As new vectors and vulnerabilities hit the landscape, traditional security strategies have helped organizations close security gaps with point solutions.
It’s easy to understand why this practice has become the norm — a new type of threat or a rapid change in business operations might demand a fast response: Organizations need to augment the capabilities of their existing security solutions without undertaking a major, lengthy overhaul. For example, as businesses shifted to a hybrid work model, IT and Security needed to devise quick ways of protecting employees, applications, and networks in a distributed environment.
Plugging a single hole in traditional perimeter security, for example, is less expensive than replacing perimeter security with an entirely new security model. If budgets are modest or inflexible, point solutions might appear to be the only viable approach to solving emerging problems.
In the research study, nearly a third (31%) of respondents who had experienced security incidents in the past three months reported that they planned to add more security solutions in the next year.
Many of these organizations end up with a large collection of solutions. Our survey’s respondents reported that, on average, they have between six and 15 products in their architecture. Large organizations, defined as having 2,500 or more employees, have more than 20 security solutions — almost twice as many as medium-sized organizations. Why do they have more? They likely have larger budgets to acquire products plus deeper resources to implement and manage them.
At the same time, medium-sized and smaller organizations have greater agility for change. They might be more willing and able to implement holistic security solutions, if they have the budgets to afford them.
Regardless of company size, organizations with a collection of point solutions can run into significant challenges. First, they must manage a more complex environment than ever before. Numerous solutions, often from multiple vendors, require administrators to constantly switch among interfaces and continuously manage updates. In some cases, administrators become specialized, focusing on a single solution or group of products. But when solutions and teams become too siloed, processes and policies become siloed as well.
Often, point solutions wind up being more costly than holistic ones. Though some organizations take a piecemeal approach to avoid large-scale costs, they nevertheless spend more on the acquisition and management of individual solutions than if they had made a broader change.
Cyber attackers can find seams in this patchwork of solutions and gain access to the corporate network, where they can do significant damage.
The research shows that companies with more solutions ultimately experience worse security performance than organizations with fewer solutions. Organizations with more than 15 solutions experienced more cyber security incidents, took longer to respond to those incidents, spent more money on security, and faced greater talent challenges than organizations with fewer than 15 solutions.
Implementing numerous point solutions clearly doesn’t work. Still, to avoid falling into a point solution trap, organizations must be willing and able to make larger-scale changes in their security model.
For many organizations, unifying the security stack across multiple domains has been a challenge, one that a connectivity cloud aims to solve. A connectivity cloud is a unified platform of cloud-native services, powered by an intelligent, programmable global cloud network. With a connectivity cloud, organizations can easily implement the full range of security capabilities they need and regain control over their IT environments — all while avoiding the complexity of managing point solutions from multiple vendors.
Continue to Chapter 6: A talent crunch
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
After reading this article you will be able to understand:
Survey results from over 4,000 cyber security professionals
New findings on security incidents, preparedness, and outcomes
Considerations for CISOs to secure the future and achieve better outcomes for their organization