Paul Redding of Ostendio

[00:00:01] Hello ladies and gentlemen, this is another edition of the MSP Initiative MSP talk today is July 23rd 2024 We've been off for a week We've been bouncing around the planet preparing for things on the other side of the year here

[00:00:18] Which we'll talk about like literally right now because the year is going to quickly Speed up on us and we'll be in like the thick of what we like to call conferences in an IT MSP land So without further ado some housekeeping MSP initiative

[00:00:33] Dot com this is where we pretty much like to park most of the things that we do So for example, this session is being recorded and you will find our podcasts youtube video audio versions of all of these sessions under sessions

[00:00:45] On the MSP initiative dot com website is including our youtube page and our podcatcher like subscribe forward download All that good stuff. It is all there MSP community minds we did one of these in Nashville early year

[00:00:59] Actually, our inaugural one was last year in Denver and we are coming back To Denver at the end of September, uh, September 25th and 26th. Actually, this is two days Absolutely jam packed with real actual educational content. You'll see the schedules posted and all of our MSP panelists

[00:01:17] That's right people like you have figured things out that maybe you haven't Why not hear from the people who are actually doing the work? Not the people who are going to imagine what your work is and then tell you what they don't know

[00:01:29] And then we have workshops with other industry experts who are going to spend a couple of hours with you at At a time and actually work through something rather than pitch you on an idea and ask for a credit card swipe at the end

[00:01:40] And you actually got nothing other than a commercial. So check out MSP community minds Now there's a lot of people in the sandbox that are trying to shift the direction of events

[00:01:51] We are just one of the many and this is our effort to help bring actual real legitimate information that can help you shift Change adjust or maybe you just walk away from this knowing that you're doing everything right

[00:02:05] I don't know about that, but we'll see it's always room to improve then We have the remaining MSP community block parties for the year We've got a couple coming up literally around the corner it nation australia

[00:02:18] So if you're going to be in sydney at the end of august, well, we're working with the connect wise team We are holding our event On the beginning night of the it nation conference in sydney. So

[00:02:30] Check out the which will be the 21st by the way august 21st You can register ahead of time now whether you're an msp or anyone but an msp You can see this registration page is there. Thank you to a bunch of our sponsors who's more coming

[00:02:43] But that is around the corner then we go right into Machine gun conference season. We're working with the dado kisei team We'll be doing a block party in conjunction with dado con miami second night of that event

[00:02:57] So go ahead and that'll be october 29th by the way in um south beach So check that out. We are working. We'll actually believe be on site with the kisei dado con team So you don't have to even get too far off the property there and then

[00:03:15] We were just there last week checking out some some venues for you. We're headed to germany Berlin germany that is with our friends from pax eight So if you're headed to pax eight beyond germany, we'll be working with them again

[00:03:28] To do one for the first time in a new country. So have some cool and exciting options that we look through Um, I think everybody likes the beer concept. So uh, don't worry We'll have something really good for you there

[00:03:41] Then we turn right back around and these are a little bit out of order But we'll be going to connect wise it nation again for the I don't know eighth year in a row

[00:03:50] And we'll be bringing some sort of musical entertainment. We've already gotten some votes from you guys on social media Thank you for helping us kind of pat chart our course a little bit and we'll be uh, hopefully announcing our radio

[00:04:02] Recognizable band like we do every year third time in a row first. It was all american rejects Then it was the combination of better than azure sugar ray and tonic who for this year

[00:04:12] Stay tuned and then a week later. Uh, we'll be headed finally to close out the year Back to sydney Almost like you know where we started um for kasey datacon Australia which will be november 12th To the 13th there uh in australia

[00:04:31] So that's a lot of things to do in a small period of time you can find all of the stuff I just went through including where to register ahead of time on their community block parties on msp initiative.com and uh

[00:04:45] By the way, just a reminder if you're an msp costs you absolutely nothing Yeah, this is for you right celebrate the community. So How about a hook up there? Right? I mean, that's what these are. Um

[00:04:56] Community offers are listed if you can take advantage of them great on the web page and then lastly industry calendar which takes us I mean for the last six months of the year all the way until december

[00:05:06] You can check out all the stuff going on there and uh, that is the housekeeping at msp initiative Dot com well This is not a stranger to msp initiative This person's been around since the early days of the even the concept of what msp initiative was

[00:05:23] And I believe he you know has thousands of miles logs on a tour bus or one of many tour buses around the country with us Welcome and back good friends Paul redding. How you doing today paul?

[00:05:35] Doing well george. Thanks for having me man. Good to see you. It's been a minute. It's been a minute I'm just I haven't like flashbacks of all of those bus stops including the ones where we left people on the side of the road by accident

[00:05:47] I still wish I'd been on the one with kin with ken where he ended up getting poured on In the pouring rain. I wish I'd seen that one. That was if you recall that was the one where I was too smart to ride with

[00:05:58] You guys that was the first time I just said no, I'm not riding from denver to phoenix I got off and got out of plane flew by myself in first class because of covet right Like had a mask on it was the only person up front

[00:06:10] You guys were uh leaving kim Patterson on the side of the road to die Somewhere in the desert. I mean we did eventually get him I mean he wasn't completely stranded but for a minute there. He got a little wet. That's for sure. Yeah

[00:06:24] Then there was another stop where everybody got stranded except for that's right. That's you it was you me aleg like all of Pete everybody stuck. I'll tell you what we may never it may never oh knock on everything

[00:06:38] let's hope we never have the pandemic in our lifetime, but um That that made that may have been a one in a lifetime experience. I think I think I hope so. Yes

[00:06:48] I hope so there were there were positives or negatives, but it was definitely something that I'm glad we did it though I will I will tell you this it's funny man. You know years later you look back on it and laugh

[00:06:57] We have lots of great stories to tell but people still bring it up People still talk like you you'll run into people and they're like wait I know why I know you you were running around in the pandemic in a bus. Oh, yeah. Yep. That was us

[00:07:11] So, I mean I think it was it was and you know something else man Is we talked about a once in a lifetime experience Now you travel even more than I do right like you guys are going all over the world

