Research Firm Provides Advice For Planned Security Platform Consolidation
Research firm Gartner predicts a consolidation of security platforms as enterprise security and risk management (SRM) teams face a confluence of factors that make their jobs difficult.
“Security and risk management leaders continue to be challenged to do more with less – in the face of increased demand for services, rapidly changing threat environments and insufficient technical talent,” said Gartner in last month’s report titled “Predicts 2022: Consolidated Security Platforms Are the Futures.” This research predicts that platform consolidation will help organizations of SRM leaders thrive in hostile environments. ”
In precise figures, the company’s report is based on these strategic planning assumptions:
- By 2025, 80% of organizations will have adopted a strategy to unify access to the web, cloud services and private applications from a single vendor’s Security Service Edge (SSE) platform.
- By 2025, 30% of enterprises will have adopted a Data Security Platform (DSP), due to pent-up demand for higher levels of data security and rapidly increasing product capabilities.
- By 2025, 70% of organizations will pool the number of vendors securing the lifecycle of cloud native applications to a maximum of three vendors.
- By 2027, 50% of mid-market security buyers will leverage Extended Discovery and Response (XDR) to consolidate workplace security technologies, such as endpoints, cloud, and identity.
In fact, according to Gartner, the movement is already well underway, with a 2020 poll of 83% of organizations pursuing a vendor consolidation strategy indicating that efforts have been underway for at least a year.
The company sees SRM vendors taking two different approaches to consolidation, a platform approach in which different systems and features are integrated, and a portfolio approach in which packaged products are delivered, requiring little integration with other computer systems.
- Take advantage of interdependencies and commonalities between adjacent systems
- Integration of consoles for common functions
- Support the organization’s business goals at least as effectively as the best ones
- Integration and operational simplicity also help meet security goals.
- Leverage set of products not integrated or slightly integrated into a purchasing package
- Several consoles with little or no integration and synergy
- Legacy approach in a provider wrapper
- Will not fulfill any of the promised benefits of consolidation
“The differentiation between these approaches is the key to the effectiveness of the suite, and vendor marketing will always say they are a platform,” the report says. “When you are evaluating the products, you should consider how well the consoles are integrated for the management and monitoring of the consolidated platform. Additionally, assess how security elements (such as data definitions, malware engines) and more can be reused without being redefined, or can be applied across multiple domains transparently. Multiple consoles and multiple definitions warn that this is a portfolio approach that needs to be carefully evaluated. ”
The platform / portfolio bifurcation constitutes one of the main lessons of the report, the other three are:
- Driven by the need to reduce complexity, exploit commonalities and minimize management overheads, the convergence of security technologies is accelerating in several disciplines.
- Organizations are working or plan to work on vendor consolidation strategies; it is a long term project for most of them, as it is often a big architectural change.
- Technological consolidation is not limited to one technological area or even to a set of closely related technologies; these consolidations occur in parallel in many security domains.
“Security technologies and mindsets have continually oscillated between best solutions and platform solutions (although the latter have too often been a marketing construct, more than an actual approach),” said Gartner. “This oscillation is driven by purchasing centers, supplier preferences and technical requirements. It has left organizations and security and risk management (SRM) leaders with massive technical debt and often fragmented and complicated infrastructure that does not help an organization’s mission to enable its digital. Such infrastructures are difficult to manage, limit visibility into the real state of security, and have created gaps between silos or inconsistent policies.
Report recommendations for businesses include:
- Evaluate the security platforms where they share data and control plans; leverage this consolidation to define common policies and reduce the gaps and vulnerabilities between existing silos.
- Assess your security needs for outbound communications and determine where cloud-managed solutions match your risk and business profiles.
- Inventory data security controls to implement a multi-year phase-out of siled data security tools that hold you back when you need to leverage your data for the benefit of a modern data security platform.
Implement an integrated, converged security approach that spans the entire lifecycle of cloud native applications, from development to production. Evaluate the gathered workspace security packages by extensive detection and response as an effective way to reduce the complexity of security operations.
The report incorporated research (Gartner’s ‘2020 Security and IAM Solution Adoption Trend Survey’) that was conducted online in March and April 2020 with 405 respondents from North America, Western Europe and the Asia / Pacific (APAC).
David Ramel is editor and writer for Converge360.