It is a common saying that too much of a good thing can sometimes become a bad thing. Such is the case in what Gartner found in its 2020 CISO Effectiveness Survey. In their responses, 78% of CISOs reported having 16 or more tools in their portfolio of cybersecurity vendors. Even more concerning is that 16% responded that they had 46 or more tools in their cybersecurity vendor portfolios.
Having too many security vendors typically results in complex security operations and added expense. It becomes costly to maintain numerous tools with increased security headcount along with the costs paid to the vendors. Today, many organizations recognize the need for vendor consolidation as the way to reduce their costs and improve security.
Interest in Vendor Consolidation is Growing
Gartner’s survey found that 80% of the organizations surveyed were interested in developing a vendor consolidation strategy. Much of the impetus behind this trend is to save money. Most organizations will likely find that with consolidation, that it is typically more achievable to streamline their operations and reduce their security risk along the way.
As interest continues to grow, larger security vendors are beginning to meet the call with better-integrated products. However, despite the trend for consolidation, it still presents a challenge for many organizations. And, most notedly, it often takes years to roll out.
Best Practices for Vendor Consolidation
When considering vendor consolidation, organizations need to view their cybersecurity vendor portfolios from a total quality management perspective. Here are several points that should be considered by organizations when developing their vendor consolidation strategies:
- Choose two major vendors for their security infrastructure as a failsafe in the event one breaks away or closes down.
- Use strong players that have a proven history and track record.
- Stick with providers with crypto-agile solutions to maintain their infrastructure even in the advent of quantum computers.
- Ensure that the chosen vendors are solution agnostic, meaning that they can service all major cloud and data center applications, including IBM mainframes and major cloud providers like AWS, Google, and MS Azure / MS Dynamics.
Lessening the Challenges of Vendor Consolidation
In a world where time is money and the increasing need for cybersecurity continues to grow, a solution is needed to improve the process of vendor consolidation. It is obvious that consolidation works best when the security solutions integrate seamlessly and allow for centralized key management, central roots of trust, and centralized logging and auditing.
Utimaco serves as a cornerstone in corporate and governmental security infrastructures.
Utimaco is one of the top 3 HSM-based security solution providers in the world. As provider of a broad and integrated portfolio of security solutions ranging from HSMs to secure 5G, Utimaco protects systems and data from malicious or accidental breach. Crypto-agile solutions enable seamless data security and privacy over time, even beyond the advent of post quantum solutions. Having pioneered secure banking since the 1970s, with experience and exposure to governments, banks, and vital infrastructure across the globe.
Blog post by Dawn Illing