[00:07:22] But you see the whole world in the country and everything from from an airplane Yeah, really think about it like 99 of the time It's the destination that you see nothing along the journey unless you're that one

[00:07:33] Jackass on the plane that's got to leave the window open at 6 a.m You see nothing the whole way right it was different seeing the whole country from a bus You know like just all across the country we saw I mean It's about every market. Yeah

[00:07:48] Cool areas of the country that are flyover for sure Yeah It was it was uh, definitely neat So, uh, so where is the next place? I assume we'll see you in uh, Atlanta next week I think alex actually headed down there. So you see him down there

[00:08:04] He's actually actually the topic of the day. We should not skip over He's in the middle of trying to get himself down to Dallas right now for roar con But apparently, you know the one airline that apparently is discombobulated while everybody else seems to be

[00:08:18] I don't know. Okay is you know, mr. Delta Mr. Delta all sorts of jacked up and I'm like why like spirit airlines never stop southwest is still running Frontiers, you know, you know on time. Why why is delta jam?

[00:08:33] I guess the three you just named or probably like that name I sent you the other day They're running on like a commodore 64 sitting in the basement somewhere Hey when there's 3.1 and when there's 95 south

[00:08:44] Yeah, you know what for all the crap southwest got like six months ago. They sure as hell looking at everybody now saying What's up, man? It's going on It's gotta be some weird conspiracy though that 80 percent of the channel was like home during the worst of this

[00:09:02] You know what I mean like there it's it's of all the people we know that travel for a living I know very few folks right now that are actually stranded somewhere

[00:09:11] Whereas I mean what are the odds that you me alex like, you know, we're all sitting at the house watching this happen In all fairness. I was um, I was in Dublin. So I was right. I did berlin london dublin home

[00:09:25] uh in like five days, you know typical george and um I was in my last leg. I was at a pax eight thing in uh in dublin I was taken, you know their version of cheapo air, you know, you know

[00:09:38] Aerolingus, which you know pretty much is their version of frontier. That's my equivalent and like Yeah, we were starting to get all these notifications Like I started seeing all these news articles popping up. I'm like, hmm. What's going on here? Everything's running on time. All right, cool

[00:09:53] Get to london. You know, you flip you're going in between terminals and like scaredy guys like uh gotta hit the check in with the united desk I was like, okay good united desks are like, um

[00:10:03] Have you checked in already? I'm like, yeah, I got a boarding pass everything's okay. That's good Um, because if you didn't have a boarding pass, you know, you'd have a problem. I'm like, oh He's like, yeah, we'd have to hand write you one. I was like, what what?

[00:10:17] I was like, okay. Well here it is. So like, all right, go ahead keep going so I want to get to the gate is when they're like, all right

[00:10:24] There's delays, right? Because the planes in front of my plane were backed up and then at the end of the day It was like a two hour delay which wasn't horrible No

[00:10:32] Watching the you're watching every news screen, you know at that point bbc was what they were running in the airport Surprise surprise and they were just like going from country to country to country to country to country to country to country

[00:10:41] You know and like all of a sudden A company that we've heard of for a long time, right? Because we're in the sandbox and technology land but like from a Every day just just said call it a traveler person sitting at home person turning on the news

[00:10:57] They would never have known the what the word crowd strike meant Right and now they do Like think about how like think about how much air time That word got in 24 hours And now the ceo's going to testify in front of congress

[00:11:16] I mean, I just saw that today like they've already called him in Like not surprised you took down The entire travel industry you took down like government agencies like you took down mega companies all at the same time It was like 8.5 million devices at once

[00:11:33] I uh, I so i'm flying to phoenix with my family on uh It's thursday this week and we're hoping that it's All clear. We're just you know because you know me delta guy

[00:11:44] I'm i'm waiting patiently for delta to get it together. I uh right now. I can't see I can see my reservation, but I can't see theirs And I can't make any changes or cc or any of that stuff like that's all never neverland

[00:11:59] But I have a reservation and he doesn't say delay doesn't I would say You know, uh, you connect with your buddy mr. Stanners the other mr. Delta and he'll tell you that

[00:12:09] I think his flight for next week in atlanta is also delta and that he thinks that's already in trouble So I don't know really all I can tell you is I don't know why every other airline seems to be

[00:12:19] You know pretty much running more or less. Okay, but not delta delta seems to be in the quicksand So what I read is that they uh, delta lost the system that Handles their people like the actual staffing as well as the planes

[00:12:34] So once the planes are back up now, they can't find their people and nobody knows where anybody is But yeah big mess i'm i'm crossing my fingers that we're getting out of here My son's supposed to be competing in like worlds for taekwondo and and wow

[00:12:47] Yeah, it would be a real bummer if none of this can make it well Can we go back to the to the line right like nobody ever gets fired with going with the big man on the block

[00:12:56] Like at one point that was like hey like I remember one deal I was working on they're like, oh well We're going sysco. I'm like it's 40 percent higher and they're like, oh, but we never get fired for going sysco And i'm like, okay, but like

[00:13:08] This is the inverse you went with the big guy you went with the Yankees and and You got hurt because of it You know nobody wants the ambulance chase right and and therefore I think most vendors are being

[00:13:22] That are in that security space or being really careful about what they say And I think crowd strike you and I both know it's a fabulous product. It's been around for a long time They're definitely one of the top ends of the security world

[00:13:34] But I mean dude if it's what everybody says it sounds like you had what is it really an unpaid intern that That pushed an update I mean it's at a certain point there's got to be a check and balance here and something was missing

[00:13:47] And I'm pretty sure once they get in front of congress, we're all going to find out what that was But I mean that's that's I mean look you were in it. You're you still have an msp

[00:13:55] I was an msp, you know, I can't tell you how many times somebody broke something with an update Now imagine like what happened with a bad outlook update on this kind of a scale That was a bad morning at crowd strike

[00:14:09] But like think about think about the worst possible day as an it service provider msp It's pretty much it like Every customer being affected at one time You are don't don't have enough resources and it's one of those things where

