How MSPs can turn identity blind spots into growth opportunities
Once the workday begins, most employees log into a wide range of tools. For the average knowledge worker, this can be as many as 11 different applications, nearly double that of 2019. These apps could span multiple identity providers creating a fragmented identity ecosystem. For many companies, keeping track of who has access to what is almost impossible and that lack of visibility leaves blind spots.
Cisco Talos threat intelligence found that, in 2024, 60% of all attacks were identity-based. Nearly half of those targeted Active Directory. Rather than cybersecurity incidents beginning with malware or exploiting vulnerabilities, adversaries often look to simply login.
This makes securing identity vital, but doing so can be messy. Organizations understand identity is a target but are less aware of how to take hold of the situation. Enter…the MSP opportunity.
Filling the Identity gap, what’s the MSP opportunity?
Customers often look to MSPs to operationalize security through Identity and Access Management (IAM), streamlining onboarding, provisioning and deprovisioning, and managing workforce access day to day. Done well, IAM reduces friction, drives efficiency, and delivers measurable cost savings. It’s an essential foundation that is expected.
But IAM alone only locks the front door. MSPs can stand out by also offering advisory services that help customers prepare for tomorrow’s threats. This is where Cisco Identity Intelligence comes in. Identity Intelligence continuously analyzes identity activity across users, devices, and applications to spot risks and unusual behavior that IAM alone cannot see.
While IAM mainly covers the Identify and Protect functions, making sure the right keys go to the right people, Identity Intelligence extends coverage to Detect, Respond, and Recover. It acts like the surveillance system, spotting suspicious activity, alerting when someone tries the wrong door, and guiding recovery if a breach occurs. Together, IAM and Identity Intelligence provide a more complete approach to identity security that MSPs can deliver.
Laying the foundation for proactive Identity security
You can’t detect what you can’t see. Most organizations rely on multiple identity providers (IDPs), HR systems, and SaaS apps. Correlating that data becomes overwhelming especially for MSPs managing many tenants. Manual investigations and siloed tools slow response times and create blind spots that attackers can exploit.
The first step is visibility. MSPs need a single source of truth to identify risks early, filter out the noise and act with confidence. Identity Intelligence gives MSPs that visibility. It answers questions like “Are you sure MFA is configured everywhere?” by pulling together users, apps and device data across environments. But visibility alone isn’t enough. Identities are a constant target. Continuous monitoring, posture scoring, and trust checks ensure protection stays current, threats are flagged, and risks are remediated before they escalate.
To operationalize this approach, MSPs can follow a proven identity security blueprint built around five widely recognized security functions:
Identify — Understand who your customer’s users are and what they have access to by building a user and device inventory. Use IAM to manage onboarding and provisioning and Identity Intelligence to get a holistic view.
Protect — Enforce strong access controls with IAM, and pair posture scoring from Identity Intelligence with Duo policies to secure endpoints, strengthen authentication, and maintain compliance at scale.
Detect — Monitor continuously for anomalies, such as multiple failed login attempts or unusual locations. Identity Intelligence applies cross-platform analytics to surface patterns and outliers quickly, giving MSPs an early warning system.
Respond — Use high fidelity insights to guide incident response. Identity Intelligence helps MSPs prioritize, escalate, and act quickly. With playbooks or SIEM/SOAR integrations, they can contain threats, adjust policies, and document every action.
Recover — Ensure customers bounce back quickly. MSPs can help organizations learn from incidents, close gaps, and harden policies. By reviewing Identity Intelligence insights alongside response playbooks, they guide recovery, demonstrate resilience, and build long-term trust.
Identity security assessment to help MSPs uncover opportunities
Many organizations assume they know their identity environment, that is, until evidence shows otherwise. That’s why assessments matter. With Duo’s Identity Security Posture Management, MSPs can surface blind spots customers didn't realize they had such as dormant or “never logged into” accounts, weak MFA adoption, and devices slipping through compliance checks. The results come back in a clear, actionable report. For MSPs, these insights aren’t just findings; they are conversation starters that build trust, open the door to ongoing advisory services and create opportunities to expand your footprint.
Want to see it in action? Check out the interactive demo.
Ready to become a partner? sign up here to uncover hidden risks, demonstrate immediate value and lay the foundation for long-term identity security partnerships.