A private equity firm I worked with had acquired five companies over four years. By the time someone at the fund actually looked at the IT footprint across the portfolio, the picture was almost comically fragmented. Five Microsoft tenants. Three different security stacks. Two of the companies were running Google Workspace. Four different MSPs, none of whom talked to each other. Cyber insurance premiums up 60 percent in two years across the portfolio because every renewal questionnaire told the same story: inconsistent controls, gaps in visibility, no standard incident response.
This is not unusual. It is the default state of IT inside a PE portfolio that has not been actively managed at the fund level. I have spent two decades in service delivery, including a meaningful share of that time on M&A IT integration, and the pattern is consistent enough to write down.
How Portfolio IT Gets This Way
Nobody plans for portfolio IT to look like this. It arrives one acquisition at a time.
The first deal closes. The portfolio company keeps its existing IT setup because changing anything is “for later, after we hit our first 100 days.” The second deal closes. Same logic. By the third deal, “later” is now several years away and the practical reality has hardened: each portfolio company runs its own stack, with its own MSP, on its own renewal calendar. Fund IT, if it exists at all, sits at the holding company level and has no operational connection to the portfolio.
The cost of this drift is invisible until it is not. Then a single event makes it impossible to ignore. A cyber incident at one portfolio company exposes the lack of consistent controls across the others. A cyber insurance renewal cycle reveals premium increases that nobody was tracking. A bolt-on acquisition needs to be integrated and the question of which portfolio company’s IT model it should match has no answer because there is no model. A portfolio CFO tries to consolidate vendor spend and discovers that there is no leverage because each portfolio company is on a different contract with a different provider.
What It Actually Costs
The financial impact of fragmented portfolio IT shows up in five places.
Duplicate licensing. Five Microsoft tenants means five tenant minimums, five Defender for Office 365 subscriptions, five Entra ID Premium subscriptions if the portfolio is on E3, and zero ability to negotiate a portfolio-wide enterprise agreement. Microsoft’s volume pricing assumes a single tenant. Five tenants is five times “small.”
Inconsistent security posture. Each portfolio company has whatever security stack their previous IT leadership put in place, which means the fund cannot claim consistent controls during diligence on a sale or during a cyber insurance renewal. The portfolio with the weakest controls sets the ceiling on what the fund can claim across the portfolio. That gap shows up in renewal pricing, in valuation conversations, and in the diligence process when the fund tries to exit.
No economies of scale on managed services. Four different MSPs across five companies means four different SLAs, four different escalation paths, four different reporting cadences, and four different invoices. The fund pays the small-customer rate at every one because no MSP sees the full portfolio as a single account.
Slow integration of bolt-ons. When the next acquisition closes, the integration playbook depends on what the acquired company looks like. If the portfolio had a standard target architecture, integration could happen in 90 to 120 days. Without one, integration becomes a custom project, often deferred indefinitely, which compounds the fragmentation.
Friction at exit. When the fund prepares a portfolio company for sale, IT diligence becomes a real cost. Buyer due diligence flags the same inconsistencies that the cyber insurance carrier flagged, and the seller either fixes them quickly under deal pressure or accepts a price reduction. The cost of the fix, deferred for years, gets paid all at once at the worst possible moment.
A directional view of these costs across a five-company portfolio with 1,500 total employees typically lands in the range of $1.5 million to $3 million annually in pure waste, before accounting for the slower integration of new acquisitions and the friction at exit. The waste is not always visible at the portfolio company level, but it is real at the fund level.
The Standardization Playbook
Funds that get serious about portfolio IT generally move through the same three phases.
Phase 1: Establish the Standard. The fund picks a target architecture and a preferred provider model. The architecture covers identity (typically Microsoft Entra ID), productivity (Microsoft 365 with a defined SKU mix), security (Microsoft Defender or a defined comparable), endpoint management (Intune or comparable), and core infrastructure (Azure or AWS, defined by use case). The provider model defines whether portfolio companies use a single MSP across the portfolio or run a small set of approved providers. Either model works. The lack of a model does not.
Phase 2: Baseline the Portfolio. Each portfolio company gets assessed against the standard. The output is not a binary “compliant or not.” It is a roadmap with three buckets: items that should be standardized at the next renewal, items that need to be addressed before the next acquisition or exit event, and items that are good enough to leave alone. This phase typically takes 60 to 90 days across a five-company portfolio.
Phase 3: Sequence the Migration. Standardization does not happen all at once. The sequence depends on renewal calendars, change capacity at each portfolio company, and the strategic timeline of the portfolio. Companies preparing for exit move first because the cost of inaction is highest. Companies that just acquired bolt-ons move next because the integration window is the most efficient time to standardize. Stable mid-life portfolio companies move last, on natural renewal cycles.
The endpoint of this work is not a single tenant or a single MSP across all portfolio companies. The endpoint is a portfolio where IT operates on a consistent set of decisions, with consistent controls, on a consistent renewal cadence. That is the precondition for IT to be a value lever instead of a cost center.
Why This Sits at the Fund Level
The most common mistake I see is leaving portfolio IT strategy at the portfolio company level. It does not work, and the reason is structural: each portfolio company’s IT leadership is incented to optimize their company, not the portfolio. They make rational decisions for their environment that, in aggregate, produce the fragmented result the fund does not want.
The fix is to put portfolio IT strategy at the fund level. Not the day-to-day operations, which still belong at the portfolio company. The strategy: the standard architecture, the provider model, the assessment cadence, the integration playbook for bolt-ons. These decisions cannot be delegated to the portfolio companies because they are decisions about the portfolio.
Some funds handle this with an operating partner who owns IT across the portfolio. Some handle it with a portfolio-wide MSP that operates as the de facto IT organization across the holdings. Both models work. The model that does not work is hoping that each portfolio company will independently arrive at consistent answers.
What a Portfolio MSP Engagement Looks Like
When a fund engages an MSP to operate across the portfolio, the structure differs from a single-company engagement in a few important ways.
Pricing is structured at the portfolio level, with portfolio-wide volume commitments that produce real leverage. SLAs are defined consistently across the portfolio so the fund can produce a single set of metrics for board reporting. Reporting consolidates across the portfolio so the fund can see exposure, incident trends, and license utilization in one view. Integration playbooks are defined in advance so a bolt-on acquisition has a documented path from close to integrated within the agreed-upon window.
Our M&A IT integration practice supports this model for several PE-backed clients. The practical benefit is that the fund stops re-litigating IT decisions at every portfolio company and the portfolio companies stop being the front line of every IT vendor renegotiation. The work moves from reactive to strategic.
Where to Start
If you are a fund operating partner or portfolio CFO looking at this problem, the first question is not “what is the right architecture.” It is “what is the actual current state across the portfolio.” A 60 to 90 day baseline assessment is the first investment. The output is a clear picture of fragmentation, an estimate of annual waste, and a sequenced roadmap to standardization.
We help funds run this kind of assessment. The engagement scopes against the portfolio, produces a fund-level view of risk and waste, and gives the operating team the artifact they need to take a recommendation to the investment committee. Reach out if you want to walk through what the assessment looks like for a portfolio of your size.
The IT problem in PE portfolios is rarely a technology problem. It is a governance problem that compounds across acquisitions until someone at the fund decides to address it. The funds that address it earlier turn IT into a leverage point. The funds that wait pay for the deferral at the worst possible time.