[00:14:26] Unless you were proactive and had some sort of lights out management or iLO or drak or some sort of You know bios or motherboard based remote access control to these machines you would have to touch every single machine Yep Could you like

[00:14:44] Think about the larger guys right the multi-state roll-up Adventure backed pe backed msp that have like 27 states 15,000 machine like how do you even like It's taking a month to get to all those

[00:15:02] Have you seen is that going to be the permanent answer is that everyone's got to be physically touched? I'm basically Oh so like

[00:15:12] Like am I like now like microsoft since come out and they've given you like something you can load onto usb or whatever and right but still like

[00:15:20] That's a that's not that's the worst case scenario right and like if you go back to your msp day paul msp days paul That's the that's the that's the one that says do i still want to do this like that's the one that gets you up and says

[00:15:34] This is not an easy business Now that's and and you know in the case of all the partners out there Again, it's a great solution. You made a wise choice. It's the big guy nobody gets fired for it

[00:15:46] But you put this there. This is your tool. This is the thing that you talk about This is why you go to your customer remember how you explain to them all the risks that have evolved and not having advanced cybersecurity tools

[00:15:59] And then advanced cybersecurity tools shut everything down I can't imagine the conversation you're having to have especially with You know the older demographic of business owner the guy that's 55 60 years old It's run the business forever. Didn't used to have to pay for it

[00:16:14] You just got him over this something you're having that conversation now That's that's a brutal week man. It's a brutal week There is some there is I mean listen, we're we're not that far out of this and still going on but um

[00:16:28] There's a conversation then right like your end customer didn't buy crouch strike You bundle crouch strike with your package or services to your customer Yep, so if the customer now says who's going to make me right Who is that? right Argument could be it's you

[00:16:51] So that's not a very comfortable place to be in No, I agree. It's counter argument is well. Hey, you know when the cloud is down and the internet's down It's not my problem amazon's down everybody's down. Okay. Cool. But like

[00:17:04] You like they didn't even know who crouch strike was you just you know use recommended it. Yeah, like you put it in there Um, somebody told me I don't know if this is true that crouch strikes msa was like

[00:17:16] Oh, we'll only reimburse you up to one month of your built us or whatever right like whatever that is Can't imagine that's gonna cover delta for I saw something I don't know if it's true

[00:17:28] I saw something earlier that said delta right now has lost 163 million dollars and counting. Yeah, I believe it I mean 63 million it's gotta be I mean by the time this is done If alex really worried about next monday and he knows something

[00:17:44] I mean like man you're talking a week of this. Oh my god I mean How much do they have to refund just that And then you know people that never fly delta again because and again the bad part is delta being that

[00:17:59] Why do we use delta because man they're a top-end company. They go with the best So they they go I bet they're all sysco shop too, right like I bet their network is 100 sysco all the way through Only the best for delta here we sit

[00:18:13] I guess there's a lesson there Another another bus goer peep pops and he says Do you see how microsoft is saying that the eu made them keep the kernel open due to antitrust?

[00:18:24] Had they not done that the kernel would have been locked down now the eu is chasing apple because of the microsoft issue So apple wasn't affected because of this issue. Not sure if I follow all of that and he says delta has cancelled 5.5 thousand flights Jesus, um

[00:18:39] Oh, here's what I can say There's going to be finger pointing there's going to be an investigation. I'm sure our class action lawsuit's already been drafted somewhere um But from an it industry standpoint The biggest global single outage recognizable and everybody's cell phone news and every you know

[00:19:03] Kitchen and and living room, right? Like that's a bad one. This one's gonna stick for a while like people are gonna remember this one and so Now you're gonna say was it it service provider msp like i'm not microsoft. I'm not craft check

[00:19:16] I'm not amazon don't look at me but like you got stuck in the middle of that and like uh Okay, he just posted a link Uh, eu rules may have indirectly amplified recent outage got it. I read through this in a second. Thanks Pete. Uh, but anyway, um

[00:19:36] Nobody's covering your overtime Like you actually got a I call it a shit sandwich, right? You got the big guy pushing down on you from upstairs You got your customer pushing up from downstairs and then you're in between

[00:19:49] So not only did you have to put all this additional time effort money out in order to remediate Which you're still probably in the middle of doing in some cases Now your customer's pointing to gonna you saying? Yep. So let's have that conversation now and you're just like

[00:20:03] Did you see the news Like what do you say all you can say is I mean it got everybody like I mean it got everybody using crowdstrike

[00:20:11] But then like I said they don't understand why you chose this product to begin with so now it becomes you made a bad decision But you know, I both know you didn't it could happen any

[00:20:20] I mean and here's the right reality it could happen to microsoft any day I mean microsoft's the biggest right and when it finally happens Are we gonna you know yell at all of our service providers for putting us in windows?

[00:20:31] You know usually what happens pa and like I know this is so cliche, but for everybody listening I know you're gonna roll your eyes in the back your head. It's like well if it's microsoft being down Then it's microsoft's and it's like, whoa, whoa

[00:20:43] Everybody else like the world is ending switch now, but if it's microsoft's amazon Amazon's microsoft. Well, it's amazon's microsoft It's good like like which interestingly enough Yeah, because I was in a five hours ahead time zone microsoft had like a massive azure outage like

[00:21:02] Six hours going into this crowdstrike thing before And so immediately all the marketing was microsoft microsoft microsoft microsoft and then all of a sudden it was like Crowdstrike and I like it took a hard turn and I was just like

[00:21:15] Huh are those two things connected? They're saying no, okay I was like that was two back-to-back things so like I can imagine microsoft Somebody at microsoft in the c-suite's probably like Right

[00:21:31] Like from a marketing pr step they did they were really weren't they really weren't affected it but like You know i'm not i'm not a finance guy, but if I pull up crowdstrike stock ticker. I'm sure it didn't go up

[00:21:41] It went down. Oh man. I mean and this is going to impact them for a long time This is one of those things where to your point in the beginning of the conversation

