Consolidation of Multiple Security Silos
Published on : Sunday 07-02-2021
While consolidation of security solutions is required, CISOs need to plan the consolidation very carefully, suggests Sanjeev Garg.
One of the most important concerns of CISOs (Chief Information Security Officers) across the world is: how secure their organisation is, and the 2020 pandemic has further fuelled this concern. The network attacks have been the highest during Q3 2020 and increased by 90% over the previous quarter. Cyber-attacks are currently occurring every 39 seconds. As per Dimensional Research’s survey, 90% of organisations have seen increasingly sophisticated cyber threats during the past three years. Many organisations have become victims of email phishing attacks during Covid-19, with 90% of malwares being delivered by email and more than 2.7 million malicious domain connections blocked.
The need of the hour is also to understand the impact of a breach or hack in the organisation, if it happens, and the controls that can be brought in to secure the organisation. The need is to bring in cost-effective yet efficient solutions to reduce TCO (total cost of ownership) without compromising on the security posture, knowing weak links from a risk standpoint, and areas that need more attention as compared to others.
For mid to large-sized organisations, the problem gets aggravated multi-fold over time. Large organisations, which over the years would have gone through the lifecycle of M&As (Merger & Acquisition) and rely on legacy applications for specific business functionality, face an increased threat landscape. They deploy new products available in the market which promise a more robust and secure environment. This leads to multiple (and sometimes redundant or obsolete) products deployed in the organisation, thus increasing complexity. According to a recent study by Check Point, 27% of large organisations use 11 to 40 products from different vendors’ while around 49% of all organisations use between 6 and 40 security products. This results in increasing deployment and maintenance cost, high and complex integration requirements, increased time to isolate the problems during crisis, and delayed coordination across multiple vendors.
CISOs globally have been in constant endeavour to consolidate such multiple silo security products. With the accelerated digital disruption due to Covid-19, the security threat landscape has increased tremendously with everyone, from youngsters to IT professionals and from non-IT professionals to practitioners, using digital platforms to perform the day-to-day functions. This involves all types of transactions such as browsing the internet for information, performing bank transactions, dealing with patient sensitive data, among others. The organisations overnight stepped up, set up and deployed new tools, which have ‘seemingly’ increased security and block hackers and attackers from stealing information.
However, is that so? The trends have showcased a different reality. Thus, the security experts are finding ways to consolidate the security tools with different goals and objectives such as:
1. Security Measures with Cost Effectiveness: With the increasing scrutiny on budgets globally due to impact on the economy, this is one of the major factors in consolidation. However, cost is not the only factor when it comes to security. The primary objective of CISOs is to provide adequate security to information assets and technologies in the organisation, while also maintaining the TCO (Total cost of ownership) and ensuring RoI (Return on Investment). More the solutions an organisation deploys, more is the maintenance and operational cost borne by them. The consolidation must ensure effectiveness both from cost as well as risk posture standpoint, with no loss in functionality.
2. Speed of response: Security is focused on detection and containment of threats within the environment; hence, speed is of the essence. The silo solutions increase detection time up to more than 200 days, leading to a delayed response to threats. With a focus on integrated and Artificial Intelligence (AI) and Machine Learning (ML) based analytical solutions, the intent is to not compromise the existing functionality of threat detection and enhance the detection capabilities at a much faster pace. ML solutions help in easy categorisation of security threats into – ‘false-positive’ or ‘true-positive’, helping security analysts to focus on actual incidents. Similarly, with the NextGen firewalls that come along with integrated functionality, faster deployment and detection of malicious traffic within the network is enabled without compromising the security and functionality.
3. Risk Quantification and Focussed Areas to address: With the increased threat landscape and millions of transactions on any given day, the importance is to know where to pay dedicated attention and prioritise the areas that could potentially harm the organisation the most. The benchmarking of risk across the organisation using standardised approach with the help of people, process and related technology can help to bring in this focus. Risk quantification would help to strategise the right architecture and technologies that can be deployed to uplift the security posture of an organisation.
4. Automation and Required Efforts: Reduction and consolidation in security tools result in a fewer number of security skilled resources required to manage the products deployed, protecting the enterprise from security threats. The consolidated and integrated set of products/solutions also help in automation to detect and respond to security threats more effectively. The ML-enabled and automated incident response solutions take away the manual efforts to contain and remediate the security threats at a much faster pace as well.
5. Consolidated solutions: Using multiple solutions from different security vendors adds complexity and takes potential time and effort for different activities such as maintenance, version upgrades, configuration changes, annual license renewals. Hence, consolidation of solutions will enable easy management, both from administration and technical perspective.
Therefore, the consolidation of security tools/solutions is a desired goal. However, it is at most required to properly plan and understand the outcome from consolidation in terms of functionality achieved, skills required, cost implications, compliance adherence and ensuring increased security posture of the organisation. Some of the key factors to be considered would be the choice of vendors and solutions, and thus integration among the chosen solutions.
The product vendors have also taken multiple steps in this direction with increased acquisitions within security. The objective is to consolidate a number of tools, reduce redundancies and provide varied functionalities to customers using a single console to avoid duplication of efforts and effective management of operations.
While consolidation of security solutions is required and the way forward to reduce threat vectors and for faster detection of threats, CISOs need to plan the consolidation very carefully. Any such transformations should be planned rigorously, proceeded with caution by taking a phased approach, while making sure that they do not compromise any functionality in the existing ecosystem. Every solution chosen should ensure that it is mapped to meet specific objectives and overall security strategy. If this mapping is not correct it should be re-evaluated re-considered. Any gaps in integration and consolidation may lead to significant cost increase and potential data breach that may cost fortunes to the organisation.
Sanjeev Garg is the Delivery Head for Enterprise Security and Risk Management practice at Tech Mahindra. A seasoned leader with rich experience in managing global delivery, leading solutions, operations and consulting within security domain, Sanjay has guided and directed security engagements across different business domains and regions covering end-to-end security portfolios and have been instrumental in improving customer satisfaction and growth, in conjunction with elite partners through a joint marketing strategy.
Before joining Tech Mahindra, Sanjeev headed Threat Defense practice in LTI and was responsible as regional delivery head in Wipro. Sanjeev is an engineering graduate from Thapar University, and also holds a management degree from London Business School.
