Consolidate, Secure, Enable: A Field Guide to Untangling Business IT

Most growing businesses don't have a technology problem. They have an architecture problem.

The tools are usually fine. The email works, the files are in the cloud, the team has laptops. But somewhere along the way the company ended up with ten vendors where three would do, a security posture assembled by whoever happened to be available at the time, and no single person who understands the whole picture. Every new tool solved a problem and quietly added two more.

Over 30 years in IT, I've seen this pattern in companies of every size — from 1,100-store retailers to ten-person shops. The way out is always the same three moves, in this order. Order matters.

1. Consolidate

You can't secure or automate a mess you can't see. So the first job is always to take inventory and reduce.

That means listing every vendor, domain, subscription, and tool — including the ones nobody remembers signing up for — and asking a blunt question of each: does this still need to exist? Usually a surprising number don't. Overlapping tools get collapsed. Forgotten licenses get cancelled. Scattered domains and DNS get pulled under one roof and configured correctly.

The result isn't just a lower bill (though it usually is). It's a single, documented architecture that one person can actually reason about. That clarity is what makes everything after it possible.

2. Secure

Once the environment is clean, you secure it — and modern security starts with identity, not the firewall.

The old model of a hard perimeter around a trusted inside is gone. People work from everywhere, on every device, against apps that live in someone else's data center. The thing that ties it all together — the new perimeter — is who is allowed to do what. That's why the highest-leverage security work for most businesses is identity: single sign-on, multi-factor authentication everywhere, conditional access based on real risk, and clean account lifecycle so access leaves when people do.

From there you layer in the rest — endpoint and email protection, secure-by-default configuration, and whatever compliance framework your industry requires. But identity is the foundation the rest stands on.

3. Enable

Only now — with a consolidated, secured environment — does it make sense to add intelligence on top.

This is the fun part: automating the manual, error-prone work that quietly drains your team, and putting AI tools to work where they actually move the business. The reason this comes last isn't caution for its own sake. Automating a messy, insecure environment just makes the mess move faster. Build on a clean foundation and the same tools become a genuine multiplier.

Why the order is the whole point

Most IT frustration comes from doing these out of sequence — bolting on a security product before consolidating, or chasing AI before either. Consolidate, then secure, then enable. Each step makes the next one cheaper, faster, and safer.

If your IT feels like more vendors and tools than anyone can keep straight, that's not a failure — it's just the natural result of growth. It's also very fixable, and it starts with a single honest inventory.