[00:21:49] The average person had no idea what that brand was you and I know and they got their one with the 50 foot tall gio at all the show Right, yeah Which that thing is badass, but I have to give them full credit for the 50 foot gio

[00:22:04] But now they are synonymous with the outage Now their name is mud as far as the average consumer and there's people sleeping on the floor in an air In an airline right now, you know an airport right now that hate crowd strike with everything in their soul

[00:22:19] And they had no idea who they were you know as of last week It's it's that it's you sometimes being the biggest guy in the room could be You know a good thing and sometimes it could be a bad thing sometimes choosing that top brand product

[00:22:31] But you know listen, I mean I think I think the thing that That's gonna be tough that the msp has got to get around is you're gonna have to have this conversation with the client

[00:22:39] And there's gonna be a very real, you know kind of come to jesus moment here where it's like man Nothing is perfect. This is why you know, let's face it. Look, hopefully you had really good backups

[00:22:51] Hopefully you were using quick restore products and you can get in there and get your systems back up Right like hopefully you took your image last night and you just shot it back up without it But that's not everybody

[00:23:03] And I hope that you're like, you know, you know, we're a fan of brad gross As one of the legal minds in our space, but I hope your msa is very well written

[00:23:11] Like, you know, you shouldn't be taking liability for microsoft for crowd strike for amazon, right? Like You know, you shouldn't and you can't afford to right like you should understand that all of the vendors and and you know

[00:23:25] Like the I don't know 40 of them however many it ends up being that you bundle into your service Like you should be making a clear to your end customer. Like I'm not rebranding microsoft 365

[00:23:37] That's microsoft and by the way, even though i'm invoicing you for what microsoft's saying that you're using their terms of service are here right like I'm not going to get in the middle of microsoft and you right kind of thing and unfortunately like if you didn't

[00:23:52] Have that set up properly and have your documentation proper and make sure your agreements spell that proper like You might be in trouble and I hope you're not but like and I hope that there's some

[00:24:04] reasonableness and and like a common sense conversation somewhere in all of it, but like It's where we are we're in a day and age where like somebody can sue because the coffee was too hot right like Well, you know

[00:24:19] The thing about it though that's that's really damning is that If you think about it All the way from the top down though, there's just a cascade of whole harmless Nobody accepts responsibility for this

[00:24:31] There's nowhere along that supply chain in which anybody says hey by the way, this should not work like I got you

[00:24:38] Nobody has that and so if you start at microsoft down to the tools that are used to secure it to back it up to make it communicate with other things

[00:24:46] The api connections all of the vendors in the way and the ones you work for i guarantee you if I read yours You've got to hold harmless in your vendor contracts

[00:24:54] Right so at the end of the day when you take a look at it, there's nobody willing to hold this hot potato It's what's wrong with cyber reliability insurance

[00:25:02] It's why so few of the claims get paid and it's why you can end up in a mess with something like this Matt lee talks about it all the time. You know

[00:25:11] Steal his thunder matt says all the time one of the biggest problems we have is it's just an endless cascade of Hold harmless So if finally when it gets down to the consumer If all the contracts are written right, there's nobody to sue

[00:25:24] Well, it's very interesting. You say that because Um, a lot of people are like, oh go put a claim in with your cyber liability or your business liability insurance And they're like it's not a cyber event Like we don't we don't categorize this as An event

[00:25:40] And it's not a catastrophe. It was a bad update. You're gonna fix it Take a stick plug it in or you do that. Yeah, but I have a thousand computers have to do that

[00:25:49] I'm glad you have such a large business. We're going to raise your insurance premium next year You know what I mean? Like that's it's kind of the wild west when you get to that stuff If when you look at what's going on with cyber liability insurance now

[00:26:02] It's unlike insurance for anything else in the world. Look if I have a car and I get an insurance policy on the car It is extremely clear under what circumstances that company is going to pay me It is extremely clear how much they have to pay me

[00:26:16] What my terms are what my liability is all that is like written in set in stone It's not that way with cyber liability insurance. They kind of get to write their own

[00:26:24] It's not regulated in the same way. You don't have consensus over what's supposed to be in these policies So now this this comes out to you know, you can have an incident from crowd strike

[00:26:35] It's not categorized as a cyber liability insurance issue. So is it can you put it on your business insurance? Was this a was this a catastrophe? I haven't talked to a business insurance expert yet, but there is the concept of

[00:26:52] Business interruption right like which has a little bit more of a broader Like something that could prevent your day-to-day operations from occurring right and like It's not standard. Like you would need to get a separate Like either section, you know or then them additional policy whatever

[00:27:11] But like they do offer such a thing Um, and maybe that would have covered it. I don't know but bottom line is it's not Stock and standard in every business liability insurance contract

[00:27:22] No, and I would be willing to bet you're right that most of the time cyber liability will not cover this It's not it's not an incident. This isn't an attack. This isn't a catastrophe nothing burned. There was no failure, you know um bad update

[00:27:36] Yeah, I mean so I'm sure this is gonna be talked about for a long time but it is literally like we're still feeling the reverb of this whole thing and and uh

[00:27:46] All of those people right all of those it departments, you know who who figured out how to get through this You know, you'll never get a pat on the back, but There to to those people I think there's an argument to be made that A well functioning

[00:28:03] You know proactive it team makes or breaks you right? Um Then you have the irony in the whole Windows 95 windows 3.1 southwest airline story where they're just like Let's go on guys. How you doing? I want to say I want to say it's

[00:28:23] Don't quote me on this as we're here on your podcast, right? But I want to say it was alaska air that had a hack in about 2015 2016 something like that And the result of the hack is that they went back to a mainframe

[00:28:37] And they were on that mainframe for like another decade, you know, like another like eight years And I think they may have been off of it now

[00:28:42] But you notice they haven't been in the news so maybe not but as I recall their solution was to go back to a mainframe because you know Can't hack it Not to jump industries altogether, but like The entire financial banking industry at least in this country united states

[00:28:59] Runs on as 400 Yeah, like just not it's an ancient technology, but it just runs and like every bank every stock trading platform every like when you get through all the layers of the new stuff is this like 45 year old system

