Cybersecurity Professionals Push Their Organizations Toward Vendor Consolidation and Product Integration
New research from ESG and ISSA reveals that nearly 46% of organizations are consolidating their vendor base due to increasing complexity in security operations. 77% of cybersecurity professionals express a desire for more industry cooperation on open standards to enhance interoperability. The study surveyed 280 professionals, showing a significant shift from a best-of-breed approach to integrated security platforms. Key reasons for consolidation include operational efficiencies (65%) and tighter integration (60%). Many organizations will likely purchase security platforms over best-of-breed products moving forward.
- 46% of organizations consolidating vendors indicates a trend towards efficiency.
- 77% of infosec pros advocate for open standards, suggesting a shift in industry cooperation.
- 65% of organizations report operational efficiencies as a reason for vendor consolidation.
- 53% of organizations prefer purchasing security platforms over individual products.
- Many organizations managing 25+ independent security tools face increased operational overhead.
- 36% of organizations willing to buy from a single vendor indicates a potential risk of monopolistic vendor behavior.
New global study from ESG and ISSA reveals nearly half of organizations are consolidating or plan on consolidating the number of vendors they do business with
The new research report, Technology Perspectives from Cybersecurity Professionals, surveyed 280 cybersecurity professionals, which were primarily ISSA members, focused on security processes and technologies and revealed that
From Best-of-Breed to Integrated Platforms
Security professionals have long believed that purchasing best-of-breed products provided the best overall defense-in-depth. However, as the number of security products has skyrocketed, many organizations manage 25 or more independent security tools—an approach that comes with substantial operations overhead.
Security professionals identified numerous problems associated with managing an assortment of security products from different vendors such as increased training requirements, difficulty getting a holistic picture of security, and the need for manual intervention to fill the gaps between products. As a result of these issues,
Most common reasons for vendor consolidation
-
Operational efficiencies realized by security and IT teams (
65% ) -
Tighter integration between previously disparate security controls (
60% ) -
Improved threat detection efficiency (i.e., accurate high-fidelity alerts, better cyber-risk identification, etc.) (
51% )
In addition:
-
53% tend to purchase or will in the future purchase security technology platforms rather than best-of-breed products -
84% believe that a product’s integration capabilities are important and86% of respondents say it is either critical or important that best-of-breed products are built for integration with other products -
After cost (
46% ), product integration capabilities are the most important security product consideration for37% of security professionals
Evaluating “enterprise-class” security vendors
As the security technology market consolidates, “centers of gravity” will become established around a few large vendors and affect future buying strategies; organizations will place more bets on fewer security technology vendors. According to cybersecurity professionals, the most important attributes for an enterprise-class cybersecurity vendor are:
-
A proven track record of executing its cybersecurity product roadmap and strategy (
34% ) -
Provides products designed for enterprise-scale, integration, and business process requirements (
33% ) -
Commitment to reducing operational complexity, lowering cost of ownership (
31% )
“Given that nearly three-fourths (
“The report reveals a massive change taking place within the industry, one that for many feels like a long time coming,” said
After reviewing this data, ESG and ISSA recommend that organizations push their security vendors to adopt open industry standards, possibly in cooperation with industry ISACs. There are a few established security standards from MITRE, OASIS, and the
This lukewarm behavior could change quickly, however, if cybersecurity professionals—especially those at organizations large enough to send a signal to the market—establish best practices for vendor qualification with process requirements that include adopting and developing open standards for technology integration as part of the comprehensive process for all security technology procurement.
The full report can be downloaded here.
About ESG
About ISSA
View source version on businesswire.com: https://www.businesswire.com/news/home/20220720005341/en/
Media Contact:
leslie@kesscomm.com
Source:
FAQ
What does the new ESG and ISSA study reveal about vendor consolidation?
How many cybersecurity professionals believe in the importance of open standards?
What are the main reasons for organizations to consolidate their security vendors?
Is there a shift from best-of-breed products to integrated security platforms?