Cybersecurity leaders are grappling with the complexity, overlap, and blind spots that arise from using multiple cybersecurity vendors and tools. Many of the products offered by cybersecurity vendors have overlapping capabilities, making it easy for configuration errors to occur and difficult to discover security gaps. Consolidating cybersecurity products reduces this complexity by optimizing the number of products and their interactions, thereby improving the efficiency of security outcomes.
Organizations consolidate security solutions for a variety of reasons, such as lower total cost of ownership through improved efficiency, better security posture through better integration and controls coverage, or ease of acquisition. Organizations tend to consolidate where they can afford to eliminate best-of-breed functionality without significant drops in effectiveness.
Cybersecurity leaders can use the following three strategies to achieve cybersecurity platform consolidation.
1. Identify desired security outcomes
Communicating the objective is as important as executing the consolidation exercise. Often, CIOs and other business and technology leaders will associate a consolidation project with a budget reduction. While lower total cost of ownership may be a welcome byproduct of this exercise, most CIOs expect the cybersecurity budget to grow.
Instead, cybersecurity leaders must consolidate to simplify. Secure access through a secure access service edge or enhanced detection through isolated technologies using extended detection and response are two of the main consolidation projects.
2. Evaluate providers and tools
Cybersecurity leaders should evaluate the products they currently use and factors such as the functionality they offer, contract duration, current spend, and maintenance effort. Then, they must identify the aspects and capabilities that are important in their organization. Cybersecurity leaders should also evaluate alternative offerings for specific capabilities: some currently unused products may already be available with their existing licensing schemes.
SEE: Gartner warns IAM professionals that cybersecurity depends on them
It is key to collect results from all possible areas and stakeholders. When cybersecurity leaders evaluate products, they may ignore important capabilities that are not immediately visible. A particular product might offer, for example, a user or administrator management experience or a set of existing capabilities that might be difficult to replace; could offer a service where the user can contact the provider's resident experts for guidance on specific topics. Again, consolidation is not exclusively a cost-saving exercise: the evaluation exercise must capture these subtleties.
One thing to evaluate in particular is how difficult it is to remove a product or how easy it is to integrate it. Often, successful proofs of concept with a single cloud instance for a product that is promising but difficult to deploy leads to that product never being deployed more widely. In the next renewal, it will be removed due to limited use.
3. Analyze results and identify projects
Once current and potential cybersecurity tools and vendors have been identified, their results can be analyzed. Cybersecurity leaders must identify must-have products, which may be products that contain unique features or that would be problematic to remove.
Cybersecurity leaders must also identify which capabilities they have multiple products for. There may be products from strategic suppliers that can be added or maintained, and others that can be removed. These types of considerations can help identify the most feasible projects to do first and execute them.
Consolidation will be easier in more mature technology areas. And while the industry may be ripe for consolidation, not all organizations will be at that level of maturity. Organizations typically consolidate once they have some independent components that can be consolidated into a platform, rather than adding entirely new functionality as part of a platform.
Once cybersecurity leaders have identified and initiated a consolidation project, they should keep in mind that consolidation is not a finite exercise. Possible subsequent consolidation projects and their compatibility must be taken into account. Cybersecurity leaders can then ensure that the components they are replacing have independent products that can interoperate (for example, exposing application programming interfaces) with other products and vendors in the future.
Dionisio Zumerle is a vice president analyst at Gartner, where he covers mobile and application security, as well as emerging technology areas such as application security posture management and cybersecurity platform consolidation.
