What's Up with Tech?

How NinjaOne Uses Data And Human-In-The-Loop Automation To Fix Endpoint Headaches

Evan Kirstel

Share episode

Interested in being a guest? Email us at admin@evankirstel.com

Patch Tuesday doesn’t just deliver updates. It delivers pressure. Suddenly, you’re staring at a mountain of fixes, racing to decide what ships now, what waits, and how to keep a single reboot from blowing up your entire week. In our latest conversation with NinjaOne, we dig into what practical AI actually looks like when you’re responsible for millions of endpoints and have zero tolerance for downtime.

Forget the buzzwords. We walk through how real telemetry, public sentiment signals, and human-in-the-loop workflows remove latency from patching, shrink rollbacks, and turn operational chaos into confidence. We also tackle a long-standing pain point: messy asset data. When your CMDB is noisy, everything downstream starts to wobble. Licensing, vulnerability management, compliance, and budgeting all take a hit. You’ll hear how AI can reconcile unstructured inputs and normalize device records to finally deliver a clean system of record without an army of spreadsheet warriors.

From there, we draw a clear line between smart automation and risky overreach. Full autonomy sounds great on paper, but legal and technical realities demand a pragmatic approach. We discuss a future where AI drafts the policies and packages while experts validate the results, allowing repeatable, low-risk issues to close automatically.

There is also encouraging momentum in the public sector. Streamlined FedRAMP pathways and growing reciprocity across defense impact levels are speeding up adoption and helping agencies move closer to private-sector velocity. Combined with budget pressure, this is accelerating the move toward a Digital Operations Center with centralized visibility, fewer tools, and outcomes you can actually measure.

We wrap with a look ahead to what resilience means in 2026. Think performance you can prove through deep instrumentation and a surge in mobile device management as tablets and phones become the new frontline. If you’re ready to replace ritual scream tests with data-driven confidence and finally align operations and security in real time, this conversation lays out a path you can start using today.

Check out the full episode, share it with the teammate who owns your patching or MDM, and let us know in the comments: what is the one workflow you want to see automated next?

Everyday AI: Your daily guide to grown with Generative AI
Can't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.

Listen on: Apple Podcasts   Spotify

Support the show

More at https://linktr.ee/EvanKirstel

SPEAKER_00:

Hey everybody, fascinating chat today with Ninja One, who are helping keep IT simple, fast, and sane with Egan. Egan, how are you?

SPEAKER_01:

I'm good, Evan. How are you?

SPEAKER_00:

Good to see you again. We last met uh in Orlando at the Gartner Expo. That was quite a blockbuster event for you guys. Um before that, maybe how would you describe Ninja One these days and your team and mission within the company?

SPEAKER_01:

Yeah, Ninja One really if if we want to boil it down into our essence, um you can think of Ninja One as sort of that next generation uh enterprise IT endpoint management solution. So taking things that I think historically have required a lot of legacy tooling and a lot of people and a lot of coordination and really simplifying it to the point that it can be owned and operated by a very small team at very, very large scale. Uh and really just trying to make an impact in the industry where there's been a lot of legacy um cruff uh accumulated over the years and just trying to change that for folks.

SPEAKER_00:

Indeed. And you guys are making you know a huge impact. Let's talk about the marketplace at the moment. Uh autonomous AI, AI agents are everywhere. Sounds great on slideware, but you guys are actually in the field helping clients. What does practical AI, if I could call it, that actually look like in the real world with real customers today?

SPEAKER_01:

