3 actions to achieve cybersecurity integration

cyber security Leaders are struggling to address the complexity, overlap, and blind spots that come with using multiple cybersecurity vendors and tools. Many products offered by cybersecurity vendors have overlapping functionality, which makes configuration errors easy to occur and security gaps difficult to detect. Consolidating cybersecurity products can reduce this complexity by streamlining the number of products and their interactions, thereby improving the efficiency of security outcomes.

Organizations consolidate security solutions for a variety of reasons, such as reducing total cost of ownership through increased efficiency, improving security posture through better integration and control coverage, or simplifying procurement. Organizations tend to consolidate where they can afford to eliminate the best capabilities without significantly reducing efficacy.

Here are three strategies cybersecurity leaders can use to achieve cybersecurity platform consolidation.

1. Determine the desired safety outcome

Communicating goals is just as important as executing the integration effort. Often, CIOs and other business and technology leaders tie integration projects to budget cuts. While a reduction in total cost of ownership may be a welcome byproduct of the exercise, most CIOs expect cybersecurity budgets to increase.

Cybersecurity leaders must simplify through consolidation. Enabling secure access through a secure access service edge or improving detection in siloed technologies using extended detection and response are two major consolidation projects.

2. Evaluate vendors and tools

Cybersecurity leaders should evaluate the products they are currently using and the features they offer, contract lengths, current spend, and maintenance efforts, among other factors. They should then identify the areas and capabilities that are important to their organization. Cybersecurity leaders should also evaluate alternative products for specific capabilities—some products not currently in use may already be available through their existing licensing schemes.

look: Gartner warns IAM professionals that cybersecurity depends on them

It’s critical to gather results from all possible areas and stakeholders. Cybersecurity leaders may overlook important capabilities that aren’t immediately visible when evaluating products. For example, a particular product may offer a user or administrator management experience or existing feature set that’s hard to replace; it may offer a service that lets users contact the vendor’s resident experts for guidance on specific topics. Once again, consolidation is more than just a cost-saving exercise—assessment activities should capture these nuances.

One thing to evaluate in particular is how difficult it is to remove a product or how easy it is to integrate. Often, a successful proof of concept using a single cloud instance for a promising but difficult to deploy product results in the product never being more widely deployed. At the next renewal, the product is abandoned due to its limited use.

3. Analyze results and determine projects

Once current and potential cybersecurity tools and vendors are identified, the results can be analyzed. Cybersecurity leaders should identify must-have products, which may be products with unique capabilities or products that are difficult to remove.

Cybersecurity leaders should also determine what capabilities they have across multiple products. There may be products from strategic vendors that can be added or maintained, and there may be products that can be removed. These considerations can help identify the most actionable projects and execute those first.

Integration will be easier in more mature technology areas. While the industry may be ready for integration, not every organization has reached this level of maturity. Organizations often integrate after they have a few independent components that can be integrated into the platform, rather than adding entirely new capabilities as part of the platform.

Once cybersecurity leaders identify and begin integration projects, they should keep in mind that integration is not a finite activity. Potential follow-on integration projects and their compatibility should be considered. Cybersecurity leaders can then ensure that the components they are replacing have independent products that can interoperate with other products and vendors in the future (e.g., by exposing application programming interfaces).

Dionisio Zummer is a Vice President Analyst at Gartner covering application and mobile security as well as emerging technologies such as application security posture management and network security platform integration.