[00:29:19] That's literally running in in the data center somewhere. Hopefully well well powered and air conditioned and like it literally it's hard to hack because it's not Reachable like it's just you know what I'm saying like it's It just runs

[00:29:35] I'll tell you a true story about that. So when I was in msp um, we had a division of my company that did like smart hands because we carried a bunch of aftermarket warranties for service systems much of data centers in Memphis back in the day

[00:29:49] And irs data center was here hilton had a data center here But the one i'm talking about was international paper and the first time I went there I had a hitachi like the old hitachi as 400 arrays. I had a hitachi start

[00:30:02] I was the only guy in shelby county that had one so they sent me out to like replace a part of this thing And you know, I was young this is I have no idea how long you probably 20 years ago

[00:30:12] and uh, I'm talking to the head of storage for for international paper and I realize how old this particular array is I mean this thing was sold there and I don't know 98 or something I mean this thing's like just ancient 94 now. He was 92

[00:30:27] Anyway, it's freaking ancient then and this is you know now 10 years ago 15 or I say almost 20 years So I thought it was old as hell and I asked the guy I'm like so, you know

[00:30:37] What is the plan to end of life this? When do you upgrade? Like when does this happen? He's like there is no end of life That's what what do you mean? He's like the world will end before we will turn this off

[00:30:48] He's like international paper if he goes out of business This will be the last machine in the building turned off and that will be the last light We have to have this part. We need to get it now

[00:30:57] It's like okay, and I that was the first time I ever really experienced what you're talking about where you start to realize That the big boys the really big ones are running on stuff with you know, green type on the black screen, right?

[00:31:09] They're going inside computers like 2001 to change our drafts I mean like we laugh about it, right? But like I think like jc pennies right with the black screen and the blink Like that's what we're talking about here

[00:31:22] Right like like a barcode scanner might work and a keyboard as it In a keyboard. That's absolutely and I'm telling you guys I could all day we can go through it

[00:31:32] Backed in the fAA had these remote facilities are way out and you would have to go swap parts and those Same thing man. I mean, you know hard drives that are this big like big handle on the side like 56k

[00:31:46] But it was so like yeah, we're all like we're all in an industry where like things are fast and furious and you know constantly changing bleeding edge all this whatever and like Then you got these guys on the other side saying nope if it ain't broke

[00:32:00] Don't fix it and let's just keep running on what we know works and you're just like that's a You know this past weekends. That's a hard. It's a hard argument to overturn Yeah, yeah in the current situation

[00:32:12] Yeah, I imagine there's somebody right now working in southwest going yep, so we'll just be staying on the old windows 95 Like and then like yeah as you go through all the forums and the facebook groups and like the discords and the reddits and all

[00:32:26] That's whatever people are like. Well, this is why you should you know come back from the cloud go back to on-prem and i'm like, um I was like i'm not saying don't have a dr. Platt

[00:32:36] I'm not saying don't have a hybrid approach and not have all your eggs in one basket, but That's a hard reversal based in the last 20 years Well, and I mean look nothing's perfect man

[00:32:48] So you move it back to your place and then the building burns down and you're restoring from a co-location across a Comcast circuit right so There's there's always one is you know the lesson of constraints right like there's always a constraint somewhere and nothing will ever be perfect

[00:33:04] Now that we've moved to a world where data is the most valuable commodity on the planet This is this is the world in which we sit right like now the question becomes How do you respond to a catastrophe like this? What can delta?

[00:33:18] How much do they have to spend to figure out what happens to you know prevent this in future? What kind of a failover is there if all your systems lock? What do you do? I would think less than 200 million dollars Yeah, yeah

[00:33:32] And like I said if they were at 163 when we started this conversation they're 185 before we get done Like this is It's a big hole in the boat that's that's pouring out right now Not you know you talk about delta. We talk about the companies and service providers

[00:33:50] Dude, there's a family right now just like yours of mine sleeping on the freaking floor in the Atlanta airport That's supposed to be having the time of their lives in disney work Now amplify that over and over and over again. There's somebody missing their mom's funeral

[00:34:04] You know what I mean? Like this is a this is the kind of thing when you talk about class action So hold on hold on I got the answer ready We'll let Chick-fil-A run it. It'll always run Hey, hey, well, I'll tell you what man

[00:34:17] If you can come to the Chick-fil-A by my house And take that same approach and figure out what they got going on wrong over here I would appreciate it because you know how it always runs like a machine. Yeah. Yeah, this one runs like

[00:34:30] I don't know how to describe it like this one is not a good machine Not a good machine That Chick-fil-A by me definitely runs like a machine. They know what I'm there and you know, it's all fun and games and

[00:34:40] You know, we you know, I'm sitting there, you know We're just talking talking life as my chickens coming out and all smiles and often away So they got it right but I'll tell you what Lessons to be learned security providers are just like everyone else

[00:34:57] And human beings are in the middle of all of it and um I know there'll be scrutiny for it. You know, just like hey, you know Like we've talked about supply chain hacks and all this whatever before but this wasn't a half. This was just straight up

[00:35:12] Defect, you know is what they said it was Well, you know, you talk about that and this is not to say that this is the case It's purely hypothetical, right? But Yes, a crowd strike an organization like that guarantee you that in their

[00:35:29] Uh user license agreements and all that you've got your hold harness, right? It absolutely has to exist But under certain circumstances gross negligence is still gross negligence. Sure. So when this whole thing shakes out Let's see how this really happened, right because one of the questions does become

[00:35:49] Really they pushed one update like Everybody in the world got the same package all at the same time They claim not all of their customers got it but 8.5 million machines would say a lot of them did and

[00:36:03] Like what is the you know, we we all we all get patch Tuesday questions all the time Right, like hey, do you test this before it comes out or you just have it on auto Right because we've had bad patch Tuesdays, right where microsoft puts out junk

[00:36:15] And then you're like what what just happened my whole computer's bunk and I gotta go reverse Right go back to like system restore and go a week ago or whatever right so like After a company that big like

