Three Steps To Reduce Technology Sprawl And Optimize Cyber Defenses

2045

If someone asked you how many technologies comprise your cyber security portfolio, would you be able to answer correctly? Many IT and security professionals cannot, and this is dangerous for a variety of reasons. For starters, knowing your assets should be an important part of your overall security posture. But then there’s the issue of technology sprawl.

Malware evolves daily, and too many companies think throwing money at the problem is a failsafe way to mitigate risk. They’ll buy a new service or product to combat the latest threat, deploy it and then forget all about it. Given this all-too-common approach, it’s not surprising that global spending on cyber security products and services is predicted to exceed $1 trillion over the next five years (from 2017 to 2021).

Not only is this strategy a waste of money, but IT infrastructures are then comprised of various point solutions that aren’t orchestrated to work together. Many times, this leaves cracks in the foundation that companies thought they so successfully built, allowing cybercriminals to penetrate their walls. The hard truth is that more spending doesn’t always translate to reduced incidents.

The best way to avoid getting caught in this vicious cycle is to manage your cyber security portfolio proactively and make optimization and orchestration top priorities. Here are three steps to help you get started.

  1. Eliminate “waste” in your cyber security toolset.

It’s not hard to understand how many IT environments get to be a chaotic mess of point solutions. There are technology investments that have been acquired over the years. There’s technology sprawl fueled by acquisitions and mergers. And there’s the compelling need to continually purchase best-of-bread products to stay ahead of today’s advanced threats.

But too many products can weigh you down. It takes tremendous time and resources to manage the extensive network of third-party vendors that point solutions create, and getting the combination of products to operate together seamlessly can be a daunting task. Some companies develop their own in-house solutions in an effort to bridge disparate systems together, but most of the time this just adds to the support burden and prevents them from effectively upgrading or replacing technology down the road.

Eliminate waste in your cyber security portfolio by removing redundant or unnecessary products. This will help you focus on the solutions that have proven business value while simultaneously reducing the number of security vendors you must manage daily.

  1. Optimize existing investments.

Now that you have a finite group of security solutions with which to work, the next step is to make sure you’re getting the most out of them. The best-of-breed point product craze has led to a dramatic rise in shelfware—products purchased by companies that are never used. In fact, some studies estimate that as many as 30 percent of all security software purchases never get deployed. Evaluate any shelfware within your organization and deploy solutions that fit within your overall security strategy. For those that don’t, revert to step one.

Other helpful ways to make sure you’re getting the most out of your existing security portfolio include conducting health checks to ensure solutions are operating at peak efficiency and performance, and reviewing tools’ available security features to determine which you may be able to take advantage of that you aren’t already.

  1. Be wise about future security spend.

Rethink how you approach security spending. Stop the recurring cycle of buying new products and crossing your fingers that they align with your pre-determined strategy. Instead, before every new purchase, carefully weigh the need for best-of-breed technology with the importance of building a security infrastructure of fully integrated products, services and systems. Investing in technology that automates tasks and enables orchestration (coordination of those automated tasks) will help in this endeavor, while simultaneously freeing up IT and security teams to focus on high-priority activities that deliver business value.

To combat today’s sophisticated cybercriminals, companies must transform their security infrastructures and operations from a reactive, unwieldy and product-centric model, to one that is planned, predictable, and centered around optimization and orchestration efforts.

Security done right.

As with a lot of things in life, when it comes to cyber security defense, money isn’t the answer. Buying an endless array of tools is counter-productive for so many reasons, including making infrastructures more complex and difficult to manage, accelerating staff burnout, adding fuel to the security shelfware epidemic, and creating vulnerabilities that cybercriminals are increasingly adept at taking advantage of. Companies today don’t need more, they need “right” – the right strategy, the right infrastructure, and the right policies and processes – and optimizing your cyber security portfolio is a good first step in making this goal a reality.

About Brian Wrozek
Brian Wrozek, Director of Information Security at Optiv’s Office of the CISO