Consolidating Security Tools: a Strategic Move for Small Firms, Recession or Not

Consolidation of Security Tools and Vendors: A Strategic Move for Small and Midsize Businesses

Overview

The ongoing economic uncertainty and the need to navigate the challenges posed by the pandemic have prompted not only enterprises but also small and midsized businesses (SMBs) to prioritize consolidating their security tools and vendors. According to a recent survey by OpenText, 86% of SMB customers who use managed security service providers (MSSPs) are looking to reduce their current portfolio of security tools. The motivations behind this consolidation effort include cost reduction (28%) and simplifying complex security environments (26%).

Consolidation offers benefits for both businesses and service providers. For businesses, working with fewer vendors and utilizing a streamlined set of security tools means simplified billing and greater ease of management. Service providers, on the other hand, can attract businesses that lack the necessary resources to purchase and manage multiple tools.

Current Trends

The consolidation of vendors in the security industry has become a major trend in response to the rapid shift towards cloud services during the pandemic. By mid-2022, three-quarters of companies are planning to reduce the number of security vendors they use, compared to only 29% in 2020. The top strategies being explored by companies include reducing non-essential spending (43%), re-evaluating vendors (30%), and decommissioning infrastructure (29%), as reported by Spiceworks Ziff Davis’s “2023 State of IT” report.

Despite a temporary reprieve in the dark economic forecast, efforts to cut costs remain strong. A majority of economists (59%) polled in May still predict that the US would enter a recession in the next 12 months. However, poor-performance predictions have remained unfulfilled as employment numbers and the stock market continue to resist a downturn. Some experts even argue that the recession that was expected does not seem to be materializing due to various factors.

Optimizing Vendors and Security Services

While economic risks have contributed to concerns over IT and IT-security budgets, the desire to simplify and reduce the cost of security operations within companies has its origins independent of economic factors. Even before the pandemic, security leaders were expressing concerns about having too many security tools and products, driven by the need for simplification and portfolio rationalization.

According to Jeff Pollard, vice president and principal analyst at market intelligence firm Forrester Research, the motive behind reducing the number of security products is not solely economic. It is also driven by the need to simplify technology and streamline security controls. Companies aim to optimize their security operations through two approaches: outsourcing to service providers to overcome a shortage of security workers, and adopting all-in-one suites from a single vendor to benefit from reduced licensing costs and a more holistic security approach.

Gartner, a business intelligence firm, concurs with the need for optimization in security operations. Most midsized enterprises (MSEs) are seeking to reduce the number of vendors, but rather than focusing solely on consolidation, they are looking to optimize their security operations. This optimization includes improving architecture and integration strategies, vendor management, workforce management, and overall cost reductions. Currently, 68% of MSEs are actively pursuing security-vendor reduction strategies, while the remaining third have plans to simplify their security systems in the near future.

Challenges and Benefits

Reducing the number of security products and vendors is not without challenges. Licensing issues can arise, especially if a company has long contract periods with multiple vendors. Additionally, products from the same vendor do not always seamlessly integrate with one another. Adopting an integrated product requires the security team to learn a new system, which can delay efficiency gains. However, companies are making progress in this area.

According to Ben Pippenger, chief strategy officer at Zylo, a SaaS management platform, companies that pursue consolidation have seen IT security costs decrease by more than 2%. Moreover, data security costs have been reduced by a quarter, and identity management costs have shrunk by more than a third. Pippenger highlights the presence of redundancy within security categories, citing cloud identity and access management as one of the top redundant software functions. He suggests that while security is crucial for businesses, consolidation can still bring significant benefits.

Editorial: Finding the Balance between Consolidation and Diversity

The drive to consolidate security tools and vendors in the pursuit of cost reduction and simplified management is a response to the economic uncertainties caused by the pandemic. However, it is important for businesses to strike a balance between consolidation and diversity.

While consolidation offers benefits such as streamlined management and reduced costs, it also introduces risks. Relying on a single vendor or a limited set of security tools can create a single point of failure. If a vendor experiences a security breach or a tool becomes compromised, the impact can be much more significant.

Moreover, having a diverse set of security tools and vendors can provide a more robust defense against evolving threats. A mix of different tools with complementary capabilities can enhance the effectiveness of a company’s security posture. It is crucial to carefully evaluate the consolidation strategy and ensure that the chosen vendors and tools align with the company’s specific security needs and risk profile.

Advice for Small and Midsize Businesses

For small and midsize businesses seeking to consolidate their security tools and vendors, it is important to approach the process thoughtfully. Here are some key considerations:

1. Assess Your Security Needs

Begin by conducting a comprehensive assessment of your organization’s security needs. Identify the specific risks and vulnerabilities that you need to address. This assessment should take into account your industry, regulatory requirements, and unique business operations.

2. Evaluate Vendor Capabilities and Integration

When considering vendors, assess their capabilities, track record, and reputation in the industry. Look for vendors who can provide integrated solutions or have a proven track record of seamless integration with other tools. Ensure that the tools you select offer the necessary functionalities to address your organization’s specific security needs.

3. Consider Redundancy and Single Points of Failure

While consolidation can streamline management and reduce costs, be mindful of the potential risks associated with relying on a single vendor or a limited set of tools. Assess the redundancy and resilience of the chosen solutions to mitigate the risks of a single point of failure. Consider having backup systems and contingency plans in place to ensure business continuity and minimize disruptions.

4. Plan for Training and Implementation

Consolidating security tools can require training and adjustments to existing processes. Ensure that your organization has a plan in place to train employees on the new tools and systems. Allocate sufficient time and resources for smooth implementation and transition.

5. Regularly Review and Reassess

Consolidation is not a one-time process. Regularly review and reassess your security infrastructure to ensure it aligns with your evolving business needs and the ever-changing threat landscape. Stay informed about emerging technologies and security trends to make informed decisions about optimizing your security operations.

In conclusion, the consolidation of security tools and vendors is a strategic move by small and midsize businesses aiming to reduce costs and simplify their security operations. It is essential to strike a balance between consolidation and diversity, ensuring that the chosen vendors and tools align with the organization’s specific needs and risk profile. By carefully evaluating and implementing a consolidation strategy, businesses can enhance their overall security posture while navigating the challenges of an uncertain economic landscape.