Article · 6 min · For Owners
The minimum baseline (and why)
Every business — regardless of size, regardless of industry — needs four things: MFA on every account, EDR on every device, backups that are tested, and a documented response plan. Below that baseline, you're one mistake from a serious problem. Above it, the question becomes "how much more?"
What size you are vs. what tools you need
A 4-person office on M365 has a different profile than a 30-person office with an on-prem server. The number of users dictates the help-desk load. The number of locations dictates the network spend. The number of servers dictates the backup investment. Get those three numbers right and most of the stack rightsizes itself.
Compliance is the multiplier
If you handle patient data (HIPAA), card payments (PCI), public records (CJIS), or law-firm privilege, the baseline isn't optional — and the documentation requirements double the work. Compliance isn't a bigger budget for the same protection; it's a different kind of protection plus an evidence file.
The two questions every owner should answer first
Before you talk to any MSP, write down the answers to two questions: How much does an hour of full-team downtime actually cost us? And what's the smallest mistake that could end the business? The first sets your investment; the second sets your priorities.
Frequently asked questions
How do I know if I'm being sold more than I need?
Two signs: the MSP can't explain in one sentence why a specific tool is in your stack, and the same tool appears across every client regardless of size. Right-sized stacks have a few common cores (EDR, MFA, backup) and a few discretionary layers that vary by industry and risk tolerance.
What's the most commonly oversold item?
Enterprise-tier SIEM and 24/7 SOC services for very small businesses (under 25 users). For most of that market, M365 audit logs plus the MSP's EDR-vendor monitoring covers the practical detection need; a dedicated SIEM is overkill. Industries with regulated data sometimes change the calculus.
What's the most commonly underbought item?
Tested backups. Most businesses have "backups" in the sense that a tool is running; very few have actually restored from one in the last 90 days. The discipline gap is bigger than the dollar gap. See
backup is the answer; restore is the test.
When does the enterprise stack start to make sense?
Typically when team size passes 75–100 people, when regulated data volume passes a threshold an auditor cares about, or when a specific incident exposes a control gap. Below that, enterprise-tier tools usually deliver enterprise-tier complexity without proportional benefit.
Related reading
