Key Takeaways

  • Barracuda Networks has acquired Evo Security to strengthen identity resilience capabilities within the BarracudaONE platform for managed service providers.
  • The deal brings IAM, privileged access management, MFA, and identity threat detection into a unified, multi-tenant environment aligned with Zero Trust principles.
  • Industry analysts note that MSP-driven demand for consolidated identity controls continues to rise as identity-centric attacks accelerate.

Barracuda Networks is adding new weight to its identity strategy with the acquisition of Evo Security, pushing the BarracudaONE platform further into unified identity resilience for managed service providers. The announcement, published on July 7, 2026, signals the company's intent to offer MSPs a consolidated and operationally efficient path to identity governance and protection.

Identity security for smaller companies has increasingly flowed through MSPs, a trend highlighted by the fact that over 60% of SMBs consume security capabilities from service providers rather than direct procurement, according to IDC in 2024. This reliance adds pressure on MSPs to manage identities flexibly and consistently across multi-tenant environments. Evo Security was built specifically for this requirement, integrating into BarracudaONE to provide simplified identity stacks for service providers.

The combination brings together technologies that MSPs typically piece together. Evo Security’s platform includes multi-factor authentication, single sign-on, technician and end-user privileged access management, RADIUS, and help desk verification tools within a single agent. When placed inside BarracudaONE, these functions give partners a way to assess and govern identity usage across users, devices, and endpoints without juggling disparate consoles. This consolidation addresses the needs of MSPs managing thousands of customer environments, where a single permission misconfiguration can lead to unauthorized lateral movement or data exfiltration.

Identity verification extends beyond human users, driven in part by the rise of agentic AI as an accelerant for identity abuse. Non-human entities, bots, service accounts, and automated processes now represent a growing share of access requests. Because these identities proliferate quickly, MSPs often lack a clear inventory of activity inside a customer network. Evo Security’s focus on privilege management and lifecycle governance gives the platform an entry point into addressing that visibility gap.

The combined offering spans front-door controls, identity-driven least privilege enforcement using Barracuda SecureEdge ZTNA, backup and recovery for identity systems like Microsoft Entra ID, and correlation of identity activity through Barracuda Managed XDR. Together, these capabilities aim to help MSPs reduce standing privileges and increase visibility into suspicious identity movement. This aligns with Forrester’s 2023 assessment that identity threat detection and response has become a core pillar of Zero Trust for multi-tenant environments, with ITDR adoption accelerating among providers serving SMBs that frequently face credential-based attacks.

The acquiring company plans to embed Evo technology directly into the BarracudaONE platform while continuing to support existing Evo MSP customers. The Evo team is joining the parent company, signaling commitment to the product’s continuity rather than a sunset strategy. The founder of Evo Security framed the move as an opportunity to reach more partners globally, emphasizing the identity-first design that guided the product's development.

Platforms like BarracudaONE and Evo Security align with standards such as the NIST Digital Identity Guidelines (NIST SP 800-63). Updated in 2023, the guidelines outline practices for digital identity assurance, authentication, and lifecycle governance. Many MSPs implement these standards when shaping customer access policies to demonstrate alignment with federal and industry guidance. The Cloud Security Alliance has similarly urged identity-centric approaches within Zero Trust architectures, noting in its 2022 guidance that consolidating IAM, PAM, and ITDR functions reduces misconfiguration risk in multi-tenant environments.

The identity and access management segment is projected to reach roughly $16 billion by 2026, according to 2023 estimates from Gartner. This growth is fueled in part by MSP and MSSP adoption, as service providers continue to serve as the primary route to market for security capabilities in the SMB space. Because identity attacks frequently target smaller organizations relying heavily on remote technician access, service providers require integrated IAM platforms to secure multi-tenant footprints.

The integrated platform operates in a competitive sector alongside vendors like CyberArk, Okta, and Duo Security, which provide MFA, privileged access, and identity governance. The integration emphasizes the MSP-centric architecture that Evo built from the start, combined with the acquiring company's existing partner channel. This specialized approach targets providers that find enterprise IAM systems too complex or costly to deploy efficiently across the SMB segment.

Following the acquisition, MSPs will look for clarity on migration paths, feature alignment, and the combined licensing model. The company has stated that existing Evo customers will continue to be supported throughout the rollout of the unified platform.

The chief executive officer of Barracuda Networks cited scalability as a core motivator for the deal, noting the requirement to manage millions of identities across thousands of customer environments. This volume creates operational strain, and the company expects a consolidated identity architecture to help MSPs reduce administrative overhead. The acquisition broadens the BarracudaONE platform, providing centralized authentication and access control for managed service providers.