Yeah, yeah, that's it's a great question, Evan. I I think that um we owe it to our customers to be very transparent, very honest about how we're applying AI to solving problems that they care about, as opposed to how are we applying AI to our marketing budget. Uh we see, you know, I mean, it's let's just be honest. You you see a lot of that across the industry, no matter what vertical you're in. Um it's a great way to attract uh investment and things like that. We have taken the approach with AI that AI is incredibly good at acting as a force multiplier, a race with technology, if you will. Um and it really lends itself very, very well to solving some very specific problems that have plagued uh the endpoint market for a long time. And so um kind of some of those key areas are around where we have applied them specifically, are around things like patch sentiment, right? Um it's patch Tuesday. There's a you know, a truckload of patches that get backed up to your front door and and dumped in your lap, and you've got to sort through those and figure out how you're gonna deploy, you know, how you're gonna push those out in in um rings and things. Um but I also want to know just sort of in general, how's this going? Um, not only how's it going across, you know, keeping in mind we've got 35,000 plus customers out there. Um, you're talking about tens and tens and tens of millions of patches being pushed out that we can monitor the efficacy and the success rate and those sorts of things. So we have this treasure trove of data that we want to um sort of make available and uh turn into knowledge for our customers. At the same time, we want to go out and harvest uh sentiment data from across uh the public, right? So there are lots of sources for that. Um, there's lots of places where people go and start complaining loudly when things start going wrong. And so we want to surface that kind of information in a meaningful way in very close to real time. That processing data at that scale and turning that sort of unstructured data into something meaningful for people is perfectly suited for AI, right? Uh, another great example is around um asset management data, uh, sort of the thing that has plagued um the endpoint world for decades. I mean, I can remember going back multiple decades um, you know, being responsible for software asset management in large, a very, very large organization. Uh, the number of times that it we we tried and failed to sort of automate that and ended up back with um clipboards and pencils, so to speak, um, more times than I care to count. Um, that sort of that data cleansing, making sure that the data you're collecting and putting into your system of authority, if it's an external system, a CMDB, something like that, again, very, very well suited for applying AI to solving that problem, as opposed to requiring an army of people behind the scenes to solve that problem, which is sort of what the industry's done over the years. Those are two very small examples. But if you can crack either or both of those um problems, you have just dramatically changed for the positive, the day-to-day life of the people responsible for those things in the endpoint management world. Um, so as we apply AI, we are being very particular and very pragmatic and making sure that it's not, you know, a sticker on a box, so to speak, that we're actually solving the problems that are um causing our customers a lot of pain. Um so hopefully that makes sense. If if there's anything in that that you'd like to dig into, I'm happy to I'm happy to talk about anything, man. I I enjoy talking about this stuff.

SPEAKER_00:

So uh obviously your enthusiasm is infected. Well, let's talk about where we stand today as you think about AI at Ninja One today in January 2026. Where is that line between helpful automation and kind of risky overreach? And where will that line maybe shift over time?

SPEAKER_01:

Yeah, I I think the the the industry as a whole is a long way from handing the reins to full automation. Um, you know, I as much as the next person hope that day comes, um, but today we can't. And it it is as much a technical limitation as it is a legal and liability limitation, right? You can't just um turn over control like that. There has to be a human and a leap loop for a lot of this stuff. Um and and that's true both for vendors, but also for the IT shops at large organizations or in government or wherever you happen to find them. Um so for today, I I think the the focus for the next few years at least is going to be on improving that race with technology, um, making sure that we take the things that are very, very time consuming, um, turn over the portions of those things that are sort of rote to AI, to full automation, and then having a human in the loop to validate, check the work, um, go back, tweak things, um, and then validate. And maybe you allow the AI to create the new policy or create the package that's going to be pushed, but you still have a human validating that. That's far, far less work. If you think about that, um, go back to that patch sentiment uh example that I gave. If you think about that from the perspective of the way we have done those things historically, we scream test, right? And you have a change management board, that change management board meets, you go, you do a scream test on your first push, you come back, um, change management board, everybody gets quiet, you listen, figuratively speaking, make sure phones don't start ringing and that sort of thing, right? So it induces this sort of latency. That's the sort of thing we can very confidently automate out of the process, right? What we can't do is say full end-to-end, I'm just gonna turn this thing over and AI is gonna troubleshoot it to completion and close the ticket. Are there situations where that might be true? Yes. If we see a problem and it's a repeatable problem and it has a very finite set of variables associated with it, those sorts of things, sure. Those are sort of the early low-hanging fruit that we can go after with full automation, and we're happy to do that. And and we are implementing capabilities to do that on a daily basis. Um, I think it's the the higher complexity issues, which are really, frankly, if if we're honest with ourselves, it's those high complexity things that um the highly trained staff sitting in in the IT shops should be focused on.

