Macroeconomic trends are pushing most organizations to tighten their budgets across all departments, including those of the chief information security officer.
These leaders will be looking for tools that serve multiple functions for data classification, access governance, risk detection, remediation, alerting, and more.
This will also extend to hiring and the talent required for a lean security team, as organizations no longer have the budget to hire 10 people to deploy and manage security tools on an ongoing basis.
John Bambenek, principal threat hunter at Netenrich, a security and operations analytics SaaS company, calls the outlook for CISO budgets in 2023 a “mixed bag”. “Some enterprises will impose across-the-board budget cuts, some will be more tactical, and others will weather the economic headwinds without much alteration to their approach,” he says.
He points out there has always been a pressure to do more with less (or even do more with the same), which means tool consolidation becomes an easy hatch to reach for.
“That said, in several decades, few vendors who consolidate tools have truly been effective, which means point solutions invariably always come back, especially as new security risks emerge,” Bambenek notes. “At this point it seems more like a pendulum of market tendencies.”
Budgets Affect Both Solutions, IT Security Staff
Piyush Pandey, CEO at Pathlock, a provider of unified access orchestration, says budget constraints will affect both solution purchases, but also potentially the staff required to run them.
“This will likely drive the consolidation of solutions that span across multiple organizations, such as access, compliance, and security tools,” he says. “This consolidation into platforms will help organizations prioritize their resources — time, money, and people.”
He says organizations that focus on comprehensive solutions can drive more synergies across different departments to be compliant.
“This won’t just be about cost savings, however — it will also help reduce the complexity of their infrastructure, eliminating multiple standalone tools and solutions,” Pandey adds.
Mike Parkin, senior technical engineer at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation, explains the global financial downturn has hit multiple sectors, which means budgets are short overall.
“The challenge will be keeping cybersecurity postures strong, even in the face of budget cuts,” he says. “Threat actors aren’t going to back off and we can’t really afford to let our defenses down.”
From his perspective, budget limitations mean getting the “best bang for the buck”, which often means focusing on the tools that are giving the most perceived value.
Moving Security to a One-Stop Shop
Parkin says platform solutions try to fill that role by being a “one-stop shop”, which is great if the organization is already on the platform but could be an expensive migration if they’re not already there.
“Moving to a single platform for a one-stop-shop solution from a single vendor can have some legitimate advantages,” he adds. “Everything will play nice together, and you have a single point of contact for support.”
A better solution, however, might be to deploy an integration system to pull existing tools together and deliver a similar result, then remove the ones that don’t provide enough value.
Parkin also notes there can be drawbacks to consolidating onto a single platform, as migration can be expensive, especially when budgets are limited. “It can be difficult to find a single solution that meets all an organization’s needs and, more importantly, provides the performance they need across the environment,” he says.
While it may not be practical, or affordable, to keep everything the security operations team wants, they can get similar efficiencies and improved effectiveness by using a tool to integrate and coordinate their existing solutions.
Bambenek agrees many vendors approach consolidation by acquiring companies and building stitched-together tools that end up not doing any function particularly well.
“It’s more important to do those functions effectively than simply checking items off on a list,” he says.
He says the key to consolidation done well is whether the underlying vendor has adopted a big data approach to the problem space. “Security is generally too fragmented to begin with, the various security functions need to be feeding data into each other so real context and threat models can be created,” Bambenek says.
Focusing on Comprehensive Coverage
Pandey says IT teams should rethink their investment in all solutions by focusing on tools that provide the most comprehensive coverage across their organization’s applications and critical business systems.
“Historically for large organizations, business apps are managed by different departments and teams with different tools, processes, and maturity,” he explains. “IT security should try to understand the true risk and compliance needs of business and invest in platforms that automate the various manual processes.”
He says they should also consider platforms that can adapt to evolving risk challenges (regulations, cyber threats, etc.) and provide real-time monitoring and alerting capabilities.
Lastly, they should prioritize investments that can integrate seamlessly with their existing operational infrastructure and provide actionable insights for all teams to respond to risk effectively.