Why Over Consolidation Can Introduce Points of FailureGartner Analyst Richard Addiscott on the Pros and Cons of Platform Consolidation
The average enterprise has between 50 - 70 different security solutions, some with overlapping functions. When an organization opts for too many best-of-breed point solutions, it poses certain challenges. There are multiple dashboards to monitor. Since the solutions are from different vendors, they don't integrate well or talk to each other. In an exclusive interview with ISMG, Richard Addiscott, senior director analyst, Gartner, said organizations must strike a balance between having best-of-breed and taking a consolidated, platformized approach from one vendor.
Edited excerpts follow:
What are some of the core security challenges that impact organizations today?
Organizations continue to increase the footprint of their environments - internal and external. As they embrace more cloud services, the attack surface will continue to grow. Internal, privately hosted data centers continue to grow as well, and the application is hosted there. It is becoming increasingly difficult for the security operations team to have visibility of all such elements, especially considering the array of exposures and the configuration options that are going to be available to them.
From a tooling perspective, that's part of the operating model challenge that they have. There are some excellent point solutions out there, but you've got to find that balance between having best of breed for everything or taking a consolidated approach from one vendor.
When it comes to tooling, they need to stay resilient and avoid concentrating all their resources in a single area while striving for balance. The failure there can have a direct implication on the organization's resilience moving forward.
In addition, there is a growing trend of employees working from home. Our research shows approximately 65% of employees choose to work either remotely or hybrid, which is a significant portion.
Platform-centric security is a topic that often gets considerable attention. What are your observations?
Platforms have been around for some time, and in 2022, we saw increasing adoption. We saw more vendor consolidation. In 2023, we observed an overlap between vendors, platforms and domains. So there's now a consolidation of platforms into an environment. That minimizes the complexity of management contracts. It is designed to improve operational efficiency and minimize operational overhead. If you over-consolidate, it can introduce a lot of single points of failure into your business.
Platform consolidation might deliver longer-term returns in terms of operational efficiency and reduced OPEX down the line. But you might see a surge in investment required because you've got to build all the integration engines, use middleware and everything else to do that, which could be a CAPEX issue, depending on how it's funded.
You must realize that if you are only selecting vendors that are able to integrate, you have less to choose from, which might put some pressure on your pricing. You have to be mindful of that. But beyond that, it's potentially going to improve your ability to operate amid the talent crunch.
What should the CISO be cognizant of regarding the use of AI to improve cybersecurity?
When we talk about a trend around how a CISO is using AI, it is a little early to say exactly what is working and what's not. My colleagues and I look at AI through four lenses. The first lens is, we have an organization that wants to use AI for their strategic objectives. How do we enable that securely without causing issues?
Vendors want [us] to use generative AI. But we've got to be mindful of issues such as data sovereignty and how we access that. How does that affect pricing? And then we've also got to know how the attackers are going to use AI against us.
This has got to do more with automating processes like a spear-phishing attack, for instance. Traditionally, profiling or gathering information about the target has been more of a manual process. Now, they have the ability to use generative AI and other AI capabilities to gather information about you from social media sites and create a customized spear-phishing attack on you.
The ability to conduct mass spear phishing is going to be easier for an attacker. That's mass customization. We know that phishing is still the most leveraged vector, by attackers trying to get into an organization.
That will be an area where the CISO has to think about ways to manage it. Are email protection tools able to detect it if we do digital watermarking, and we only allow emails that have been verified as either human-delivered or non-malicious? Or use a filter that says if the email is generated by AI, it doesn't get in. So the CISO has to think about how the security team leverages AI.
How must organizations compensate for the shortage of cybersecurity skills in the short term?
It's a combination of just being more strategically focused with our workforce planning - and bearing in mind that the skills that we need today aren't necessarily going to be the skills we need in five years.
We need to be thinking about the talent management life cycle, where you've got to think about it in four key phases: How can we recruit better people? How can we position ourselves as an employer of choice in a market where there is potentially an abundance of options due to the demand-supply challenge that we are facing? What strategies can we employ to retain them? Lastly, how can we find ways to help them upskill, ensuring they stay current with the emerging technologies?
You might have an environment where you are developing cloud, and you've got a cloud hybrid environment. Moving to full cloud necessitates a shift in the skills mix within your organization from a security perspective. As we introduce generative AI capabilities, you need security executives who understand prompt engineering and large language model operations and management. That's where the "renew" element comes into the talent management life cycle.
What should organizations prioritize with talent investment?
The current talent crunch seems to have a lesser impact as a technical challenge because there is so much outsourcing going on. The technical skills are a lot more commoditized, and these are easier to get hold of because there is a massive MSSP market out there.
At the moment, the talent crunch is evident in the emergence of cybersecurity leaders, the next generation of CISOs. How can we fill these roles?
Addiscott works with information and cybersecurity leaders covering topics focused on improving security risk management maturity and outcomes, optimizing organizational security risk postures, and demonstrating clear alignment between security and strategic business outcomes.
ISMG met Addiscott at the Gartner Symposium in Kochi, India, in November 2023.