Consolidation Conundrum: Navigating Aging Tech in the Digital Era

Security Infrastructure: Keep it, Tweak it, Trash it – What to do with Aging Tech in an Era of Consolidation

The Trend of Security Vendor Consolidation

In recent years, security vendor consolidation has become a growing industry trend. Organizations are increasingly seeking to improve security efficiency and effectiveness while also reducing costs. A survey conducted by Gartner found that in 2022, 75% of organizations were pursuing security vendor consolidation, a significant increase from 29% in 2020. With limited budgets and pressure to do more with less, businesses are looking for ways to justify costs and streamline their security operations.

The Challenge of Consolidation in Modern Enterprises

Consolidating security tools is particularly challenging in large, modern enterprises that have atomized networks consisting of various types of environments such as IT, cloud, and operational technology (OT). Each environment often operates under different teams using different network traffic monitoring and security tools. While some of these tools may appear to be “free” as they are provided by cloud providers or services, the truth is that there is always a tradeoff. These tools require significant time and effort to use, manage, and maintain, which results in labor-intensive and costly operations.

Moreover, using diverse tool sets across different environments makes it difficult to gain a clear, big picture view of security events and incidents happening across the organization. This lack of integration leads to operational inefficiencies and increases the time to detect and respond to security breaches. In the realm of cybersecurity, time is of the essence, and the longer an attacker goes undetected, the more damage they can potentially inflict.

The Objectives and Opportunities in Consolidation Efforts

Survey data from Gartner reveals that organizations predominantly consolidate their security tools to improve risk posture, with only a smaller portion (29%) doing so to reduce licensing costs. This provides security organizations with the opportunity to focus on what will deliver the greatest value in terms of risk reduction while also decreasing the number of different security tools being used.

When considering consolidation efforts within the context of atomized networks and the broader objectives of the organization, there are opportunities to enhance security posture and find a path forward. The consolidation process involves decisions about whether to keep, tweak, or trash specific technologies.

Recommendations for Consolidation

Keep it

Organizations should keep the tools that make life easier for their security teams and that consolidate a significant portion of their infrastructure. A thorough assessment is needed to identify the tools that simplify security operations and effectively decrease the time to detect and respond to incidents. By leveraging these tools to their maximum potential, organizations can achieve the greatest impact in terms of security efficiency and effectiveness.

Tweak it

For tools that come close to meeting the organization’s needs but may not be fully utilized across different teams or environments, it is recommended to tweak them to enable consolidation. These tools can be brought into a platform that facilitates easy integration and collaboration, allowing teams to share context and drive operational efficiencies. With a common language and a unified view of the environment, teams can gain a better understanding of what is happening and use the platform to perform their specific job functions. This approach maximizes the value derived from these tools and offers a significant return on investment.

Trash it

Tools that are cumbersome to use and create operational difficulties should be discarded. The total cost of ownership, including the time and effort required to use these tools, should be carefully evaluated. Even if a tool is “free,” it may still impose costs in terms of operational inefficiencies. However, caution should be exercised not to leave gaps in defenses when getting rid of a tool. Organizations should consider whether the functionality provided by the tool can be replaced by another with some tweaking or if a new tool is required to bridge any potential gaps. The primary objective of consolidation is to improve security posture, and eliminating important functions without suitable replacements would be counterproductive.

Editorial: Striking the Right Balance in Security Infrastructure

The growing trend of security vendor consolidation is a response to the need for improved security efficiency while reducing costs. However, organizations should be cautious not to sacrifice the effectiveness of their security measures in the pursuit of consolidation. The key is to strike the right balance between cost reduction and risk reduction.

Consolidation should be approached strategically, assessing each tool’s value and its contribution to security operations. While reducing the number of security tools is desirable, the primary focus should be on consolidating tools that simplify operations and decrease the time to detect and respond to security incidents. This ensures that the organization achieves a tangible improvement in its security posture.

Additionally, organizations should prioritize integration and collaboration between different teams and environments. A platform that enables sharing of context and information across teams can provide a unified view of the organization’s security landscape. This promotes better understanding, cooperation, and coordination, ultimately leading to more effective security operations.

However, organizations must carefully consider the potential gaps left by discarding tools. While it may be tempting to remove painful or underperforming tools, it is crucial to ensure that essential functions are adequately replaced. Otherwise, the organization may inadvertently weaken its security defenses.

Ultimately, the goal of security infrastructure consolidation should be to enhance security efficiency, effectiveness, and overall posture. This requires striking the delicate balance between reducing costs and ensuring that the organization is adequately protected against evolving threats.

Philosophical Discussion: The Ethics of Consolidation and the Cost of Security

Security vendor consolidation raises ethical considerations regarding the tradeoffs between cost reduction and risk management. On one hand, companies are under financial pressure to cut costs and justify security expenditures. Consolidation offers a potential solution to achieve these goals. However, there is a danger of sacrificing security effectiveness by focusing solely on cost reduction.

The perception that some tools are “free” may lead organizations to underestimate the hidden costs associated with their usage. Labor-intensive work, such as managing and maintaining multiple tool sets, consumes valuable resources that could be better allocated elsewhere. Furthermore, the time required to detect and respond to security events can have severe consequences for an organization. The longer an attacker goes undetected, the more damage they can cause. Therefore, the cost of time must also be considered when evaluating the value of security tools.

From a broader ethical standpoint, organizations have a responsibility to protect the data and privacy of their customers, employees, and partners. Any reduction in security effectiveness, driven by consolidation efforts, may compromise this responsibility. It is crucial to strike the right balance between cost reduction and risk management to ensure that the ethical obligations of the organization are met.

Advice: Navigating the Consolidation Conundrum

For organizations navigating the consolidation conundrum, there are several key pieces of advice to consider:

• Conduct a thorough assessment: Evaluate the value and impact of each security tool and its contribution to security efficiency and effectiveness. Identify the tools that simplify operations and decrease the time to detect and respond to incidents.
• Focus on risk reduction: Prioritize tools and strategies that improve the organization’s risk posture. While cost reduction is important, the primary objective should be to enhance security effectiveness.
• Promote integration and collaboration: Seek a platform that enables seamless integration of tools and facilitates collaboration between different teams and environments. This promotes better coordination and understanding of security events.
• Consider the hidden costs: Evaluate the labor intensity associated with managing multiple tool sets and the time required to detect and respond to security events. These costs should be factored into the overall assessment of a tool’s value.
• Ensure essential functions are covered: When discarding tools, carefully consider the potential gaps that may be created. Determine if the functionality can be adequately replaced by tweaking existing tools or if new tools are required.
• Strike a balance between cost reduction and risk management: Consolidate strategically, keeping in mind the ethical obligations of the organization to protect data and privacy. Avoid sacrificing security effectiveness solely for the sake of cost reduction.

By following these recommendations and considering the broader ethical implications, organizations can navigate the consolidation conundrum and achieve a more streamlined and effective security infrastructure.