SPEAKER_00:

So brilliant. And you you have a unique background in the public sector as well. Tell us a little bit about that and why 2026 is sort of being labeled as a turning point in the public sector. What's happening under the hood in DC and elsewhere?

SPEAKER_01:

Um, so it's, you know, every every year is the turning point, right? Um, public sector, uh, for for as long as I've been involved in it, which is gone coming up on 35 years, um, public sector has always tried to increase that sort of public-private partnership around technology. Um, and each year they, you know, they chip away at the problem. It's a hard thing to do. Um, and I I do have a lot of of empathy for the folks in government whose job that is. I've been there, I've been in that seat, and I understand just how difficult it is because you have to balance politics and policy uh with progress. And that's that's it's just a really difficult line to tow. Um, what we are seeing is increases in efficiency that allow the the faster but still responsible adoption of new technology. Um and so you you on the DOD side, they have um what we refer to as impact level um authorizations, um, sort of a certification process, if you want to think of it that way. Um, I'm always hesitant to use that word because it is not a certification. And you know, if you're in that world, people are very adamant about that. But that's the closest analog that people in the private sector would understand as you go through this process to get sort of certified to operate at a particular impact level. Um, and that means that your your platform or your security as a vendor is good enough that government can adopt it, right? Um on the on the civilian side of the US government, um we have what's called FedRAMP. Um, there is reciprocity between those two things. It is, it historically has been an incredibly protracted, expensive, painful, difficult process that frankly has raised the barrier of entry so high in some cases that a lot of software companies just don't do it. Um it's too much. Um that's especially true if you put yourselves in the shoes of a startup. It that's a that's a hard pill to swallow to say, hey, I need you to invest$3 million in two years. Um, and then maybe we'll buy your stuff, right? We if you get in the marketplace. Um on the civilian side, they've done a really good job of streamlining that. Um, they have a new process that you can go through with FedRAMP. It's still sort of in beta right now, um, but it can take that down from a, I'd say, you know, if you wanted like finger in the wind average, take you down from 18 months to three to four months, right?

SPEAKER_00:

Wow.

SPEAKER_01:

Um, that's a big deal. Like that's a huge deal for a company um like us, right? Um, and any, frankly, any software company. There is some talk that right now that's for FedRAMP moderate. Um, they want to adopt that at the FedRAMP high level. There is some implied reciprocity between FedRAMP and impact levels. So, you know, federal civilian and federal uh defense. Um, and then there's also some some talk that the on the defense side that they may adopt a similar uh approach to the impact level authorizations. So uh a lot is still in flight. Um, you know, and not everything is fully detailed out. But I think the important thing is that we're seeing a tremendous amount of progress. And if you go back to that, the the timeline um compression that we saw with Federant Moderate under this new program, if that plays out across Federant Pi and and starts into lower impact levels and works its way up, that's going to be transformative for the US government. It's going to allow them truly to adopt new technology at a pace that's much closer to the way the private sector can, as opposed to always being a decade behind on things.

SPEAKER_00:

Brilliant. A hint of optimism here. Yeah. Something you don't hear talk too much about. Shifting gears. Um I've heard you talk about Digital Operations Center. This theme keeps coming up. What what problem is trying to be solved here? Is this a new name or are we really rethinking operations?

SPEAKER_01:

