E R T N
P
X
E INIO
OP
Tool sprawl can largely be attributed
to the cybersecurity boom. As
cybersecurity has quickly become an
enterprise-wide concern, enterprise
budgets have ballooned over a relatively
short period of time. In turn, this has led
to massively increased investment into
the industry. Gartner reported last year
that worldwide security spending grew
by 12% in 2018 and projected it to grow
by another 8% this year.
So, we have a superfluity of vendors
selling a ton of products, many of which
do the same thing. Those large budgets
have allowed enterprises to purchase
without much thought as to whether
those purchases are efficient.
It’s no surprise that this affects larger
companies more – they’re weighed down
by 30% more tools than their smaller
counterparts. In fact, companies with
over 20,000 staff use over five tools for
cloud access security.
The other potential explanation is the
arbitrary separation between ITOps and
SecOps that so often dogs enterprise
security. While they often use data
and tools which do the same thing and
serve the same purpose, they’re geared
towards the specific use of the individual
departments who often speak different
technical languages, use different UIs
and rarely communicate.
The good news is that enterprises are
not happy with this situation.
The IDG report further elaborates
that 48% of respondents are open to
reducing the amount of tools they use.
Quite naturally, they want to smooth out
inconsistencies and streamline their
own environments.
For example, 39% of IDG survey
respondents listed enabling access
control consistency across their hybrid
IT environments. Another ESG research
paper shows that 66% of businesses are
actively working towards consolidating
their security portfolio. Understandably so.
42
When an enterprise
uses more tools than
they need to, they’re
handling more data
than they need
to and providing
attacks with more
places to hit and
more loot to run
off with.
So how do we do that? Again, IDG
respondents were on the right track.
Many are considering using integrated
platforms, suites and Managed Security
Service Providers (MSSPs). The IDG
report added that 38% of respondents
are outsourcing Secure Access capacity
and that they plan to increase using
MSSPs by 2021 by over 8%.
Enterprises should look at their secure
access tools and decide which ones
they really need and which have become
redundant since purchase.
A total of 39% would like VPN as a
central part of any secure access
platform, 38% said multi-factor
authentication and 37% favour Network
Access Control, cloud security access
brokering and web application firewalls.
Tools can be consolidated in other ways
too. Using fewer vendors or vendors
whose tools can easily be integrated
with one another could be a good idea.
Integrating teams so that they’re working
together as opposed to side by side
will be of great help here. Tool sprawl
is often caused by arbitrarily separated
teams which often share functions and
Gartner reported last
year that worldwide
security spending
grew by 12% in 2018
and projected it to
grow by another 8%
this year.
Issue 19
|
www.intelligentciso.com