Okea - stock.adobe.com
Managing the security estate
The channel is increasingly being looked on as a source of help for customers aiming to reduce the number of security tools they use, and interest is only increasing with the pressure on budgets
What can channel partners do to help customers rationalise security portfolios?
Many businesses are using too many security products with a range of point solutions that don’t talk to each other and require a lot of management time and effort. The situation seems ripe for partners that can help customers consolidate and rationalise their security portfolio. Economic pressures are also playing their part in motivating companies to reconsider.
Cisco senior vice-president of global partner sales and general manager of routes to market Oliver Tuszik recently told MicroScope: “What customers are looking for is less about the best security solutions, and more about bringing an end-to-end coverage model that helps them to manage the complexity.”
But is he right, or is the situation more nuanced than that?
Francis O’Haire, group technology director at DataSolutions, argues the situation has arisen from organisations bolting on cyber security technologies as they have become available to keep pace with the evolving threat landscape.
“There are several ways to address the resulting complexity, but the best approach very much depends on the specific needs and capabilities of each business,” he says. “In an ideal world, or for organisations starting out from scratch, a unified platform from a single vendor is the best approach.”
But many organisations, including managed security service providers (MSSPs), that have built up their own cyber security capabilities using many point solutions are not in a position to abandon them in favour of a unified platform. But, says O’Haire, they do have “the option of lowering the complexity and cost of managing the entire stack while also increasing its effectiveness through the use of SOAR [security orchestration, automation and response]”.
O’Haire believes MSSPs are “probably the best option” for smaller businesses that do not have the necessary in-house skills. “Customers can benefit from highly sophisticated cyber security protections, developed and managed by the MSSP, without needing to have the skills or to deal with the complexity themselves,” he says.
Technical and business challenge
Matt Middleton-Leaf, northern Europe managing director for Qualys, says security consolidation presents a technical and business challenge. Vendors might want to take as much of the security piece as they can, he says, but customers want to have more coordination across their security processes and for their employees to be more efficient. “Simply going in with a message of ‘we’ll help you cut your vendor count’ is not enough to make customers pay attention,” he adds.
Change is inevitable in some form, claims Middleton-Leaf, because many legacy security investments are not able to provide the level of automation and integration for future needs. But he points out that consolidation can also be a byword for cutting costs. “That is not what security teams need – if anything, their budgets should be growing as the number of threats increases,” he says.
Neil MacDonald, HP’s UK & Ireland channel director, says partners, managed service providers (MSPs) and MSSPs need to demonstrate their value by helping clients identify and establish which tools and services they need. “By listening to the challenges of each individual business and working with customers to develop a bespoke cyber strategy, partners can make the cyber security stack less complex while maintaining cyber resilience,” he says.
Once they have assessed the tools and services being used by the customer and identified gaps in their cyber security, he says, they can “start to work on consolidating tools and services – providing advice on which products may be better suited for the customer’s specific needs”.
But MacDonald is adamant that “there is no one-size-fits-all approach” to cyber security that can be solved with a single end-to-end platform. “Partners must help organisations build layered security models, so they can stay resilient and future-proof against the ever-changing threat landscape, protect an increasingly dispersed hybrid workforce and avoid making headlines because they have fallen victim to a security breach,” he says.
Matthew Rhodes, regional director for MSSPs at Logpoint, takes a different view. “[Security solutions] that promise to deliver protection, detection or response capabilities must actually provide them,” he says. “They don’t have to be best of breed – however, the security technology has to deliver those fundamental capabilities. That said, organisations should strive for an end-to-end coverage model that accelerates threat detection, investigation and response.”
Customers will always have gaps in their cyber security. “If those gaps are vast, an end-to-end security platform is the most efficient and appropriate security decision,” says Rhodes. “However, if the customer has all the tools necessary, they don’t need to reinvent.”
By outsourcing to MSSPs that can rationalise the technology, customers can save costs and reduce capital expenditure. “MSSPs can also manage the technology stack or platform, enabling customers to manage spiralling opex [operational expenditure] costs by not having to constantly keep hiring, training and retaining security professionals,” he says.
Sarah Goodchild, senior director for EMEA channel sales at Picus Security, says customers can “spend millions on new security tools believing this will solve all their problems, when we know this is not the case”, adding that “having lots of disparate security controls can be unmanageable and a major drain on resources”. Channel partners that enable this spend first, think later approach are “part of the problem”, she says.
Jamie Akhtar, CEO and co-founder of CyberSmart, believes Cisco’s Tuszik is broadly right. “In our experience, many businesses are using complex and unwieldy security portfolios they don’t necessarily need or, at times, even understand. Not only is this a waste of time and resources, but it can also lead to disengagement,” he says. “If managing your business’s cyber security feels incredibly complicated or time-consuming, it’s a completely human response to switch off from it and work with poorly configured security tools or simply hope for the best.”
Small and medium-sized enterprises (SMEs) might also be tempted to cut costs on their security portfolio at a time when they are struggling economically. “This could leave them very exposed in a landscape where cyber threats are only increasing,” says Akhtar. “There’s a huge opportunity for MSPs and MSSPs to help businesses streamline and rationalise their cyber security portfolio.”
