Managed security services providers (MSSPs) are going to soon be at the forefront of a wave of consolidation of cybersecurity platforms as more organizations not only look to reduce overall costs but also streamline security operations.
A survey of 280 cybersecurity professionals conducted by the research firm Enterprise Strategy Group (ESG) on behalf of the Information Systems Security Association (ISSA) finds nearly half (46 percent) of respondents are at organizations that either plan to (25 percent) or are actively consolidating (21 percent) the number of security vendors they currently rely on.
The number of security vendors that organizations buy products and services from has exploded in recent years. The challenge is that most cybersecurity teams are short-staffed and there simply are not enough individuals on these teams to manage all the products and services that organizations are attempting to employ.
More than half of respondents (53 percent) said they tend to purchase or will in the future purchase security technology platforms rather than best-of-breed products. The most common benefits of consolidation cited by survey respondents are operational efficiencies realized by security and IT teams (65 percent); tighter integration between previously disparate security controls (60 percent) and improved threat detection efficiency (51 percent).
Critical attributes for vendors cited by survey respondents include a proven track record of executing its cybersecurity product roadmap and strategy (34 percent); products designed for enterprise-scale, integration, and business process requirements (33 percent); and a commitment to reducing operational complexity and lowering cost of ownership (31 percent).
Organizations are especially keen to rely more on cloud services to manage cybersecurity because it often presents an opportunity to reduce the number of platforms they would otherwise need to deploy and manage. The cloud service often provides access to features that can be invoked as a service versus requiring security operations teams to separately deploy and manage them.
The current economic downturn is in many instances now providing additional impetus to consolidate security platforms. Many cybersecurity startups are also finding it more challenging to raise additional rounds of funding so it’s likely that more than a few organizations will soon be looking for a way to employ emerging technologies without necessarily having to replace one vendor with another if one of their existing vendors can provide the same capability.
Mergers and acquisitions have, of course, always been difficult to navigate for managed security service providers (MSSPs) and the organizations they serve. Most MSSPs are all too aware of the benefit of streamlining security operations to drive increases in overall profitability. Every time a new vendor is added to the portfolio of platforms that an MSSP relies on to deliver a security service the total cost of delivering that service rises. The challenge is customers have shown time and again that they are not automatically inclined to pay more for a service every time new capabilities are added. The expectation is that the MSSP is absorbing all the costs associated with securing their IT environment regardless of how the threat landscape evolves.
Ultimately, as cybersecurity becomes more challenging to achieve and maintain, more organizations are going to rely on MSSPs to secure their IT environments. As such, it will be MSSPs by sheer dint of numbers and volume that will dictate which platforms provide enough critical mass in terms of capabilities to warrant their continued survival.
Photo: Color4260 / Shutterstock