Um I'm not a I'm not a buzzword person at all. Uh and I I think folks who who know me know that. Um I I don't really concern myself with um sort of what's in the zeitgeist of marketing terminology. Um my marketing department is probably um, you know, wishes I would do a little more of that. Uh the reality is it it's very simple, honestly, Evan. It it boils down to budgets. Um we, everyone, we, um we the vendors, we the private sector, we the government, um, we the people, so to speak, uh have to find ways to operate more efficiently. Um anytime you can you can sort of centralize those operations. And that doesn't have to mean, you know, geographically, it doesn't have to mean um it can take on different meanings, but the more that we can centralize those kinds of operations and do the same thing that we have to do today with fewer resources. And those resources could be raw dollars, they could be systems, they could be um the number of pieces of tooling and platforms that we need to use to be able to accomplish the task or the number of people involved, the better, right? Like that is an improvement for everyone. The reality though is the what we have to accomplish isn't static. And I think that's the part that we have tended to miss historically, is we sort of pick a point in time and say, okay, how do I do this uh with less things, right? And once we get that figured out, it's like, oh, holy smokes. Um, in the meantime, we added 20% to that workload that we hadn't accounted for when we did this. So that if you want to think of it um in sort of the the way that I'm I'm thinking of it, it is how do we um have sort of a continuous approach to that? How do we look at what we have to do today, how that's going to change, whether it's regulatory or whether it's just the the realities of the world that we live in and the threats that we face and the way that um the end user environment is changing. And a great example of that would be if you go back, call it five years, maybe six years. And this is true periodically, right? You you and I have been around doing this a long enough. We've heard this multiple times. It's like, hey, the traditional endpoint is dead. Um, the traditional endpoint has been dead half a dozen times. Um, the reality is five years ago, if you look at the average number of nodes, endpoints, devices, whatever you want to call it per user, it was half what it is today. So not only is the traditional endpoint not dead, like it is now um fragmenting into more um sort of use case-specific devices, whether it be a laptop or a traditional server or a VM or a phone or a tablet or multiple phones and tablets, right? Um, those all change the calculus on what is the tooling we need, how many people do we need, that sort of thing. And so when I talk about this, what I'm saying is look, we need to consolidate um for today, but we also need that consolidation to work two, three, four, five years from now. Otherwise, we're gonna be right back where we were. Does that make sense?

SPEAKER_00:

No, it totally does. And it sounds like IT and security teams are beginning to sit down at the same table. Are you seeing that in the field? Uh is that a real trend?

SPEAKER_01:

It is. Um, yeah, I'll say we're we are narrowing that divide, I think. Um I I think back, you know, to 10, 15 years ago, the relationship between ops and security was once a month the security team would come by and drop a 300-page PDF on the ops guy's desk and say, here's here's all your deficiencies, right? Um, it's great that you just ran uh your monthly patch cycle. Here's all the things you didn't get, right? Um, and fine, yeah, like that natural tension is a good thing, but it's not tremendously productive to have sort of that 30-day cycle to making sure that we're secure because you never really reach secure in that way. So I think what we're seeing is as you reduce the lag time to detect and respond holistically, and that that can mean everything from patching to software distribution, software removal, right? Like there's all sorts of facets to that that blend between operations and security. Well, the closer you get to be able being able to understand and react to that in real time, the the more closely you need those two teams working together, right? Um, and so where I think really what we're seeing is a sort of a collectivism between the operations and the security side of the house is two distinctly separate teams still, but they're working more in cooperation and um orchestration with one another than they are at odds with one another, um, which is what we saw more a decade or so ago. So it's again, like it's it's wonderful progress. It's something that we should be celebrating and saying, okay, you know, what did we do right that enabled this and let's do more of that? And I think that's really where our focus is.

SPEAKER_00:

Brilliant. So resilience seems to be one of the key themes for this year as well, not just for organizations, professionals, uh, but but also for infrastructure and networks. Um, what does that mean in 2026? What are some of the key tenants of a resilient infrastructure?

SPEAKER_01:

