NinjaOne has appointed Mike Arrowsmith its chief trust officer.
The position, a new one for the IT management vendor that reports directly into CEO Sal Sferlazza, underscores the importance of trustworthiness for companies like NinjaOne at a time when threat actors are increasingly training their attention on RMM solutions and the companies that use them.
“Making sure everything that we put into our product meets a certain standard is literally paramount issue number one,” says Arrowsmith.
A veteran most recently of oncology biotech firm Guardant Health who spent over six years before that at data analytics vendor Splunk, Arrowsmith will now be responsible for both the security of NinjaOne’s growing product family and the integrity of data within those systems in a position that combines the duties traditionally assigned to chief information security officers, chief privacy officers, and chief risk officers.
“The idea behind the chief trust officer role is really to bring all of those elements together in one functional group that can report up to the executive leadership and the board to be able to provide confidence back into the customer base,” Arrowsmith says.
Arrowsmith’s hiring comes at a time of rapid growth for NinjaOne, which saw revenue climb nearly 75% in 2021. The company added documentation and ticketing functionality to its flagship RMM solution last year as well, shortly after rolling out a backup solution in 2020. It currently supports over 7,000 organizations with more than 3 million endpoints under management.
Keeping security standards high amid such conditions is a difficult task, notes Arrowsmith, who has experience tackling that challenge from former posts. “We saw some of this pain at Splunk,” he says. “Shifting from an on-premise software delivery model to a SaaS service all while trying to maintain 30% year over year growth is not an easy feat.”
High-profile supply chain attacks on IT management systems from SolarWinds and Kaseya, along with a more recent breach of Zoho’s ManageEngine solution, have created what Datto CISO Ryan Weeks recently called a “crisis in confidence” among MSPs. Indeed, 53% of MSPs don’t fully trust the vendors they work with to secure end users, and 49% don’t completely trust their own ability to keep customers safe, according to data published last fall by Acronis in partnership with ChannelPro.
Datto is one of many RMM vendors, along with ConnectWise (which announced a new CISO yesterday) and Kaseya (which did the same last October), dedicating more money and attention to security and data privacy as a result.
“Security is one of those few things that I don’t believe you’re ever perfect at,” Arrowsmith says. “You continue to iterate. You continue to try to implement additional controls with the guise of being able to limit that potential exposure when and if it does happen.”
NinjaOne was known as NinjaRMM until last October. Its new name reflects the company’s ambition to provide a complete set of integrated managed services solutions instead of RMM software alone.