Regulatory requirements such as the General Data Protection Regulation (GDPR) and high-profile breaches have moved cybersecurity out of IT and into the board room. For security practitioners, this level of visibility has helped ease the budgeting process and allowed them to add multiple products and services to their security solutions toolkits.
However, as any security professional — or any business professional — will tell you, getting from budget approval to spending is just the first step. With technology investment, particularly for high-visibility projects such as security, comes the expectation of improvement over your current situation. So has all this security investment actually solved the problem, or has it created new ones?
Too Many Security Solutions, Too Little Time
A recent study conducted by Forrester Consulting and commissioned by IBM explored security spending trends and how the resulting complexity has impacted organizations’ ability to react to risks and threats. For the report, Forrester Consulting surveyed 200 security professionals, and the resulting data lays bare a growing problem for today’s enterprises: The rapid addition of security solutions and services over the last few years has increased the complexity of these environments so much that it is extremely difficult to quickly and effectively identify and act on threats. In addition, so many disconnected point solutions have made it challenging to adequately demonstrate return on investment (ROI) for the products they have, thereby threatening future investment.
It’s probably not a huge surprise to most security professionals that a complex environment leads to delays in identifying and responding to security risks. What is surprising, however, is how organizations are benefiting by starting the process of simplifying their security environments. Certainly, speeding up the time it takes to identify risks and respond to security threats is an advantage. However, by simplifying their security ecosystem, organizations are using security to advance their business goals.
What Do Security Simplification Champions Have in Common?
Forty-four percent of Forrester’s respondents have already taken steps toward simplifying their security environments and have made good progress. Known as “champions,” these organizations can serve as a model for what other organizations can expect from these efforts. Let’s take a closer look at three key characteristics most security simplification champions have in common.
1. Improved Strategic Focus
According to the World Economic Forum (WEF)’s annual “Global Risks Report,” the world’s leaders rate cyber-related risks in the top right quadrant of global risks, both in terms of likelihood and impact. As the business focuses on cybersecurity, it will become more important for teams to shift their own perception of security from a cost center to a revenue generator. This requires the security team to think smarter about its spending and get the most out of every technology and service.
Simplification champions are fully aware of this: Two-thirds have been able to reduce their repetitive spending by adjusting processes, rethinking how existing tools are used and squeezing as much value as possible out of existing applications, according to Forrester. This helps them demonstrate value to the business while also giving the security team the flexibility to pivot on future security spending if needed.
2. Better Visibility and More Comprehensive Risk Identification
A security analyst typically investigates 20–25 incidents every day. Data silos make the investigation and coordination of attack response time-consuming and increase the likelihood that attack indicators will go undetected or ignored. That’s why 63 percent of simplification champions have consolidated multiple security solutions onto a single platform or with one vendor.
By reducing data silos and consolidating core capabilities under a single platform, organizations can get a more comprehensive view of their security data and the reach of each compromise. This reduces delays in sharing information and offers better control over each of the capabilities that are being managed.
3. Increased Cyber Resilience
A strong majority of champions — 75 percent — are satisfied with their ability to respond to threats, compared to only 42 percent of those that haven’t taken steps toward simplifying their network. A whopping 83 percent were satisfied with their ability to recover from a breach. Resilience is critical; studies have shown that improving cyber resilience can help organizations save millions of dollars in the event of a data breach.
Grow Your Business Over the Long Term
It’s important to note that simplification champions said they still had more work to do to simplify their security environments and that it’s likely to be an ongoing battle as the security landscape shifts. But by prioritizing simplification now, these security teams put themselves in a better position to adapt over time and continuously grow the business.