The latest Foundry Security Priorities Study, now in its fifth year, finds that 90% of organisations have added at least one security tool or service to their environment in the past year. Furthermore, 45% have added four or more technologies. Conversely this proliferation can actually increase risk and complexity without improving outcomes, and ultimately can reduce return on investment, too.
There becomes an impact “tipping point” where the number of technologies, tools and vendor relationships exceeds the capacity to productively use and indeed optimise them. Especially when managing vast numbers of endpoints distributed across the enterprise on-premises and in the cloud, too many security tools actually:
- Creates complexity and confusion
- Reduces holistic visibility and prioritisation of vulnerabilities
- Can ultimately mean that IT teams spend more time managing tools than effectively defending against the threats they are designed to help protect.
This is compounded by IT security leaders increasingly now taking on physical security as a responsibility, along with rising supply-demand talent gaps for IT practitioners, especially in cloud security. It means that many IT teams are already hard pressed across time and resources, and are at risk of burnout.
Putting this all into context, additional research finds that organisations using more than 50 security tools are 8% less likely to mitigate threats and 7% less defensive than other organisations using fewer programs (IBM). This also shines a light on the Foundry Security Priorities Study finding that 90% of security leaders believe their organisation is falling short when it comes to addressing cyber risks.
So what factors should we consider when looking at reducing the proliferation of security tools, vendors, and partners? Firstly, the imperative is to evaluate the state of the environment now and then shift forward in focus to optimise the investments already made, alongside becoming more selective around new technology and tool acquisitions, and the partnerships that support and underpin them.
This requires continual questioning and active listening. What is the fit with our current security model? How does it align with our zero trust journey? Is SASE or SOAR relevant for our specific context? What is the level of trust established in a specific vendor relationship?
With an overarching goal of transparency, trusted data and partnership, and tight integration across the entire enterprise environment, consideration of the benefit of a single pain of glass zero infrastructure platform comes center stage.
Tanium is a case in point as exemplified by the impact achieved with Barclays, which can be explored here. It’s a tangible example of the outcomes of investing in a trusted vendor/partner relationship, alongside the power of platform unification to reduce costs and complexity, consolidate point tools, increase visibility and speed up incident response, all whilst advancing real-time active intelligence and data protection capabilities.
It is clear that while tools, technologies and partnerships matter, you can have too many in the box! The key is to find the right alignment for you to optimise your security posture and reduce the risk of unintended consequences from that investment.
About the author:
Dr. Sally Eaves (LinkedIn) is Senior Policy Advisor and Chair of Cyber Trust for the Global Foundation of Cyber Studies and Research, and CEO of Aspirational Futures which enhances inclusion, sustainability, and diversity in education and technology. Described as the “torchbearer for ethical tech,” she was the inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations. A highly experienced chief technology officer, professor in advanced technology, and global strategic advisor, Sally is an award-winning international author, advisor, researcher, and keynote speaker on digital transformation alongside culture, skills, sustainability, and SDGs impact.
This post is brought to you by Tanium and CIO Marketing Services. The views and opinions expressed herein are those of the author and do not necessarily represent the views and opinions of Tanium.