CFOtech New Zealand - Technology news for CFOs & financial decision-makers
Story image
Yesterday

Organisations today face an increasingly sophisticated, dynamic cyber threat environment, with the number and effectiveness of attacks rising as malicious actors adopt ever more insidious techniques to breach environments. Our recent CyberArk Identity Threat Landscape Report (May 2024) found that 99% of Australian organisations faced multiple identity-related breaches last year, ranking the country as the second most breached nation for credential theft, and third-party and supply chain breaches.

Additionally, research undertaken by specialist IT research and advisory firm ADAPT across the chief information officers (CIO), chief information security officers (CISO) and chief data officers (CDO) communities reveals many organisations are not positioned or equipped to rise to the cybersecurity challenge. Despite "building secure and trusted organisations" being a top priority across these cohorts, two-thirds of CISOs say they do not have the tools and resources to achieve world-class results. To do so, they need a budget increase of, on average, 41%.

In addition to citing a need for an increased budget, CyberArk's research found that 81 percent of Australian organisations are overwhelmed by working with more than 31 security vendors. A third of them rely on over 50. Indeed, Australia also ranks among the world's heaviest cloud users for both SaaS applications and infrastructure. 

So, how can organisations enhance their cybersecurity maturity? One key route is to reduce the complexity of organisations' security tech stacks by consolidating vendors, business partners and cybersecurity tools to reduce complexity and streamline administration. 

The rationale is straightforward: The overwhelming number of cybersecurity tools is hindering effective management. Instead of focusing on implementing best practices, security teams are bogged down by the time and resources needed to integrate and manage various products, stakeholders, vendors, and partners. Additionally, managing multiple contracts adds to the administrative burden. With vendors operating on different agendas, establishing a 'single pane of glass' management console becomes impossible for organisations. 
   
That's not to say you should be moving to a single platform. None are yet available that meets all cybersecurity requirements. However, organisations must evaluate the benefits of consolidating to as few platforms as possible. Take the example of the benefits companies gained from such an exercise several years ago when they consolidated to core platforms in the ERP and CRM areas of the business. Through a security lens, such consolidation could be done around identity, network security and more. 

Of course, analysing how you might consolidate should extend to considering the dependencies created by using a couple of vendors versus several, as well as the risk of overreliance on core vendors and the potential commercial benefit of having a larger volume with a particular vendor. There is also the issue of considering the possible gaps and weak links between the multiple tools, with the handover between those tools also presenting a security risk.      

In-house teams need to ask themselves whether every vendor they are using will likely be around in five years and whether each vendor has a sustainable business model, including healthy investment in R&D.  

An openness to establishing sound relationships with vendors should be a priority. Vendor relationships are often undermined by perception-driven engagement, where preconceived ideas limit innovation and partnership. A more productive approach is to fully understand a vendor's track record, capabilities and technologies to identify how to maximise the value of the relationship. 

Compliance, zero trust frameworks and defence in-depth key drivers
Compliance is a powerful driver for cybersecurity consolidation as organisations demonstrate rigorous forensic reporting to satisfy regulators. Achieving this is highly complex when using multiple tools, with teams extracting data held in different formats using different interfaces. Consolidation can enable organisations to standardise, slice and dice data to fulfil regulatory and general business requirements more easily. 

Another surprisingly powerful driver of consolidation is the adoption of zero trust frameworks. Not only are they an effective way of reducing the risks presented by the modern threat environment, but as organisations identify the requirements of these frameworks, they can better identify the platforms that can most effectively support least-privilege per request access decisions for data and systems. 

How should you go about it?

  • Map the Entire Ecosystem: Identify every endpoint in your organisation—devices, browsers, applications, back-end systems and more. Understand how they interact, especially the critical handover points. Don't overlook the divide between operational technology (OT) and IT; closing this gap is essential for a comprehensive security strategy.
  • Adopt a Platform-Based Approach: Consolidation isn't just about reducing vendors—it's about choosing platforms that cover broad security categories like identity management, security operations and network security. Consider what additional business needs, such as predictive analytics, are necessary to manage security risks proactively.
  • Align with Strategic Goals: Evaluate potential platforms against your organisation's zero trust framework. Which options best meet your security requirements and bring you closer to your strategic goals? Sustainability is key here — ensure that the platforms you choose have a strong, forward-thinking business model and are committed to ongoing innovation and R&D.
  • Weigh the Risks: Don't forget to compare consolidation with the status quo. Could consolidating create critical dependencies that might outweigh the benefits? It's essential to balance efficiency gains with the potential risks of over-reliance on fewer vendors.

Triple win
In short, vendor consolidation is more than just a strategy; it's necessary in today's complex security landscape. Businesses can significantly reduce complexity and close critical security gaps by streamlining the number of security vendors and opting for integrated solutions from a single provider.

And with 79% of organisations finding managing multiple vendors challenging, and 69% believing that prioritising consolidation would enhance their security posture, it is clear—fewer vendors mean fewer vulnerabilities, faster implementation and reduced demand for specialised skills.

Vendor consolidation delivers a triple advantage: stronger security, operational efficiency and quicker returns. It's a smart move that simplifies your security and strengthens your business.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X