Yeah, I mean, it it's it really boils down to understanding um uh, of course, what you have, which always sounds a little cliche, but we still struggle with it. So it if it's true, it's not cliche. Let's let's just, you know, let's be honest with ourselves. We struggle to understand what we have, what state it's in, um, sort of that that user experience impact of of those variables. Um the the way that you better enable um ensuring I'll I'll use the performant as a substitute for resilient here, right? Because as an end user, I view resilience as is this performant or not, right? Can I do my job? Are the tools that I need to rely on, are they working? Are they um working at the speed that I need them to? So that the tools that I'm using are not slowing me down. Ultimately, they should speed me up uh at best, but certainly not slow me down. Um that requires a lot of instrumentation. Um, and that instrumentation has to cross multiple um devices. And I'm I'm using the term device there very loosely because that device could also be a service, um, you know, a SaaS service of some kind in the cloud that your physical device is connecting to. At the end of the day, um, it's the you know, whole is greater than the sum of the parts scenario where I need that whole set of things to work in orchestration with one another and be performant so that I, as the end user, uh, can do my job and do it efficiently. And so from our perspective, uh, as a vendor doing what we do, that's that begins with instrumentation and discovery. And then that instrumentation is the data that we're collecting from that instrumentation needs to be turned into actionable information to the administrators so that they can then take the steps necessary to keep that performance level where it is. Ensure that it's good. If it isn't, understand why, and very quickly take action to remediate that. Um doing that's a lot easier than it used to be, thankfully for us, right? Um, the the challenges that we used to face as an industry, which were you know terribly underperformant networks, endpoints that were fully saturated, right? Things got faster over the years. And so now that speed and scale problem isn't so much the problem anymore. Now it's uh how how easily can I do my job? Right? I can communicate with the endpoints just fine. Everything's fast now, um, including you know, I can have gigabit connections to my cell phone if I need to. So now it becomes how easy is the tooling to use, how consolidated is that tooling? In other words, do I have to jump between one tool to another to another depending on the piece of that, you know, the the piece part of that hole that I need to address? Or can I do it all from one place? And I really feel like what what we at at Ninja have done is we have really cracked the nut on how do I remain under this one umbrella and be able to instrument monitor an action across the totality of that environment so that I don't have to go outside this ecosystem to make a change, if that makes sense.

SPEAKER_00:

It does. And I think your results are showing that. Yeah. Looking ahead, I mean IT operations are perpetually behind the curve trying to catch up, it seems, but you know, what's one or two things that teams should be preparing for maybe next quarter, maybe next year to get ahead of the curve.

SPEAKER_01:

Yeah, I I think the we're going to see some significant change um in the the mobile market um moving forward. We're already seeing that in terms of consolidation like Google's making a move to do some significant consolidation among their um they have multiple families of mobile devices. MDM is going to I I think we're going to see absolutely explosive growth in the demand for not only for MDM in general, but for a very rapid maturation in within the MDM market. MDM vendors are going to be expected to really step up to the plate because it has become like it's no longer a nice to have in in the industry. There's just too much dependency on mobile devices and the ability to manage off or onboardboard those devices very efficiently and very safely, frankly, because not only are they a hard and fast requirement now, um they also represent sort of they're sort of the wild west that the traditional endpoint used to be. And that's like we can't do that. We can't reintroduce that kind of risk into our environments that we spent so many decades trying to get rid of. So brilliant.

SPEAKER_00:

Yeah as I head into Mobile World Congress, Barcelona next month, I'm sure that will be a big topic in the enterprise. Where are you headed? What are you up to? Where can people meet you over the next weeks and months?

SPEAKER_01:

Oh my goodness man. That's a great question. So I I I do spend most of my time in front of customers with customers um trying to to live and understand the the pain uh you'll over the the next few weeks um you know Germany Japan um I all over the place um I try it I I do hit some of the shows um I will admit that that's not like my primary goal is to spend time with the customer in their world. Obviously with uh the Gartner MQ that came out that was extremely powerful news for us. You know our first year eligible and to be is is yeah fantastic. I I just like I'm very very proud of that. I do hope I'm I'm you know if I'm 100% honest um we just did our F1 sponsorship and announced that not going to lie uh hopefully one of my stops in the the next year will be at the paddock at a race.

SPEAKER_00:

But we'll see we'll see where uh things take us so much fun and interesting insightful stuff to explore hope we'll see you at RSA C. And um thanks for sharing the insights and the analysis really helpful really interesting always a pleasure Evan thank you so much for having me. Thank you and thanks everyone for listening watching check out our TV show now in Fox Visits and Bloomberg at techimpact.tv and I'll see you at uh Mobile World Congress, RSA Hymns and on and on. Take care everyone. Thanks again thank you