Securing an organization is an increasingly complicated task. To illustrate, I was listening to a podcast where a group of CISOs were discussing this very complexity and the challenge it presents to organizations. They argued that the mindset to date has been to purchase the next best-of-breed tool for the latest attack vector and keep going until all of them are covered. Besides being expensive, this route is exhausting, but so far, a reactive train of thought has prevailed.
However, mindsets are shifting.
How Did We Get Here?
My path in cybersecurity began in 2009 when I joined one of the largest cybersecurity vendors in the United States. At that time, there were only about 2,000 vendors in the industry and IT estates were mostly on-premises. Cloud service providers like AWS and Azure were still in their infancy. Even back then, there were always new attack vectors and tactics that drove new categories of tools.
However, with the adoption of the cloud came even more attack vectors, more tactics, and more categories of solutions needed to secure them. Today there are about 4,000 vendors with varying portfolios designed to solve any number of problems. Some are extensive and others provide a single niche solution, but there are certainly 20 available tools for any one problem today.
That would seem to make things better, but as anyone with vendor overwhelm (or even shelfware) can attest; it does not.
The panelists all agreed that the absurd number of tools in the industry today has caused significant confusion. What does each tool do exactly? What do you do when two tools seem to provide the same thing, but other things as well? And as more (and cheaper) technologies pop up, “best-of-breed” solutions drop down the priority list when it comes to choosing a security control.
Shifting Mindset: From Multiple Tools to Interoperability
For years there was a mindset of purchasing best-of-breed tools to solve a specific problem or address a specific use case. The challenge with that approach was that new tools needed to be stitched together with the other tools and telemetry data to achieve context and get a prioritized set of actionable insights.
Not to mention the training involved in managing that new tool and possibly the professional services required as part of its ongoing use. Then, there is the issue of employee turnover as the person who knew the new tool best eventually moved on to another organization, leaving the tool unmanaged, of limited use, or potentially becoming shelfware.
The only way to address this is for organizations to evolve their strategies to consolidate vendors in favor of interoperability.
The Benefits of Vendor Consolidation
Security vendor consolidation provides many benefits.
Near the top of that list is the reduced operational burden. One of the ways this manifests itself is in the form of fewer product training courses that your staff need to attend. Instead, your staff can focus on fully learning fewer tools and leveraging those to address a broader set of use cases.
Another benefit is interoperability. Fewer tools mean less work is required to share data sets. This is key. The ability of an organization to get timely, actionable insights is critical. This allows security leaders to focus their efforts on things that will yield the highest impact for the business.
A third benefit is the relationship that can be built between you and your vendors. A strong, symbiotic relationship enables you to get the maximum value out of your security stack as the vendor can craft their innovation efforts to meet your evolving needs.
Developing an IT Consolidation Strategy: What Security Leaders Should Do
Many organizations have already begun reducing the number of vendors they work with or are making plans to do so. According to our inaugural State of Cybersecurity Survey, consolidating vendors is a high priority for two-thirds of global IT decision-makers. There is no magic formula for the perfect number of vendors, so it’s up to the organization to understand the use cases and outcomes they want to achieve. Then, they’ll need to figure out which tools they can prune (and still achieve those outcomes), and which solutions are now needed to fill the gaps.
Fortra provides consolidated vendor options so organizations can cleanly and leanly fill all their security needs with best-of-breed vendors housed under the same roof. This means common policy management, a common customer experience, and unrivaled cross-correlation of threats powered by the kind of multi-vector security required to protect today’s modern enterprises.
Fortra Is Here to Help
Contact us to explore the advantages of cybersecurity vendor consolidation.