Research Firm Provides Advice For Planned Security Platform Consolidation – Virtualization Review

Research Firm Provides Advice For Planned Security Platform Consolidation

Research firm Gartner predicts a consolidation of security platforms as enterprise security and risk management (SRM) teams face a confluence of factors that make their jobs difficult.

“Security and risk managers continue to be challenged to do more with less – in the face of increased demand for services, rapidly evolving threat landscapes and insufficient technical talent,” Gartner said in the last month’s report titled “”Predicted 2022: Consolidated Security Platforms Are The Future“This research predicts that platform consolidation will help SRM’s executive organizations thrive in hostile environments. ”

In precise figures, the company’s report is based on these strategic planning assumptions:

  • By 2025, 80% of organizations will have adopted a strategy to unify access to the web, cloud services and private applications from a single vendor’s Security Service Edge (SSE) platform.
  • By 2025, 30% of enterprises will have adopted a Data Security Platform (DSP), due to pent-up demand for higher levels of data security and rapidly increasing product capabilities.
  • By 2025, 70% of organizations will pool the number of vendors securing the lifecycle of cloud native applications to a maximum of three vendors.
  • By 2027, 50% of mid-market security buyers will leverage Extended Discovery and Response (XDR) to consolidate workplace security technologies, such as endpoints, cloud, and identity.

In fact, according to Gartner, the movement is already well underway, with a 2020 poll of 83% of organizations pursuing a vendor consolidation strategy indicating that efforts have been underway for at least a year.

A year of change
[Click on image for larger view.] A year of change (source: Gartner).

The company sees SRM vendors taking two different approaches to consolidation, a platform approach in which different systems and features are integrated, and a portfolio approach in which packaged products are delivered, requiring little integration with other computer systems.

  • Platform approach

    • Take advantage of interdependencies and commonalities between adjacent systems
    • Integration of consoles for common functions
    • Support the organization’s business goals at least as effectively as the best
    • Integration and operational simplicity also help meet security goals.
  • Portfolio approach

    • Leverage set of products not integrated or slightly integrated into a purchasing package
    • Several consoles with little or no integration and synergy
    • Legacy approach in a provider wrapper
    • Will not fulfill any of the promised benefits of consolidation

“The differentiation between these approaches is the key to the effectiveness of the suite, and vendor marketing will always say they are a platform,” the report says. “When you are evaluating the products, you should consider how well the consoles are integrated for the management and monitoring of the consolidated platform. Additionally, assess how security elements (such as data definitions, malware engines) and more can be reused without being redefined, or can be applied across multiple domains transparently. Multiple consoles and multiple definitions warn that this is a portfolio approach that needs to be carefully evaluated. ”

Merging Data Security Capabilities Into Data Security Platforms
[Click on image for larger view.] Merging Data Security Capabilities Into Data Security Platforms (source: Gartner).

The platform / portfolio bifurcation constitutes one of the main lessons of the report, the other three are:

  • Driven by the need to reduce complexity, exploit commonalities and minimize management overheads, the convergence of security technologies is accelerating in several disciplines.
  • Organizations are working or plan to work on vendor consolidation strategies; it is a long term project for most of them, as it is often a big architectural change.
  • Technological consolidation is not limited to one technological area or even to a set of closely related technologies; these consolidations occur in parallel in many security domains.

“Security technologies and mindsets have continually oscillated between best solutions and platform solutions (although the latter have too often been a marketing construct, more than an actual approach),” said Gartner. “This oscillation is driven by purchasing centers, supplier preferences and technical requirements. It has left organizations and security and risk management (SRM) leaders with massive technical debt and often fragmented and complicated infrastructure that does not help an organization’s mission to enable its digital. Such infrastructures are difficult to manage, limit visibility into the real state of security, and have created gaps between silos or inconsistent policies.

Report recommendations for businesses include:

  • Evaluate the security platforms where they share data and control plans; leverage this consolidation to define common policies and reduce the gaps and vulnerabilities between existing silos.
  • Assess your security needs for outbound communications and determine where cloud-managed solutions match your risk and business profiles.
  • Inventory data security controls to implement a multi-year phase-out of siled data security tools that hold you back when you need to leverage your data for the benefit of a modern data security platform.
  • Implement an integrated, converged security approach that spans the entire lifecycle of cloud native applications, from development to production. Evaluate the gathered workspace security packages by extensive detection and response as an effective way to reduce the complexity of security operations.

The report incorporated research (Gartner’s ‘2020 Security and IAM Solution Adoption Trend Survey’) that was conducted online in March and April 2020 with 405 respondents from North America, Western Europe and the Asia / Pacific (APAC).

About the Author

David Ramel is editor and writer for Converge360.

Comments are closed.