Seven vendors.
Twelve factories.
£2M+ back on the
annual bill.
A global aerospace manufacturing group running twelve factories across five countries had an IT estate nobody could fully account for: ~140 budget line items, seven overlapping security vendors, and a connectivity bill that had never been properly challenged. This is what happened when the bureau took it over.
Relevant if: your IT spend has grown organically and nobody’s mapped the full picture.
Diagram showing 7 security vendors consolidated into Microsoft E5, with £2M+ in annual savings across the global aerospace IT estate.
Seven vendors.
One problem.
“Seven security vendors on the books. Three of them doing the same thing. Nobody sure which contract was the primary one.”
The group had grown by acquisition. Each factory had its own inherited IT estate. Darktrace, Varonis, Mimecast, Sophos, and Nexthink were all on the books: each doing something related to security, each with its own contract cycle, each costing real money every year. The total licence bill was running at £873k/year. Not because the group needed that much security software, but because nobody had ever sat down and drawn out what they actually had.
Connectivity was worse. A legacy MPLS network was costing £186k/year to link the sites. It was the infrastructure choice that made sense a decade ago. It hadn’t been challenged since. The factories in France, Poland, India, and China were all paying premium rates for connectivity that could be replaced for a fraction of the cost.
The IT budget had ~140 line items spread across ~20 vendors. Nobody had a clean picture of the whole thing. The complexity had become the problem.
One operator.
Full ownership.
The engagement started with a full inventory of the IT estate: every contract, every vendor, every line item on the budget. That audit produced the complete picture nobody had assembled before: ~140 items, ~20 vendors, and a clear map of where the overlap was.
From there, the work fell into two tracks. The first was the licence consolidation: identifying which of the seven security vendors could be retired once Microsoft E5 was properly deployed. E5 includes native equivalents of each eliminated tool. The group had been paying for both. The consolidation plan was structured around contract expiry dates, so no vendor was exited early at penalty cost.
The second track was connectivity. The case for replacing the MPLS network with SD-WAN on Ubiquiti hardware was built as a formal business case with CEO-level sponsorship. The full transformation programme was documented, scoped with a £220k budget, and projected to deliver £500k+ in savings within 24 months, a target it exceeded.
A distributed team of 15 personnel across the five-country estate was managed throughout, using async Kanban and a site-by-site delivery schedule. Each vendor transition had its own authored business case so the decision-making trail was documented at every step.
Seven vendors
into one
Darktrace, Varonis, Mimecast, Sophos, and Nexthink all retired via native Microsoft E5 capabilities. Each exit timed to contract end dates: no early termination penalties. A 3-year phased exit plan across all licence transitions.
MPLS out.
SD-WAN in.
Legacy MPLS network replaced with Ubiquiti SD-WAN across all twelve factories in the UK, France, Poland, India, and China. The hardware was deployed factory by factory to zero business disruption targets.
CEO-sponsored
transformation
A formal IT transformation programme authored with £220k budget, £500k+ projected savings target within 24 months, and CEO-level sponsorship. Managed with a distributed global team of 15 across five countries via async Kanban.
Complexity
hides the bill.
The headline from this engagement isn’t the number. It’s the reason the number existed in the first place. A global group was paying for seven security vendors because nobody had ever assembled the full inventory. Not because the spend was invisible, but because the budget had grown organically, acquisition by acquisition, and the people signing individual contracts never saw the others. Complexity is how overspend hides. The fix isn’t clever. It’s an audit and a spreadsheet.
This is the largest engagement in the track record; most Orchestrix work is sized for small UK businesses, but the method is the same, just scaled differently. Whether it’s a 5-person firm running three overlapping subscriptions or a global group running seven overlapping security vendors, the first step is identical: build the full inventory, find the overlap, and sequence the exits. The savings are proportional to the mess, not to the headcount.
Questions raised.
- I’m a 10-person business. How is this relevant to me?
- It’s relevant because the method is identical: map what you have, find what’s overlapping or overpriced, build the exit plan, execute it. At 10 people the numbers are smaller and the timescale is weeks, not years. But the diagnostic discipline is the same. This case is in the file as authority proof: it shows the methodology works under real enterprise pressure, not just in spreadsheet theory.
- Does Orchestrix only do large IT transformation programmes?
- No. The aerospace engagement is the largest in the track record and deliberately unusual. Most Orchestrix work is sized for small UK businesses: operational audits, automation builds, HRIS consolidations, managed hosting migrations. The aerospace case is published because the outcome is extraordinary, not because it’s the typical engagement.
- How long did this take?
- The full transformation programme ran over two years, which is right for a global manufacturing group across five countries. A licence audit and consolidation for a small UK business typically takes weeks, not years. The duration scales with the complexity of the estate and the number of live vendor contracts that need timing against their natural expiry dates.
- Can Orchestrix really handle enterprise-scale engagements solo?
- The aerospace engagement was managed as a distributed programme with a global team of 15 personnel, using async Kanban and formal business case authorship per vendor transition. The operator role was programme lead and decision-maker, not staff. It’s the same model Orchestrix uses at SMB scale: one person who understands the full picture, directing the right specialists for each workstream.
Got a similar mess?
Let’s talk.
If you suspect your IT spend is hiding overlap, or you’ve never actually mapped the full stack, the 15-minute triage is the right first step. Free, no pitch, honest answer on whether an audit makes sense.