Back to Blog

MSP Business Scalability Challenge for Office 365 Security

If we look at the industry report, the Managed Services Market is forecast to touch USD 557.10 billion by 2028. It has become a mature business now, however the customers' needs are highly complex when compared to traditional businesses.

MSP Business opportunity/challenges can be complex to navigate, often involving multiple external market forces, internal drivers, organisational and client-based frictions, resistance to scaling, and of course, both financial and opportunity costs.  

Scaling the business in the face of the increased client (and market) security demands and cloud adoption is one of the biggest challenges for managed service providers.  Let’s look.

The Market Forces:  

  • Increased demand for coherent and proactive security as a given rather than as an add-on
  • Increase in cybercrime  
  • An explosion of remote working  
  • Inevitable cloud adoption below a certain client size
  • Increasing trends towards security audits and compliance standards among clients, as a must-have for contracts, market entry and downstream client confidence

The Business Challenges:

Demand to Scale  

According to a recent survey by Cato Networks, consisting of 1000 channel partners revealed that while choosing security vendors, partners now prefer scalability and ease of management over product profitability. Let’s take a look.


Small-to-medium sized clients add another interesting angle here. Many MSPs serve local or regional business where SME clients dominate.  Thus, scaling at this end of the market is often served by increasing the client base as opposed to client size.

Scale Resistance

While client numbers and revenue are a better indicator of MSP scale, these data aggregations can be hard to come by for regional MSPs.  Market Segmentation on Cloud Tango suggests that approximately 50% MSPs have around 50 employees or less. MSP Employee numbers usually correlate with business size. While automation is helping, the local and hands-on nature of MSP client activity means that scaling the business value and revenue is difficult without increasing headcount.

The Challenges with Scaling Office 365 Security

Office 365 Adoption Inevitability

Office 365 and cloud adoption are increasing. Ten years ago, one might have thought Google would come roaring into the B2B party with its sexy and lightweight offerings; however, Microsoft has instead solidified its position as an indispensable business stalwart. Business isn’t sexy on the inside. Businesses demand MS Excel. SharePoint and Outlook. Don’t get me wrong. MS almost missed the boat, only making it with a hasty cloning of Exchange, Active Directory and SharePoint to their emerging Azure infrastructure.   

In this solidification, MS has pulled more and more business activity into the cloud, with MS Teams and OneDrive leading the charge. On the security side, they have been market disruptors with keen acquisitions such as Adallom (MS Cloud App Security), focusing on endpoint configuration and monitoring. 

The Missing Pieces

ALL of the above factors place MSPs with the unenviable task of securing Office 365, all while they want to scale their business proactively.   O365 is co-managed by clients; however, clients have less understanding of security risks and less inclination to maintain IT security posture when faced with pressing business needs. MSPs then leave to pick up the pieces and defend themselves from blame when inevitable breaches occur. In many cases, MSPs are rolling security updates and reacting to fires in an ad-hoc manner. Most MSPs lack something that prevents them from turning reactive into pro-active; some lack visibility, some know-how, efficient automation, and/or all lack time.
we model the problem with the following three variables:

  1. X - Coherency across the depth of controls and risks to deploy and monitor
  2. Y - Consistency across multiple tenants 
  3. Z - Persistency. day in, day out. protect, detect, remediate, repeat 

If every square in this grid is a control or risk for an individual client on a given day, it is easy to see how MSPs are not getting to the coherent, consistent, and persistent security stance the market demands. 

What can be done to Overcome this Challenge? 

Just like the problems grid shown above, we will now enlist solutions to overcome issues in each axis.  

1. Solution (for X-Axis): Coherence

  • Know Security Best Practices 
  • Deploy security controls that fit the client's particular business security trade-off 
  • Monitor and characterise internal risks 
  • Monitor for external breach indicators 

2. Solution (for Y-Axis): Multi-Tenant Consistence 

  • Redeploy security best practices to similar clients 
  • Consolidate Office 365 monitoring of both risks and breaches 

3. Solution (for Z-Axis): Persistence 

  • Monitor and rapidly remediate security control deviations 
  • Monitor internal risks and raise them with clients 
  • Monitor for breaches 
  • Report risk summaries and continued security posture to clients 
  • Continuous rapid client consultation and decisive remediation 

If you find that these solutions are overwhelming to implement, then security automation SaaS tools like Octiga ensure ALL of this for MSPs, MSSPs, Security and IT Consultants. 

Unlike many solutions, we don't just offer passive monitoring of external threats; we proactively deploy Office 3665 security best practices across all controls and risk vectors, both internal and external, we monitor everything (controls and risky events) and remediate all in-app, for all your client tenants, within clicks!   

If you are interested in understanding more about us, schedule a quick 15 min session now

More from the Blog

5 reasons why MSPs can’t win the Microsoft 365 security game using Secure Score (and what to do about it)

While Microsoft Secure Score offers a quantifiable assessment of security posture, it has striking limitations. We share five reasons why MSPs need a better tool.

Read Story

Microsoft 365 Breaches - As preventable as they are common

Sash Vasilevski, Octiga co-founder and cyber security expert, explains why stopping unauthorised access to Microsoft 365 is complex, requiring specialist tools, like Octiga.

Read Story

Octiga Announces Benefit Partnership with The ASCII Group

Members of The ASCII Group gain preferential Octiga terms

Read Story

Never miss a minute.

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa.
We will never share your email address with third parties.