An end-to-end security platform is certainly the simplest answer, he believes. “There are platforms available for a fraction of the cost of many businesses’ security portfolios,” he says.
But it’s not the only solution. “MSPs that want to offer a more personal service could achieve the same ends by simply helping customers consolidate their portfolios into something more manageable,” adds Akhtar. “But it must be said this is considerably more time-consuming than using an end-to-end protection tool.”
Michael Allen, vice-president of Worldwide Partners at Dynatrace, does not believe there is a one-size-fits-all approach for partners to help customers rationalise their security portfolios. “Often, a combination of both providing an end-to-end platform and optimising their use of existing tools is the best course of action,” he says. But that’s not as easy as it sounds.
A survey by Dynatrace found 62% of organisations use four or more solutions just for application security. “But even with this number of tools, they are left with gaps,” he says. “There is a great opportunity for solutions partners to help customers overcome this complexity in their security portfolios, but they should not be suggesting a rip and replace approach. Instead, partners should offer a platform that ties existing solutions together more effectively to provide a shared source of insights.”
Steve Burden, head of security at Daisy Corporate Services, notes: “In an ideal world, a vendor would exist that can deliver a truly end-to-end security platform that protects everything from applications to ZIP files. Unfortunately, the security market is instead very fragmented, and in order to deliver a truly secure environment, organisations are forced to use a range of vendors to cover the wide range of threats.”
In Burden’s view, it’s up to channel partners to help customers select the right combination of vendor technologies to fit their unique balance of threats faced and technical capability. “A good partner helps with technology selection, deployment and management with the overall aim of helping customers become as secure as possible,” he says.
Carlos Morales, senior vice-president for solutions at Vercara, says MSPs and MSSPs are “uniquely positioned” to help customers maintain the necessary expertise and keep up-to-date with changing best practices because they have strong vendor relationships and “have developed expertise on their technologies as well as best practices and can bring established processes to companies to maximise their use of different solutions”.
He believes it is better to use products and services that integrate well together and work into a company’s processes because they can often yield more effective results in detection and remediation than using many individual best-in-class solutions. “MSPs and MSSPs can often deliver service platforms that include multiple functions tightly integrated together and with established integration points with other parts of the operational ecosystem,” says Morales.
Scott Walker, senior director for EMEA channel sales at Illumio, suggests MSPs should be helping customers make better use of existing tools and technology. “Security teams have often invested serious blood, sweat and tears into their existing infrastructure,” he says. “Ripping it all out often makes no sense. Instead, MSPs should offer a full review to better understand any gaps that need plugging or where complementary technology could help drive additional and cost-effective improvements.”
It’s the job of MSPs to consider what is the best set of controls to solve their customers’ current cyber security pain points. “MSPs bring experience and a proven track record to these discussions and look carefully on a case-by-case basis at what existing technology can be maintained and what needs to go,” says Walker. “MSPs are also mindful, thanks to extensive experience, that it’s about so much more than just the tech.”
Ryan Sheldrake, field chief technology officer for EMEA at Lacework, says the situation “is more nuanced than suggesting that organisations are seeking full end-to-end coverage at the expense of best-of-breed tools, that the only choice is between an integrated suite of mediocre tools versus a sprawl of dozens of best-of-breed tools”.
He adds: “There is a third option between the two extremes, that is using one or two best of breed suites that offer comprehensive protection for a range of threats, integrated with some point solutions that are world-class at specific challenges. To suggest that there is a single platform that can cover all facets of security would be foolhardy – there is no all-encompassing security platform or tool.”
Chris Waynforth, general manager and vice-president of international at Expel, agrees that advocating for all customers to adopt an end-to-end cyber security platform is not the best way forward.
“Every organisation is different and the situation is more nuanced than a one-size-fits-all approach,” he says, adding that he believes an end-to-end model is possible using the best solutions. “What constitutes the ‘best’ changes from business to business.”
Like others, he observes that the current macroeconomic climate is constraining companies from buying an end-to-end platform to replace what they already have. And organisations that have already spent significant money and time on their cyber security infrastructure don’t want to completely overhaul it.
“Instead, there needs to be a focus on providing solutions and services that address the pain points customers experience – not enough people and too many alerts, vulnerabilities and threats,” says Waynforth. “Partners need to provide solutions and guidance that address these problems and enable customers to extract more data and value from the cyber security stack they’ve already invested in.”
Patricia Murphy, vice-president of ecosystems EMEA and LATAM at Palo Alto Networks, says that while the cyber security industry has been successful at creating point products to solve specific challenges, “the onus has been on partners and customers to do the integration”.
The difficulty is that neither partners nor their customers “are able to keep up with the investment and training required to manage multiple and siloed security functions”, she adds. In addition, the point product approach is out of date, creating security gaps with products that are not designed to work together.
Customers and partners alike recognise that consolidation is required, and many have already started consolidation initiatives, or are planning to do so in the coming months and years.
“When it comes to cyber security, the challenge is significant due to the fragmented nature of the industry,” warns Murphy. “Which is why customers and partners are moving towards an integrated platform approach that not only reduces costs, but significantly improves their cyber resilience.”