A burden is weighing heavily on Security and IT teams — the burden of complexity. Everywhere you look, these teams have found that their security stack relies on too much manual effort — and far too many people-hours — to manage effectively.
It’s no longer just the largest multinational companies that have to worry about this level of complexity. Nowadays, organizations of all sizes are feeling overwhelmed by excessive support tickets, ungainly rulesets, redundant alerts, and cumbersome integrations. According to a recent Gartner survey, 75% of organizations are trying to simplify their security stack through vendor consolidation, with efficiency and risk reduction listed as the top goals.
But true efficiency — and less risk — don’t come from merely having fewer invoices to pay.
Organizations pursuing meaningful security simplification should focus primarily on their security stack’s underlying infrastructure. True simplicity and agility only come with a more fundamentally integrated approach — in which as many security services as possible live on a single network fabric, are powered with shared threat intelligence, and are easy to manage and adapt on a foundational technological level.
In a security context, complexity — or operational complexity, specifically — means it’s difficult to update policies, create new user accounts, turn on new tools and features, and perform other ongoing logistical security tasks.
This complexity can have a variety of root causes. Common examples include:
Too much manual effort. For example, fashion retailer PacSun once described their DDoS mitigation vendor: “Even if they could catch 80% of the problem traffic [automatically], we still had to deal with the most dangerous 20% percent manually.”
Excessive processes for simple requests. For example, IT consulting company Bouvet describes their VPN: “It took us days to provision new users in a secure manner where people could only access what they explicitly needed to access.”
Overwhelming volume of alerts and signals. For example, Mindbody said: “We had a diversity of products all of which had different interfaces and different capabilities used in different platforms across different things. It was really hard to manage and monitor that many disparate solutions.”
Lack of technical compatibility. For example, Stax reports their Zero Trust vendor as incompatible with several critical apps: “The vast majority of our computer fleet runs MacOS…Their limited Mac compatibility often delayed our releases.”
In addition to inefficiency, these challenges each create significant risk. If updating security policies takes too long, IT and Security may not block a new threat quickly enough. If onboarding is slow, productivity suffers. Too many alerts means some real threats go unnoticed — as in the recent 3CX supply chain attack, which some industry experts attribute to alert fatigue. And if employees can’t use required apps easily, they’re more likely to find workarounds in the form of shadow IT.
At times, an organization may experience complexity because it’s not using its existing security stack properly. But more often, the problem stems from more fundamental technical issues and inconsistencies. Small wonder, then, that so many organizations are shaking up their security stack and pursuing vendor consolidation.
But how likely is consolidation to resolve the complexity problem?
At minimum, consolidating security vendors saves time in superficial ways. It’s always good to have fewer bodies of support documentation to read and fewer vendor check-ins on the calendar.
But merely buying services from fewer vendors won’t always improve operational efficiency. The reason? Many security ‘platforms’ are really a collection of disparate services under the hood. Those services may be accessible via a single dashboard, but on the backend, they actually run in different data centers — perhaps because they came from acquired companies or were simply built on specialized infrastructure.
With this ‘false efficiency,’ many operational tasks are still difficult. Different services may require complex integrations, along with copious steps and tickets when changing policies and creating user accounts. Compatibility with related apps may be scattershot — and if traffic has to bounce around between different data centers, the resulting latency can hurt the end-user experience.
So where can organizations look to reduce operational complexity in a more meaningful way?
Reducing security complexity does typically require unifying many security services on a single platform, but that platform’s underlying infrastructure matters a great deal. Specifically, it should have three qualities: a unified network fabric, shared threat intelligence, and flexibility and future-proofing.
Here’s how those qualities work in practice to give Security and IT better efficiency and visibility.
This quality means that services across the entire security stack — spanning hybrid workforce security, application security, network security, and email security — run everywhere on a single consistent network.
More specifically, this network should have broad reach across the globe, with direct ‘any-to-any’ connectivity between offices, users, apps, ISPs, Internet exchange points, cloud instances, and any flavor of legacy hardware. It should offer dual-stack or IPv6-only networking functionality, so internal users can connect to resources over any ISP connection. And every network location should be able to respond to any user requests and enforce any sort of security policy.
When all security services live on the same fabric, organizations get better efficiency due to:
Simpler integrations. Thanks to global ‘any-to-any’ interconnectivity, the organization can easily incorporate new corporate applications to the network — rather than compromising or creating labor-intensive workarounds.
Better end-user experiences. Because user traffic does not trombone between different network locations, the user experiences faster, more reliable connectivity — and ultimately will file fewer support tickets.
More specifically, this means the platform’s threat intelligence should be comprehensive but not duplicative or internally contradictory. The platform should analyze a broad body of threats across many attack surfaces, and present that data in a single dashboard that clearly outlines interdependencies and impact. In addition, the platform should automatically apply this intelligence to security services across the stack — and make it easy to customize policies where the team decides additional tweaks are necessary.
When threat intelligence is broad and consistent, organizations see better efficiency due to:
Reduced alert fatigue: Fewer duplicative alerts, and more confidence that they are worth acting on.
Easier risk analysis: Spend less time creating an overarching view of risk across the organization’s attack surfaces, making it easier to prioritize.
Faster response: A combination of automation and easy policy updates means novel threats are blocked as quickly as possible.
This requires the vendor’s network to be composable, and that its security services do not need specialized infrastructure. It should be straightforward to add customized routing rules, security policies, and custom code — a concept often called ‘composability — using a single development platform across every service.
Infrastructure homogeneity is again important here. When every service uses the same underlying servers everywhere, and uses the same single control and management plane, future services will be able to run everywhere, and be integrated cleanly into the network.
These qualities reduce complexity by:
Easy customization: No organization’s security stack is entirely straightforward. Composability makes it take far less time to accommodate odd edge cases.
Increasing future agility: As-yet-unneeded or undeveloped services will automatically be compatible with everything currently in the stack, with no complex or hamstrung integrations.
Cloudflare security services were designed to meet all of the aforementioned elements for operational efficiency. We call our approach Everywhere Security. Here’s how it works:
Unified global platform: Cloud-native Zero Trust, application and API protection, email security, and network security services run on every server in every data center of our 330 city network.
Network-powered threat intelligence: We serve and secure roughly one-fifth of global Internet traffic — and automatically apply the resulting threat intelligence across all of our services. This improves threat visibility while reducing redundant alerts.
Continuous security innovation: Cloudflare has a track record of rapid, continuous security and networking innovation. The composable cloud platform makes it easy to adopt new services and security models (like Zero Trust).
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Learn more about this approach in the How Cloudflare strengthens security everywhere you do business ebook.
After reading this article you will be able to understand:
Common causes and consequences of overly complex security stacks
Strategies for reducing security complexity
The value of integrated security solutions that share threat intelligence
入門