[00:36:25] What what why didn't they test that before it went out? Right. You're like, what what was the failsafe there? What what missed to allow this to hit 8.5 million machines, right? That's the question I think it's gonna be really interesting to see and and I imagine that's the question

[00:36:40] That's going to be asked in front of congress whenever he gets there And you know what happens in congress. They just they don't say anything They don't want to yeah, they're not putting that out there. They're just gonna be like, uh, yeah, we'll look into it

[00:36:51] We'll get back to you. That's what it's gonna be Or at least that's historically what I've seen Well that brings us into uh, you're you're at you're at a new place Ostendio, right? um

[00:37:08] Why don't you hear a little bit about it paul for people who don't like the name The main might not be familiar fairly new, you know to some right tell us all about it So ostendio is a channel focused compliance and risk management solution

[00:37:21] Got about 300 total frameworks on the platform right now. So if there's a compliance standard that you're trying to chase Most likely it's in the ostendio platform including likes for example, you know, you talk about going to australia a lot

[00:37:34] There's a lot of different compliance standards that are operating down there from the essential aid to a bunch of others That are going to be a force we have all of those through a crosswalking mechanism within the platform um

[00:37:45] What's a little different about ostendio a couple of things one is we also have a full professional services and call it like uh cybersecurity Consulting service if you will for our partners. So a lot of msp struggle with compliance because

[00:38:03] The subject matter is complicated all of the answers aren't necessarily cyber security, right? So a portion of compliance is around cybersecurity But if you look at it the governance and control function of it gets a little bit in the weeds for some partners

[00:38:18] And the other side of it is it's a big project So a lot of times partners run into a client that has ignored them forever on all their cyber security needs

[00:38:27] But suddenly got a letter from their upstream customer that says hey if you don't do this by this date I'm going to stop sending you business. Well, suddenly this is a major priority for that customer

[00:38:40] And the msp is told hey, I need to get this done at any cost by like this day Yeah, and i've been telling you for months. I don't i've got somebody else's project going

[00:38:48] I've got whatever ostendio. We actually have the ability to reach in through white label, right? So you don't have to show the brand or any of that but we can bring in security consultants

[00:38:58] We even have auditors we can bring in and actually, you know build out your system security plan We'll do a risk assessment with you if you want or one of the biggest things partners use that for is to bring it in and say

[00:39:08] Hey, I did a risk assessment. What does this mean? And what am I supposed to put in place and the sendio can help with that So we like to take the you know look will help you track it will help you build it

[00:39:18] But we do take the approach that we don't expect everyone can just do this I mean, I've been in the compliance world for a long time at this point and one of the things I think that that I've come to realize is

[00:39:31] For everyone out there the msp can get it completely they can totally understand the problem But a lot of times it's a pure matter of resources, right?

[00:39:40] You just don't have the ability to throw all your resources at such a complex issue all at once and we try to help That's a lot of frameworks fall

[00:39:49] Dude, I can't begin to tell you what 300 frameworks would be the ones that matter over here about six or eight of them You know, so of course we've got rice Lee releasing an updated cmmc with spur scoring here in the next week

[00:40:01] We've got your HIPAA of course, you know FTC safeguards is one that we're building out a unique framework for but the other 300 it's funny because the Framing we use in the background

[00:40:13] We can map to just about anything extremely rapidly and then you know, you can actually see how our mapping lines up with the framework Yeah, I thought tracking sales tax changes across 50 states is hard 300 300 compliances and like Stuff changes all the time. I mean

[00:40:35] Well, it's gotta be difficult Well, this is the problem. I think you and I've talked about a lot before in the united states specifically Um in europe, I think iso 27,001

[00:40:46] Yeah, everybody thinks about gdpr when you say europe but I think iso 27,001 is really one of the core compliance standards maintained overseas Uh here we've got a few of them sock two you could argue is is is in a way

[00:41:02] Unified standard, but the problem is we don't have one We don't have the federal standard We don't have the government all coming together at once and saying If you're in a business handling pii you must blank, right?

[00:41:16] We'll have that and in its absence then you have all these different industries states cities municipalities even Everybody's starting to build out their own cybersecurity standard clients frameworks privacy standards And that's happening on a global scale because frankly none of us agree on it, right?

[00:41:33] Like what what is the one framework to rule them off? We don't have it Yeah, and if you're a generalist msp that services multiple end customers across the board

[00:41:45] Well, you're probably not visible right now depending on your size at some point that just compounds down the line because If these industries start getting you know, you know, one by one like a domino falling

[00:41:58] You know, you could you know within a couple of years. Let's say it all hits Yeah, it may force your hand on who you do business with well If you take cmmc for example It's one of the first of these that that's making abundantly clear

[00:42:15] That they expect the vendors involved in the supply chain to to adhere to this themselves I think there's Very few out there that would argue that an msp that is supporting a client that's going through cmmc tier two

[00:42:29] For example is not themselves going to have to achieve compliance with them from cmmc tier two I think that's going to start to continue across most if not all of these frameworks and standards

[00:42:39] You're just going to start to see it push downstream more deliberately like even hippa for example It doesn't clearly state you must be fully hippocompliant if you're a vendor in the space You must adhere to the security rule and those standards

[00:42:55] But there are certain things out there that you don't have to do exactly the same way as a doctor Those rules wouldn't really apply favorite, you know to to what you're doing, right? I think what we will see is some of these other framework standards

[00:43:08] FTC for example is one that can apply to anybody I mean it would be very easy to to say that anyone involved in credit card transactions at some point Is supposed to be PCI compliant But now you're involved in financial transactions. So you must be fdc

[00:43:24] I mean it would I've seen an example where a plastic surgeon needs to be fdc compliant Because they're actually helping people finance optional and elective surgeries Right. So fdc compliance applies to the auto industry, right? And everybody immediately is like, yeah, the fdc safeguards all about car dealerships

[00:43:43] No, it's about anybody involved in financing including the finders who line up financing So the right circumstances depending on what you do and you have 5 000 client records This can apply to you too. That's what we're funny enough

[00:43:58] And you almost forget about it because crowd strike is like all the new your age, but like less than a month ago we had Basically one of the top, you know, it's almost like the MSP industry, right? You have like

[00:44:10] big k big c big n, right? And like Imagine one of them, you know Getting hit on one shot and then it goes downstream, right? So like one of the big three in the auto industry cdk They were down for almost three weeks

[00:44:26] Are you talking about something like 15,000 I think Car dealerships auto dealerships whatever like and you know like remember there's there's businesses within a business within a business, right? Like the auto dealership is also a service department is also a parts company and like all of a sudden like

[00:44:43] It trick it creates an even bigger problem. So like interestingly enough that all happens And like it's almost like, you know You know every car dealership has you probably your security number and like your like think about pii, right?

