Platform is the Plan at Ingram Micro

So yes, former Kaseya CEO Fred Voccola has a new title for the first time in a decade. And no, I won’t be addressing that surprising development here because I know nothing more about it at present than what Kaseya said in yesterday’s press release. Assuming I get a chance to discuss it with Voccola at some point, I expect to have something new to share later.

In the meantime, I want to discuss another significant title change announced this week involving Sanjib Sahoo (pictured center), formerly Ingram Micro’s executive vice president of global technology and chief digital officer and now president of the distributor’s Global Platform Group.

Ingram announced the change on Wednesday, which was fortuitous for me, because I was in Orange County this week (several dozen critical miles away from the fires razing a city I grew up in) to attend 2025 planning meetings for the consultancy I help run. Being in the neighborhood gave me a chance to spend most of yesterday in briefings at Ingram’s Irvine, Calif., headquarters.

I came home with a ton of insights and too little time to articulate them all before today’s post, so consider this a down payment on further coverage to come. For now, I want to say a few words on what Sahoo’s promotion suggests about Ingram’s competitive strategy, and how that strategy connects with larger industry trends.

Actually, I want to focus on one especially significant word in Sahoo’s new title, and it’s not “president.” It’s platform. You’ve read about platforms a lot in Channelholic, most recently just before the holidays, because they matter a lot to channel partners who want more tools with tighter integration from fewer vendors, and therefore matter a lot to vendors aspiring to offer those tools. This is why Kaseya talks a lot about platforms, as does ConnectWise, CrowdStrike, Palo Alto, and many others.

Ingram Micro is betting big on platform too, as CEO Paul Bay (pictured above left) made clear during a conversation yesterday. Xvantage, the next-gen platform explored here in depth before, isn’t just part of the plan Ingram has been pursuing for the last three years to grow revenue, profit, and CSAT. It pretty much is the plan.

“We’ve been very focused on turning into a platform company,” Bay says.

Powered by about 29 million lines of code, over 100 custom-created AI models, and 30 pending patents, Xvantage is designed to bring the kind of seamless, mobile-friendly experience familiar in business-to-consumer settings to a business-to-business setting. Developing the system required a lot of investment on top of the roughly $600 million Ingram spent in the previous decade building CloudBlue, the platform underlying its cloud business and a key Xvantage enabling technology.

Ingram’s aim now is to begin collecting on those investments, a fact reflected in the newly expanded organization Sahoo leads, which includes both the platform developers he managed before and a whole new team of business strategists and marketers tasked with helping Ingram partners capitalize on Xvantage’s money-saving and making capabilities.

“That’s why we call it the global platforms group and not the digital group,” Bay explains. It’s also why Sahoo’s business card now says “President,” a title that elevates him on the org chart beside the regional presidents directly responsible for realizing the company’s worldwide P&L goals.

“All of them sitting hand in hand,” Bay says, “validates and reiterates the importance of what we’re doing as a platform company by putting our customer in the middle of everything we’re doing.”

Xvantage gives Ingram more time to focus on the customer (i.e. partner) by automating formerly manual processes that consume a lot of labor, Bay continues. The company fields about 2.4 million order status queries a year from partners in the U.S. alone, for example. Giving partners self-serve access to real-time, round-the-clock order info positions Ingram to discuss go-to-market strategies with partners rather than when they can expect those routers they purchased to arrive.

“We can free up our organization, and more importantly our customer’s time, to be able to go have a conversation with the end business on what’s important to them,” Bay says. Which at a time when partners are ruthlessly consolidating vendor relationships is what Ingram believes a distributor must do to earn partner loyalty.

“Pick, pack, and ship used to be the value that distribution gave. Credit limits and credit capacities. Having availability of billions of dollars of inventory on a global basis,” Bay says. “Those are all table stakes now.” What vendors and resellers really want is someone they can collaborate with on new opportunities.

“They want a business partner,” Bay says.

Xvantage and the millions of lines of artificially intelligent code it runs on, he believes, will enable Ingram’s flesh-and-blood people to be that partner.

Thanks for reading Channelholic! Subscribe for free to receive new posts and support my work.

Compliance as a service is a heavy lift

According to Canalys, managed services revenue was up 11% worldwide in 2024. That’s a good healthy double-digit figure and well north of the 7.2% that Gartner says IT spending of all kinds grew.

And yet it looks downright tepid compared to what Canalys says was 66% growth in global spending on compliance services last year. “From government regulations to more sector-specific requirements, as well as IT and supply chain compliance, and cyber insurance rules, customers are swamped,” writes Canalys analyst Robin Ody in a report posted late last month.

