changes may pose a greater threat to U.S. information systems than foreign adversaries. Why do we care? Europe is showing it won't be left behind on AI and is part of a broader push in Europe to develop local AI infrastructure

[00:07:49] and reduce reliance on non-European technology providers, reflecting a growing emphasis on digital sovereignty. Europe's GDPR-first approach will drive demand for compliant AI services, making privacy a key differentiator. Is the U.S. making itself less secure at the same time? Federal budget cuts may shift security responsibilities to private firms, creating business opportunities but also new risks.

[00:08:18] Sentinel Blue and MSSP wrote an update to the CMMC standard I wanted to highlight. The company announced that it successfully passed its Cybersecurity Maturity Model Certification Level 2 assessment in January 2025, marking a significant achievement in the implementation of security controls designed to protect government information. The CMMC program went live at the end of last year, transitioning from a draft to an active certification process, with the majority of discussions focusing on Level 2 compliance.

[00:08:47] While certifications are not yet mandatory for Department of Defense contracts, companies are advised to prepare in anticipation of future requirements. Let's quote a passage. In my previous post, our expectation was that MSPs would need to be CMMC Level 2 certified to support clients that have a Level 2 certification requirement. That is no longer explicitly true. MSPs, who are part of a broader definition of external service providers, or ESPs,

[00:09:16] can be included in the scope of a contractor environment and should expect to be assessed as part of the contractor environment. So while you may not need to get certified, you will be expected to participate in assessment and explain how the tools and capabilities you provide to your clients is implementing some or all of the security requirements. But while you technically don't need a certification per the contract rules, I would advise you to pursue your certification if you want to operate in this space.

[00:09:44] So far, seven weeks into CMMC 2 Level 2 certifications beginning, I have seen about eight companies announce their certification. More than half so are MSPs. Straight up, your competition in the market is going to have certifications, and they are going to use that as an advantage over you in the sales process. It's a demonstration of the seriousness with which we take the program, and also serves to demonstrate we know how to get companies through the certification.

[00:10:10] The higher quality clients will recognize this and opt to work with MSPs who have the certification. And in my perspective as a C3 PAO, there's potential for so much more smoothness and confidence in an assessment when the involved MSP has their certification. End quote. Why do we care? MSPs may not be required to hold CMMC Level 2 certification, but those without it will face an uphill battle in the market.

[00:10:37] Expect certification to become the norm, not the exception, for any MSPs serious about government contracts. Today's episode is supported by Huntress. Most cybersecurity solutions are built for massive enterprises with big budgets. Not Huntress. They're the fully managed cybersecurity platform built for all businesses, not just the 1%.

[00:11:01] Huntress purposely builds security solutions like EDR, ITDR, SIM, and security awareness training to equip their team of elite threat hunters to handle the heavy lifting of security for you. When threat actors strike, Huntress' 24x7 Global Sock shuts them down before they're even on anyone else's radar. But they do more than just chase alerts. They lead the charge in industry research and knowledge, bringing expert protection and peace of mind.

[00:11:29] That's why users on G2 rate their EDR number one for growing businesses. To see how their expert threat hunting team gets the job done, visit Huntress.com slash MSB Radio. Thanks for listening. Today is National Pistachio Day and International Tongue Twister Day. I'm not doing that one. Nerdy Ocon will be held in Palm Springs, California from April 7th through 9th. Visit NerdyOcon.com to learn all about it.

[00:12:00] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too. If you want to support the show, visit patreon.com slash MSB Radio, and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech.

[00:12:29] Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video, to question at MSPRadio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story, put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit MSPRadio.com slash engage.

[00:12:56] Once again, thanks for listening, and I will talk to you again on our next episode. Part of the MSP Radio Network.