[00:44:58] Like what do they have to do for you to process the transaction of buying a car, right? There's title information and state local federal, you know like VIN numbers Yeah, it's a lot of stuff

[00:45:11] One of the problems is as americans, we don't actually value our personal data as much as we should I don't know why that is there's a cultural issue with us that we're willing to give out

[00:45:20] Information at a much larger level than I think some other societies for example Americans tend to overshare on social media I don't think that's any any secret right americans will share just about anything about their lives in social media

[00:45:33] But it's also you're really fast to fill out a form and it says put your social security number here And put your driver's license over here and you're just like oh, yep No problem

[00:45:42] Let me go ahead and fill this thing out for you real quick people will shop for cars and will stay on the auto dealer They'll fill out a form at six different auto dealers While they're shopping for cars and you gave all of these people your information

[00:45:55] And what you just assume they're doing the right thing with that stuff on the back end That's why these compliance standards and these security standards are so important to get into place because The truth is we are oversharing on a daily basis. It's like protecting you from yourself

[00:46:11] Wow Let's not go too far since we started off on travel like how many times you put your passport into something passport number Oh, man, right? I mean it's well and you know, I travel I travel enough that I have lost a

[00:46:24] Wallet and a phone at the same time while I was on a trip So I have like a backup that's back in my room all the time. It's my passport card So something happens. I can get wherever I'm going, but I don't

[00:46:37] I don't keep that as safe as you think I would right like I don't treat it in my mind like the rest of my while Ah, it's my backup ID. Let me just back up ID. It's like you're

[00:46:46] Another form of proving who you are and now we're giving our face away, right? So when you show up at the detroit I don't know if you last time you flew through the Detroit airport But they've got facial recognition going at the Detroit airport now

[00:46:59] So where you're supposed to be able to like see on the screen your travel information when you look and I'll see mine But they're capturing your face in the beginning in order to do that stuff And that's going to expand but everybody just walks past he goes

[00:47:10] There's an opt out button right there. You can opt out You start wearing a mask, but oh yeah go back to the mass days If you glow um Yeah, no, I'm with you and like by the way, you're absolutely more

[00:47:25] You know hardcore about the privacy part and and you know, we've heard inklings of like california and other people starting to kind of Maybe going down that road, but Yeah, I mean like You know is we're in a different day and age

[00:47:38] We're gonna give up a lot of information almost instantly and you don't even blink twice So unfortunately when the bad guys get access to stuff like You know not to get nothing. I'm switching into shoes again. How about ticket master? It was like 135 terabytes of data and like

[00:47:53] Like one of the first articles I wrote for all your taylor swift fans out there was like Oh, well every barcode for every taylor swift ticket concert ticket is out

[00:48:01] And they're like what and they're like, oh but ticket master is resetting them so that you can't just show up I was like, okay. Could you imagine? Wow, whoever has the barcode first Could you could you imagine?

[00:48:14] Like did you hear like when the soccer finals were happening and like they went there in the miami stadium and like They just bum rushed the door and like the stadium was full

[00:48:22] But like all these people had tickets going to get it like imagine that at a taylor swift concert On swifty's tearing each other apart. I mean, I'd be a riot Not be hit. I mean so at the end of the day like

[00:48:37] What was the other one that got hit it was ticket master and then there was also um, There were like two or three big companies using what was it snowflake? Was the back end venham? Yeah, and I was just like oh

[00:48:48] I was like I use I use them and I use them too I was like, I guess I'm gonna get a whole lot of creek a free credit monitoring for a year

[00:48:56] Yeah, right now all of this have I mean if you didn't already right? I god knows when my life was called uh life life like my life locks Subscriptions got to be good for the next 10 years. It's been an issue by so many vendors at this point, right?

[00:49:12] Yeah, I mean, you know, so like they're like hey, we're not gonna prevent your identity from getting stolen But we'll help you restore it once it is like Once it's out there, we'll do what we can to you know help

[00:49:25] But I slow down the ease of use. I don't know what the you know the purpose is that it's an uncertain point It's kind of like, you know, it's kind of like dark web scanning right like dark web scanning is helpful to an extent

[00:49:37] Sure, I mean it's already out there. It's already out there. So by the time you see it it's been out there Yeah, 100 and so like at the end of the day like The the the bad guys of old have definitely, you know gotten smarter and

[00:49:55] Savvier and if anything You know, they've kind of grown with everybody else on the other side of the aisle, right? Like, you know, like the people who are trying to keep all your stuff running like we've been trying to get better over time

[00:50:07] So the guys on the other side, right? So Well, and it's it's a very similar industry, right? And in some cases sadly Some of the people that are on this side of the table or on that side of the table too

[00:50:19] You know, and that's that's one of the biggest problems. I know you've seen these as well You know, you look at the ads in the dark web and you see people that are advertising I want you to go get a job here

[00:50:29] That's the world that we're starting to move into right the the corporate espionage world starts to grow deeper and deeper and darker Is it we're moving into the world? Like, I don't know if you read William Gibson when you were young

[00:50:42] But uh, William Gibson, right? Most people are familiar. There was a movie called Johnny Mnemonic back in the day That's one of his short stories, but he's arguably the person that coined the term like cyberspace um super super super early stuff in the 80s, but uh, Gibson

[00:50:59] Viewed a world very close to the the time frame that we're in right now Where corporate espionage becomes everywhere from hacking to actually like corporate militias Operating independently of each other and you know, like corporate warfare. Dude, we're not that far off