Even small customers, adds Brian Hubbard (pictured), president of Evolved Cyber Solutions, in Ellicott City, Md. “Every aspect of a small business’s life is being touched by some kind of compliance issue at this point,” he says.

By Hubbard’s estimate, well over three-fourths of MSPs don’t offer and aren’t much thinking about offering compliance services despite that fact. Which is just fine by the 25% or so of providers who are doing compliance and who tend to be among the fastest-growing 25% of MSPs too, according to N-able CEO John Pagliuca.

“If you want to be that upper quartile MSP, you’ll need to embrace this and figure out a way for your customers to embrace it,” he told Channelholic in a conversation last October.

And yet, for reasons I wrote about last July and that compliance vendor Apptega quantified last June, embracing the compliance opportunity isn’t as simple as a lot of MSPs wish it was.

“They want to bolt it on to their existing services as something else they sell,” Hubbard says, and the unfortunate truth is they can’t. “There’s an investment required.”

Not just in compliance management tools either. Ultimately a tool is a tool, whether it’s a robust, MSP-friendly governance, risk, and compliance (GRC) tool from vendors like Ascent Portal, Compliance Scorecard, Ostendio, and the aforementioned Apptega or a wrench. Used appropriately, a wrench can be extremely useful.

“But if you think the wrench is going to turn itself, it’s just not,” observes Jennifer VanderWier, who’s CEO of compliance best practice specialist Vandy Advisors.

That takes people, and so does delivering compliance services. Except that teaching or hiring people to do compliance costs a lot more than teaching someone to turn a wrench, as VanderWier saw firsthand at F1 Solutions, the MSP she sold just over two years ago to big-time managed services rollup Meriplex.

“Over a three-year time, it probably cost us about $400,000 in time, expensive humans, licensing, training, sending someone off to a camp, that kind of stuff,” she says. That’s a whole lot more than many MSPs want or can afford to spend.

“It’s a heavy lift,” VanderWier says. And while partnering on a white label basis with an MSSP or other company can ease that lift, it won’t eliminate it.

“You need to make sure, when you’re doing that, that those people are doing the job the way they’re supposed to be doing it,” Hubbard notes. Hearing little from a compliance outsourcer could mean they’re doing a bang-up job for your clients, but it could also mean they’re too inattentive to notice a bunch of costly potential problems.

“It’s not fire and forget,” Hubbard says.

To help would-be compliance service providers navigate challenges like that, Hubbard launched a non-profit called MSPCyberX just shy of a year ago.

“Think of it as one big giant peer group,” he says, with about 230 members so far. “Some of them are just getting started and they know that their clients need this and they don’t really know how to tackle it,” Hubbard continues. “Some of them are way down the road.”

Hubbard is currently fleshing out a 12-step program MSPs can embrace to move down the compliance road themselves. If you complete it and are truly ready to do compliance right, he advises, “sell the heck out of it.” You’re basically a unicorn.

Follow Me on LinkedIn

Clearing the GRC intention barrier

By extension, providing compliance services isn’t for everyone. And yet at the same time, it kinda is. If you’re not at least keeping clients compliant with the CIS standard’s 18 most critical controls, how safe are they in your hands? And how understanding will your clients be when something inevitably goes wrong?

“The customer may think you’re already doing this stuff for them,” Hubbard notes. In other words, MSPs and everyone else in the channel are in the compliance business whether they like it or not.

“We’re all in it,” observes Matt Lee (pictured), senior director of security and compliance at marketplace operator Pax8 and (like VanderWier) an MSPCyberX board member. “Everybody has to be in GRC in some form or fashion.”

At least to the point, he continues, of preserving six years (in the case of HIPAA, among other laws) or seven years (in the case of Sarbanes-Oxley, among other laws) of records verifying that they had antivirus and encryption on all of the end user devices their contract says will have antivirus and encryption.

“Everyone should have some way of showing and proving what they say they’re going to do,” Lee says. Most MSPs, however, can’t be bothered to clear even that embarrassingly low bar, he adds, and cost is not an excuse.

“I’ve got friends who do all this with Word documents and Excel sheets,” Lee notes. “Don’t say there’s a cost barrier. There’s an intention barrier.”

Share

Speaking of compliance…

The latest episode of the podcast I co-host features an extended and eye-opening conversation about CMMC with compliance guru Mike Semel, of Semel Consulting. Check it out on episode 57 of the show here.

Also worth noting