Overcoming tool sprawl in Microsoft 365 managed services

The benefits of offering managed cybersecurity services is obvious. The problem is that tools can quickly proliferate, leaving MSPs spending almost as much time juggling different security applications as they spend on revenue-driving projects and other critical tasks.

Cybersecurity applications tend to pile up like tools in a poorly organized garage. If you can’t find a hammer, you might buy another and end up with two — or more eventually. Mergers, acquisitions, changes in leadership and shifts in IT strategy can lead to cybersecurity tool bloat.

Unlike a disused hammer, however, cybersecurity tools don’t just sit dormant waiting to be put into action. They keep working, for better or worse. And that can lead to all sorts of issues. Managing multiple licenses becomes a difficult task. Alert fatigue from multiple tools weighs heavily on both your staff and your client. Your IT staff has to stretch thin to keep up with multiple tools that in many cases are doing the same thing. And paying for all of those applications gets expensive.

Protecting Microsoft 365 can lead to complications for MSPs

Microsoft 365 poses a series of specific challenges for MSPs. Since it doesn’t adequately protect data, securing Microsoft 365 for clients requires multiple capabilities, including security for email and collaboration applications, as well as backup, archiving, user training and extended detection and response (XDR).

One hand, that’s great news for MSPs: They have multiple services to sell and boost revenue. Unfortunately, it’s not that easy. In fact, having to manage a wide range of disparate security solutions can be a liability for MSPs. Keeping all of those services running can mean dealing with multiple systems and multiple vendors, which can ultimately do more harm than good to your business.

Consider the complications for:

Product managers

Managing disparate tools and clients creates challenges for product managers that make scoping and pricing managed Microsoft 365 services nearly impossible and incredibly risky. If managers underestimate the amount of time, number of staff and overall effort required to service Microsoft 365 clients, the MSP loses money and all the revenue advantages of selling multiple security services disappear. 

But if product managers overestimate necessary resources, they risk building in costs that are too high and charging clients too much for cybersecurity services. If that happens, the MSP will have a hard time selling services and could price itself right out of the cybersecurity business.

Technicians

For technicians, managing multiple systems presents a host of challenges. They have to repeat many common, critical and time-consuming processes for each vendor or system, including onboarding new clients, managing client accounts, monitoring alerts and deploying updates.

Completing those tasks requires doing the same repeatedly but in a different system each time. For instance, technicians have to log in to multiple products and constantly switch screens. Responding to tickets can also be a massive chore since it requires a complex web of integrations and at least as much screen switching as managing client accounts overall.

Organizations are looking to consolidate security tools

MSPs need to consolidate their tech stack. Those that do will follow a wider trend in the technology industry. Gartner found that 75% of respondents to a global survey sought to consolidate security vendors in 2022, up from just 29% in 2020.

More recently, IDC found in late 2023 that more than half of respondents to a survey were already consolidating security tools and vendors, and more than 85% planned to pursue consolidation by the end of 2025. Fundamentally, any organization that is not planning cybersecurity consolidation is either far ahead of the industry trend, with consolidation at or near completion, or significantly behind it.

For MSPs, cybersecurity consolidation is particularly important. Cybersecurity is a major revenue driver as well as a weak point for clients. You need a consistent offering you can deliver from one client to the next without burdensome maintenance or management. You also need to be able to standardize cybersecurity for popular cloud platforms such as Microsoft 365 and Google Workspace.

Consolidating disparate tools is a never-ending task

Using multiple tools makes any kind of consistent delivery of Microsoft 365 protection to clients frustratingly difficult. It also burdens IT staff and actually increases clients’ risk of suffering a cyberattack.

Consolidating existing security tools is an option for MSPs, but it’s neither easy nor inexpensive. Most cybersecurity products don’t have all the features and capabilities required to protect Microsoft 365 and similar platforms. As a result, MSPs have to undertake multiple integrations, which can be costly and inefficient, and lead to insufficient data protection.

Do-it-yourself consolidation is a multistep process that requires a large investment of time and a major diversion of IT resources. And it doesn’t really end, as Gartner analyst Dionisio Zumerle pointed out to TechRepublic: “Once cybersecurity leaders have identified and begun a consolidation project, they should keep in mind that consolidation is not a finite exercise. Potential subsequent consolidation projects and their compatibility should be accounted for.”

Rather than constantly use resources to try to manage disparate tools, MSPs need to seek a natively integrated cybersecurity solution from a single vendor. Why? Jeremy Ventura, field CISO at systems integrator and Acronis partner Myriad360, detailed some of the benefits of a single-vendor approach to CSO magazine: “Rationalizing tools under one vendor can help when it comes to consolidating multiple security alerts under one dashboard, saving time to detect and respond to incidents. One support team and one contract can be ideal for some organizations.”

The benefits of cybersecurity consolidation for MSPs

Working with a single vendor solves many of the problems MSP technicians and product managers face. Processes such as onboarding, account management, alert monitoring and deploying updates no longer require repeated steps for each vendor or system; technicians can accomplish them all at once in a unified platform. Product managers can more easily and accurately determine the resources necessary for providing cybersecurity and develop profitable but sustainable pricing plans accordingly.

Having one vendor frees up your employees to provide client service and take on revenue-producing tasks rather than managing complex licensing and management. Consolidation also provides MSP CTOs and product managers with a single license and a centralized source of support and planning for cybersecurity operations.

In fact, IDC backed those claims with numbers, finding that cybersecurity consolidation can save an average of about 16% of total tool costs and nearly 20% of time spent analyzing cybersecurity functions.

Beyond all that, there are other advantages to single-vendor cybersecurity:

Better client protection

IDC also found that consolidation can reduce mean time to respond to an incident by an average of more than 20% and decrease remediation time about the same percentage. A comprehensive security platform is more water-tight than a patchwork of applications that’s difficult to bring together.

Standardized offerings across platforms and verticals

With a natively integrated cybersecurity solution, you can create a standard offer to most of your clients, easing the burden of client management. You can also offer a single solution for platforms such as Microsoft 365 and other SaaS offerings, and you can deliver your offering across verticals.

Assistance with critical business tasks

Developing a strong relationship with a single vendor enables you to use the vendor’s proven expertise effectively. The vendor can help you complete essential business tasks, including creating a service catalog and plan, and developing assets for sales enablement and marketing.  

Microsoft 365 protection and compliance

Microsoft itself does not — and, in fact, does not claim to secure Microsoft 365 data. Your clients need another vendor to provide comprehensive protection and backup capabilities. With a single-vendor approach, you can find all of that functionality in one place and offer the protection clients need for SaaS platforms. You can also help them stay in compliance with various regulatory requirements given that Microsoft 365 itself does not offer strong enough security to ensure compliance.

Acronis Cyber Protect Cloud delivers a consolidated solution

Acronis Cyber Protect Cloud offers MSPs the consolidated, comprehensive and natively integrated solution they need to protect clients and redistribute resources. The Acronis solution provides a consolidated platform that delivers backup and email archive capabilities, security for email and collaboration applications, and extended detection and response (XDR). The full Acronis Cyber Protect Cloud package also delivers security posture management and even a new approach to security awareness training.

Managing multiple security tools is expensive, resource-intensive and even risky. Acronis Cyber Protect Cloud gives MSPs both the power and simplicity they need to offer a natively consolidated, comprehensive cybersecurity solution to clients while also easing management burdens and cutting costs.

Contact us at This email address is being protected from spambots. You need JavaScript enabled to view it..