IT: The 6T Industry that Silicon Valley Hardly Ever Thinks About
The Largest Market in Technology is Stuck in the Past
America | Tech | Opinion | Culture | Charts
In the tech industry, all the attention goes to the frontier. And why not? Companies like OpenAI, Anthropic, and Google are pushing the boundaries of what’s possible, and billions of dollars chase each and every new breakthrough. But the largest market within technology is far more prosaic than any of that; it’s IT and security services.
Every single organization of any size leverages technology, and this infrastructure needs constant maintenance and support. Not every organization has the ability or the desire to handle that internally. So there’s a massive global market for managed service providers, or MSPs: the companies that provide IT, security, and compliance services to the vast majority of the organizations you interact with every day, from school districts to SMBs to the dentist’s office down the street. Add it all up, and we’re talking about a massive industry. IT spend is projected to hit $6 trillion in 2026, and there are over 40,000 MSPs in the United States alone.
And yet, despite being the largest market in technology, it is the last to meaningfully innovate.
There’s a reason for this. This enormous market is built on a legacy operating model that hasn’t meaningfully changed in two decades. Most MSPs are slow-moving lifestyle businesses; the rest are being rolled up by private equity. In either case, very little structural investment goes into modernizing how IT services are actually delivered. Humans are still the connective tissue across fragmented systems and service layers, even as automation and intelligence have reshaped every other corner of the tech industry.
This has real consequences for the millions of organizations that depend on these services. Only 23 percent of SMBs report being satisfied with their IT providers, largely because of slow response times and a lack of innovation.
IT spend also scales way past where it needs to. Complexity accumulates: you hire one MSP for general IT, another for security, a third for compliance, maybe a fourth for procurement, and before long you’re managing a constellation of providers, each speaking their own language, none fully coordinating with the others.
This is the problem that Treeline exists to solve. We are building what we call the Modern IT Operating System: a fundamental reimagining of how IT services work, one that uses software and AI to bridge the gap between technology’s frontier and its biggest market.
To understand why this matters, and why nobody has done it before, you have to understand the false choice that most organizations face when it comes to IT infrastructure.
The false choice
You can build it yourself. Hire an IT manager, then a security specialist, then a compliance officer. Each role costs six figures plus benefits. Each hire takes months. The team that worked when you had 100 employees is overwhelmed when you have 300. You’re constantly recruiting potential hires, onboarding new employees, and managing turnover. And none of this is your company’s core function. For a $50 million company, the historical rule of thumb is to spend 3 to 5 percent of revenue on IT, security, and compliance: that’s about $1.5 to $2.5 million a year, much of it headcount. And that’s the optimistic lower bound.
Or you can outsource to a traditional MSP. This seems simpler: you pay for expertise and avoid the hiring headaches. But traditional MSPs grew out of local computer repair shops. They are services businesses with stagnant operating models, built on rigid workflows and reactive support models. The way most of them work today is the way they worked in 2005. And because fixing problems permanently means fewer billable hours, there’s no structural incentive to actually make anything better.
The fragmentation makes it worse. Most of those 40,000-plus U.S. MSPs have fewer than 10 employees. And so quality varies wildly. You might get a great technician who knows your particular systems inside and out, but when you need help with cloud architecture or a modern compliance framework, that same MSP is out of its depth. You’re back to adding vendors and stitching things together yourself.
What does this actually look like day-to-day? It’s not pretty. Slow, reactive fixes when critical systems fail. Error-prone offboarding that exposes the company to insider risk. Revenue stalled by a failed SOC 2 audit because nobody was tracking compliance in real time. Weak credentials. Unmanaged access. Employees waiting hours for basic support tickets. Overspending on SaaS licenses that nobody uses but nobody cancels. And this all adds up. Every dollar and minute that goes to managing infrastructure could have gone to product or customers.
There’s an irony worth noting here: the technology industry, which has transformed every other sector through software and automation, has not managed to transform its own plumbing. MSPs operate in largely the same way they did 20 years ago. While the rest of the tech industry moved to cloud-native architectures and (later) AI-powered workflows, the delivery of IT services stayed manual and labor-intensive.
What’s changed
For a long time, this was just how things were. Automation tools were brittle and inflexible. AI couldn’t handle the judgment calls that IT work actually requires: the ambiguous triage decisions, the integration headaches, and the context-dependent security responses. The expertise needed to secure a network and manage complex integrations was genuinely scarce and couldn’t be codified into software.