[00:51:14] You give this another 10 or 15 years and I mean it's not unheard of for somebody Again jumping jumping again, but uh, so i'm watching uh mayor of kingstown some paramount plus Oh, yeah, sure sure. Jeremy renner in it. Jeremy renner

[00:51:29] And so like when you're the drug dealer and you send your guy to be the uh as a prison guard Right, he's your guy. He's in your organization But he's a prison like you got him to get hired as a prison guard so that he could

[00:51:42] You know, he has access right? That's what you're talking about. Yeah the movie the deported same thing Same concept right? I groomed you to be this person that's on the inside over here

[00:51:52] I need you to go get a job at google. I need you to get a job at microsoft So and you know background checks only go so far if you've never been caught you've never gotten in trouble for anything There's no reason to believe that's who you are

[00:52:05] It's great and that absolutely is happening Absolutely Wow That's actually scary. We're like we're now we're getting next level When you start most people don't understand that stuff

[00:52:16] I mean, I think you and I were at the same and we've seen this a few places where people take the ads They're on the dark web and show them to just average people and like understand

[00:52:25] I can you can go get a job as a ransomware engineer right now full benefits 401k KPI based performance reviews. I mean, it's though. It's a full corporate job With structure and you're the bad guy That's the part that people don't understand and not seeing it's a business

[00:52:44] It's a business. Absolutely Absolutely Yeah, well, I'm sure uh What was the movie I just saw on the plane two weeks ago uh with uh, Jason Statham Basically, it's like a scam center That's pe backs bumblebee

[00:53:03] The beekeeper there it is go watch the beekeeper. He's like basically it's like that It's like a pe backed scam center where they like call you up Get you to like, you know click on something on your computer like Microsoft support something like that

[00:53:17] And then they clear your bank account That is private equity back. Yeah I mean, that's if I don't know where the funding comes from but if you take a look at what's what's happening out there I mean, it's very organized and very corporate and

[00:53:32] Very well structured and it pays really well Wow, what do you want to be when you grow up? I want to be a bad. I want to be a bad actor I want to be a bad actor just like my dad. Well, I just like my dad. Okay

[00:53:49] Now now we've jumped the shark ball now we jump the shark So 300 frameworks, where do people get more information about a stendio and like what exactly your program looks like and maybe if they want to sign up

[00:54:02] So cool thing about a stendio for msp partners. It is a zero barrier to entry You want to sign up you reach out to us? You can do info at astendio.com Of course, I'm always p-reading at astendio.com But uh, we have a fully free partner program

[00:54:18] It gives you an internal license to track your own compliance So if you're working in healthcare, you can get a hip of compliance working in factories you do your cm mc It gives you a license that you can use to go out and do sales assessments meaning

[00:54:31] We don't charge you anything for at all. You can go do three risk assessments Go find somebody that's not a customer even do that assessment tell them What's wrong build your package and then sell the solution and of course like anything You know we have a subscription model

[00:54:44] Where as you track your clients compliance and as you work them through your compliance programs We're the thing that sits in the middle and you know provides all the proof of what you've done

[00:54:55] The evidence locker if you will to put all the evidence that you might use under audit And it's the place where your client can kind of track the project along with you So reach out to us. We'd love to have you on board. I hate ticket master

[00:55:07] I just saw Jen say that to everybody. That's I think right now. That's a very unpopular company company But uh, no we we we view it as one of the biggest problems in the industry is too many products

[00:55:21] Make the partner have to pay before they can get it downstream to their client and get it into the environments We we remove that barrier entry completely. So if you're curious come check it out It costs nothing at all. We'd love to get you guys on board Yeah

[00:55:36] Just trying to think Are we gonna make the next flight paul? Well, mine is thursday morning and as of right now I see no evidence to the contrary. So if if I do not I'm gonna set a reminder on my phone

[00:55:51] I'm gonna I'm gonna send you a message and see how that flight worked. Yeah 7 50 a.m. Central So I'll let you know and if it doesn't happen that I'm gonna have some really pissed off and upset kids So

[00:56:03] Is your dr strategy booking another flight on another airline just in case? It is okay. It is I've got american. It's really expensive, but I've got to hold on points

[00:56:13] The problem is I'm gonna have to give up the points which it's fine. I don't fly american anymore. Anyway I've been sitting on like a hundred thousand points, but yeah, I plan on going one way or the other

[00:56:22] I was gonna say it's definitely not spirit or frontier, right? Hell no, no, no, I will stay home We'll stay home. I'm good I'll drive. I'll drive Well, you know, that's the thing if I if I left right now We could drive but I have to leave

[00:56:39] Right now Like get out and walk out the door jump in the car. I'm not driving the Phoenix George I mean, we oh, that's right. You didn't do it. Oh, no, I don't I've passed on that already. I'm good

[00:56:52] I wouldn't even do it in a bus. I'm damn sure not doing it behind the wheel What you didn't have to drive That's what I'm saying. I wouldn't even ride. I'm damn sure I hope that first class with the mask was great. It was beautiful

[00:57:06] Am I every this one we recorded this session? We went all over the place But by the way, this is what a normal conversation between me and paul redding look like Yeah, what's in a bar on a plane

[00:57:16] Uh, we're all over the map but a lot of movie references and uh, a lot of travel talk Of course mine comes with security stops, but that's right. We have enough That is right

[00:57:29] This session was recorded. You'll find out mspin this ship.com under sessions on youtube on the podcatchers go back check out a stendia Which is spelled O S T E N D I O if you're listening dot com and um

[00:57:42] I'm sure you'll find me and paul out and about but it sounds like paul Uh, you are you you're gonna be in atlanta next week for uh Yep for comp here right uh for channel con so awesome

[00:57:53] Well, for everyone else catch you on the next one back to the normal schedule. Make sure to check out mspinship.com We've got all those events and block parties and all that cool stuff coming up And paul i'm sure we'll uh, we'll talk to you on thursday

[00:58:05] You'd see brother. All right brother