Like Pia, covered here recently, CloudCapsule strives to make a practical impact on MSP productivity. Unlike Pia, it strives to do so by eliminating the need for tickets rather than helping technicians close them more quickly.

“We started CloudCapsule really to solve this problem of preventing breaches before they happen,” says Nick Ross, the company’s CEO.

That was in 2024, shortly after Ross (pictured above) had exited senior leadership roles with multiple MSPs following a five-plus year stint in various capacities at Pax8. “I was spending about four to six hours doing manual security assessments and producing reports,” he recalls. “It was a very tedious process and not really something you could do in a non-linear fashion.”

With that experience in mind, Ross and Michael Dehmlow, previously Pax8’s CTO and then COO, decided to create a solution that would radically accelerate an otherwise time-consuming process.

“We’re in the cloud security posture management space, which is really young for SMBs and MSPs,” Ross says. Wiz, the security vendor Google acquired for $32 billion in a deal that closed earlier this year, is its inspiration.

“They did this for enterprise and did this really well,” Ross says. “Wiz is kind of who we want to be when we grow up, but for SMB and for MSP.”

Called Analyze, the company’s first product performs heavily automated security assessments of Microsoft 365 tenants. That was a natural fit for Ross, who in his spare time is a Microsoft MVP and host of T-Minus365, a YouTube series and accompanying blog with some 33,000 subscribers.

“We collect over 200 data points across the Microsoft 365 ecosystem, and we map those to a variety of compliance frameworks like CIS and NIST automatically,” Ross says. “The time to value is about 60 seconds.”

The system fills a service gap for many users as well. “Most times we find that the MSP is either not doing this today as part of their security practice or not actively going and running assessments on a regular basis,” Ross says. “It’s very ad hoc.”

And usually inefficient as well, he adds. “We’re saving them a ton of time on that effort that you would go in and spend to perform this manually.”

Reporting functionality in the system then lets users present assessment results in terms customers will understand. “It’s client facing out of the box so you don’t have to translate the lexicon of Microsoft speak or security speak,” Ross says.

In a brief time, he continues, the solution has attracted over 300 partners in more than 42 countries. The company’s second product, called Manage and launched on Tuesday, is designed to help those partners implement needed changes uncovered during assessments.

“The biggest piece of feedback since we’ve been in market is, ‘I see all these changes now, I have great context into what’s going wrong, but now I want to be able to scale fixing this.’”

Together, Analyze and Manage let them do so in a single workflow encompassing assessment, remediation, proof of completion, and audit reporting.

“We do the scan, we show you what’s wrong in red, you have the button to click it and make it green, and you get an immediate feedback loop,” Ross says. “It’s really that basic.”

Manage also monitors a scanned environment continuously after remediation is complete. “If it ever drifts outside of compliance again or somebody tampers with it maliciously or accidentally, we’ll show you that too,” Ross says.

Analyze currently sells for a flat $250 per month with unlimited scans. “You can add all of your tenants,” Ross says. Manage covers an initial 250 managed users for another $250 a month. Additional users cost $1 each from there.

According to Ross, real-time alert logging in PSA systems is on the roadmap for future functionality updates, along with expansion beyond the Microsoft ecosystem.

“Ideally, in timelines like the end of this year, we’ll be extending ourselves into other cloud-based environments like Google, but also more of the MSP tool stack that they’re typically using for security products, like SentinelOne for EDR or a third-party email security tool,” he says.