Cybersecurity leaders are grappling with the complexity, overlap and blind spots that come from using multiple cybersecurity vendors and tools. Many of the products offered by cybersecurity vendors have overlapping capabilities, making it easy for misconfigurations to occur and difficult to uncover security gaps. Consolidating cybersecurity products reduces this complexity by streamlining the number of products and their interactions, thus improving efficiency of security outcomes.

Organizations consolidate security solutions for a variety of reasons, such as lower total cost of ownership through better efficiency, improved security posture through better integration and controls coverage, or ease of procurement. Organizations tend to consolidate where they can afford to eliminate best-of-breed functionality without significant drops in efficacy.

Cybersecurity leaders can use the following three strategies to achieve cybersecurity platform consolidation.

1. Identify desired security outcomes

Communicating the objective is as important as executing the consolidation exercise. Often, CIOs and other business and technology leaders will associate a consolidation project with budget reduction. While reduction of total cost of ownership may prove to be a welcome byproduct of this exercise, most CIOs expect the budget to grow for cybersecurity.

Cybersecurity leaders must instead consolidate to simplify. Secure access through a secure access service edge or improved detection across siloed technologies using extended detection and response are two of the main consolidation projects.

2. Assess vendors and tools

Cybersecurity leaders should assess the products they are currently using and factors such as the functionality they offer, the contract duration, current spending and effort to maintain. Then, they should identify the aspects and capabilities that are important in their organization. Cybersecurity leaders should also assess alternative offerings for specific capabilities — some currently unused products may already be available with their existing licensing schemes.

SEE: Gartner Warns IAM Professionals Cyber Security Depends on Them

It is key to collect results from all possible areas and stakeholders. As cybersecurity leaders assess products, they may disregard important capabilities that are not immediately visible. A particular product might offer, for example, a user or administrator management experience or set of existing capabilities that might be hard to replace; it could offer a service where the user can contact the vendor’s resident experts to obtain guidance on specific topics. Once more, consolidation is not exclusively a cost savings exercise — the assessment exercise should capture these subtleties.

One thing in particular to evaluate is how difficult it is to remove a product or how easy it is to integrate. Oftentimes, successful proofs of concept with a single cloud instance for a product that is promising but difficult to deploy lead to that product never being deployed more widely. In the next renewal, it is dropped because of its limited usage.

3. Analyze results and identify projects

Once current and potential cybersecurity tools and vendors have been identified, their results can be analyzed. Cybersecurity leaders should identify must-have products, which may be products that contain unique features or that would be problematic to remove.

Cybersecurity leaders should also identify which capabilities they have multiple products in place for. There may be products from strategic vendors in place that can be added or maintained, and ones that can be removed. These sort of considerations can help identify the most feasible projects to conduct first and execute on them.

Consolidation will be easier in more mature technology areas. And while the industry may be ready for consolidation, not every organization will be at that level of maturity. Organizations typically consolidate once they have a few stand-alone components that can be consolidated in a platform in place, rather than adding brand new functionalities as part of a platform.

Once cybersecurity leaders have identified and begun a consolidation project, they should keep in mind that consolidation is not a finite exercise. Potential subsequent consolidation projects and their compatibility should be accounted for. Cybersecurity leaders can then make sure the components they are replacing have stand-alone products that can interoperate — for example, by exposing application programming interfaces — with other products and vendors in the future.

 

Dionisio Zumerle is a VP Analyst at Gartner where he covers application and mobile security, as well as emerging technology areas, such as application security posture management and the consolidation of cybersecurity platforms.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday