Infosec pros want more industry cooperation and support for open standards
Driven by security operations complexity, 46% of organizations are consolidating or plan on consolidating the number of vendors they do business with. As a result of this drive toward security technology consolidation, 77% of infosec pros would like to see more industry cooperation and support for open standards promoting interoperability.
As thousands of cybersecurity technology vendors compete against each other across numerous security product categories, organizations are aiming to optimize all security technologies in their stack at once, and vendors that support open standards for technology integration will be best positioned to meet this change in the industry, according to a new annual global study of cybersecurity professionals by ISSA and ESG.
The new research report, Technology Perspectives from Cybersecurity Professionals, surveyed 280 cybersecurity professionals, focused on security processes and technologies, and revealed that 83% of security professionals believe that future technology interoperability depends upon established industry standards.
The report shows a cybersecurity landscape that looks favorably toward security product suites (or platforms) as it moves away from a defense-in-depth strategy based on deploying cybersecurity products; a historical precedent that has steadily increased organizational complexity and contributed to substantial operations overhead.
From best-of-breed to integrated platforms
Security professionals have long believed that purchasing best-of-breed products provided the best overall defense-in-depth. However, as the number of security products has skyrocketed, many organizations manage 25 or more independent security tools—an approach that comes with substantial operations overhead.
Security professionals identified numerous problems associated with managing an assortment of security products from different vendors such as increased training requirements, difficulty getting a holistic picture of security, and the need for manual intervention to fill the gaps between products. As a result of these issues, 21% of organizations are consolidating the number of vendors they do business with and 25% are considering consolidating.
Most common reasons for vendor consolidation
- Operational efficiencies realized by security and IT teams (65%)
- Tighter integration between previously disparate security controls (60%)
- Improved threat detection efficiency (i.e., accurate high-fidelity alerts, better cyber-risk identification, etc.) (51%)
- 53% tend to purchase or will in the future purchase security technology platforms rather than best-of-breed products
- 84% believe that a product’s integration capabilities are important and 86% of respondents say it is either critical or important that best-of-breed products are built for integration with other products
- After cost (46%), product integration capabilities are the most important security product consideration for 37% of security professionals
Evaluating “enterprise-class” security vendors
As the security technology market consolidates, “centers of gravity” will become established around a few large vendors and affect future buying strategies; organizations will place more bets on fewer security technology vendors. According to cybersecurity professionals, the most important attributes for an enterprise-class cybersecurity vendor are:
- A proven track record of executing its cybersecurity product roadmap and strategy (34%)
- Provides products designed for enterprise-scale, integration, and business process requirements (33%)
- Commitment to reducing operational complexity, lowering cost of ownership (31%)
“Given that nearly three-fourths (73%) of cybersecurity professionals feel that vendors engage in hype over substance, the vendors that demonstrate a genuine commitment towards supporting open standards will be best positioned to survive the industry-wide consolidation taking place,” said Candy Alexander, Board President, ISSA International. “CISOs have been so overburdened with vendor noise and dealing with security ‘tool sprawl’ that for many a wave of vendor consolidation is like a breath of fresh air.”
“The report reveals a massive change taking place within the industry, one that for many feels like a long time coming,” said Jon Oltsik, Senior Principal Analyst and ESG Fellow. “The fact that 36% of organizations might be willing to buy most security technologies from a single vendor speaks volumes to the shift in purchasing behavior as CISOs are openly considering security platforms in lieu of best-of-breed point tools.”
After reviewing this data, ESG and ISSA recommend that organizations push their security vendors to adopt open industry standards, possibly in cooperation with industry ISACs. There are a few established security standards from MITRE, OASIS, and the Open Cybersecurity Alliance (OCA), available, and while many vendors speak favorably of open standards, most do not actively participate or contribute to them.
This lukewarm behavior could change quickly, however, if cybersecurity professionals—especially those at organizations large enough to send a signal to the market—establish best practices for vendor qualification with process requirements that include adopting and developing open standards for technology integration as part of the comprehensive process for all security technology procurement.