That has changed quickly in the last few years. End-to-end employee lifecycle management across systems, intelligent ticket triage with automated resolution, continuous security enforcement, real-time compliance tracking, proactive issue prevention through root-cause analysis – three years ago, you needed a person for every one of these. Today, they can be automated reliably.
But the mission-critical nature of IT means that pure automation isn’t sufficient, either. When systems go down, when a security incident happens, when somebody has to make a judgment call about architecture or compliance strategy, you need a human who knows what they’re doing. The right model is software handling everything that can be automated, while human expertise gets concentrated on the work that actually benefits from human judgment: strategy, architecture, novel problems. Five years ago the technology wasn’t good enough to pull this off. Now it is.
And that is what we’re building at Treeline.
The Modern IT Operating System
We recognized that the connective tissue across vendors, tools, and processes no longer needed to be human. So we productized the IT department’s core activities. Instead of relying on people to stitch together disparate and sometimes archaic systems, we built a centralized software layer that standardizes workflows, integrates tools into a single operational system, and automates the coordination that used to eat up most of an IT team’s time. IT, security, and compliance stop being separate silos managed by separate vendors and start functioning as one connected system.
While “tool consolidation” has been promised before, it usually just means replacing five dashboards with one dashboard. We aren’t repeating that mistake. We are building a new operating model: tickets get triaged automatically, and many issues get resolved before a human ever sees them. The system gets more intelligent with time, learning from patterns and fixing root causes. Security controls are enforced continuously. Compliance documentation is generated in real time. And human expertise gets applied deliberately, instead of being spread thin as default manual glue.
The hidden cost of traditional IT isn’t in the salary or in the vendor invoices. It’s in coordination. As an organization grows, more tools and more handoffs create more failure points, which creates pressure to add headcount or stack on another vendor just to keep pace. Simply put, IT costs scale faster than the organization they support. Treeline exists to break that pattern. Companies scale through systems instead of through people, and the link between organizational growth and ballooning IT spend gets severed.
This is urgent because the demands on IT infrastructure keep increasing. Security threats are escalating across the board. Compliance requirements multiply as regulations catch up to the age of AI-assisted hacking. Meanwhile, the 3 to 5 percent of revenue that goes to IT, security, and compliance becomes genuinely painful for any scaling business.
The current setup forces organizations to choose between expensive and inadequate. Build it yourself and watch costs spiral; or, outsource and accept inconsistent service. Businesses shouldn’t have to make that choice. We believe that IT infrastructure should be like electricity: reliable, scalable, something you rarely have to think about. When it actually works that way, companies can redirect the resources they used to burn on managing infrastructure toward all of the things that differentiate their business.
Treeline exists to make that real.
This newsletter is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. Furthermore, this content is not investment advice, nor is it intended for use by any investors or prospective investors in any a16z funds. This newsletter may link to other websites or contain other information obtained from third-party sources - a16z has not independently verified nor makes any representations about the current or enduring accuracy of such information. If this content includes third-party advertisements, a16z has not reviewed such advertisements and does not endorse any advertising content or related companies contained therein. Any investments or portfolio companies mentioned, referred to, or described are not representative of all investments in vehicles managed by a16z; visit https://a16z.com/investment-list/ for a full list of investments. Other important information can be found at a16z.com/disclosures. You’re receiving this newsletter since you opted in earlier; if you would like to opt out of future newsletters you may unsubscribe immediately.
This is a great illustration of a pattern I have been writing about. IT services sits in a fascinating spot on what I call the Trust-Task Matrix: most of the day-to-day work (ticket resolution, patch management, access provisioning, compliance monitoring) is high routine and moderate trust. That puts it squarely in the AUTOMATE and VERIFY quadrants, which is exactly why it is ripe for AI-native disruption.
The 40,000 fragmented MSPs with fewer than 10 employees, aging operating models, and no structural incentive to innovate is also a textbook setup for the buy-and-transform playbook. I spent two years evaluating 200+ companies in fragmented service verticals through a search fund. IT services checks every box: sticky client relationships, predictable cash flows, zero tech adoption, and owners ready to exit.
I wrote about this thesis this Monday,
including the Trust-Task Matrix framework and an argument about why the current margin assumptions are built on subsidized AI inference.
chiponmyshoulder.substack.com/p/the-16-trillion-flip
Do I need to optimize software BOMs too?