Vendor Consolidation: Five Guidelines to Follow

By Joe Robertson | February 11, 2021

The consolidation of networking resources has become a top priority for many organizations. That’s because one of the outcomes of rapid digital innovation has been an explosion in the number of solutions and vendors now inside most networks. IT teams, especially those wrestling with the ongoing cyber skills shortage, are left trying to maintain, configure, and optimize a variety of solutions that all seem to function independently. As a result, teams are overtaxed, visibility and control is fractured, and in many cases, TCO has skyrocketed.

However, CISOs must temper the impulse to over-consolidate. Consolidation for consolidation’s sake may simply create different, and potentially bigger, problems. Moving to a single vendor for all your security and networking solutions, for example, or even to a tiny handful, may not be reasonable in every situation. There is no one solution for something as complex as cybersecurity. The goal needs to be to consolidate to a handful of vendors whose solutions can work together to offer consolidated, single-pane-of-glass views into your tools, with solutions that actually talk to each other and work together across the infrastructure not just a part of it—unlike so many of today’s point products. 

Top 5 Guidelines for Selecting the Right Vendors

Here are five things CISOs should look for when choosing a new security vendor:

  1. Cybersecurity and networking tools should work together. Ideally, CISOs should deploy networking and security tools designed to work as a single system to create a dynamic, security-driven network. It is impossible to protect a fast and adaptable network infrastructure with static and isolated security solutions; they are constantly trying to catch up every time the network changes. This leaves serious security gaps that cybercriminals can easily target. CISOs need networking and security tools that work together as two halves of the same system. That way, when the network needs to change or scale to meet evolving business requirements, security is already part of the process. 
  2. Security solutions need to function everywhere. Security solutions should be chosen for their ability to operate in any business environment. They should function natively in all of the major cloud platforms and be available in any form factor to support any environment, from ultra-high-performance data centers to desktops to virtual environments to containers. And they should be able to see, communicate, and share policies and protocols regardless of where they are deployed, including in operational technology environments. This simplifies deployment and ongoing management, even as an organization expands its network, develops new protocols, moves essential services across multiple cloud environments, distributes data, or relies on a growing range of applications and services.
  3. Look for solutions that leverage open standards. Most likely there isn’t a vendor that can meet every requirement. That’s why CISOs need to centralize on solutions designed to interoperate with tools from other vendors. Ensuring interoperability requires selecting vendors that build open systems based on APIs and common protocols. Their security platforms should be designed to work seamlessly with third-party solutions. They should provide a single-pane-of-glass management system that spans their entire portfolio, and ideally, third-party solutions as well. Additionally, look for vendors who participate in technology alliance partnerships, and who are committed to basic principles of interoperability. 
  4. Don’t centralize on a vendor’s portfolio based on a single point product or solution. The last thing you want to do is choose a vendor with a bundle of solutions, only to find that several of them are barely adequate, or are managed differently. Even if they do work well together, if one of the components is not up to par, it can undermine the security of the entire architecture. Look for vendors whose individual technologies stand on their own but of course integrate and work together. And one way to know is to check to see if they are regularly subjected to rigorous third-party testing. It is also important to gather information from your peers from the Gartner Peer Insights page, where organizations provide unfiltered evaluations of different technologies.
  5. Look for vendors that collaborate. One way to know if a vendor is committed to open systems is to see how well they play with others. Security vendors should be participating in things like the Cyber Threat Alliance, that are committed to the sharing of threat intelligence between security vendors. There are a host of such organizations, ranging from the World Economic Forum’s Centre for Cybersecurity, to law enforcement and intelligence gathering organizations, like Interpol, NATO, and the FBI, to local or industry-based ISAC communities dedicated to sharing threat intelligence. They should also be active participants in governing bodies and panels helping to design, build, and promote industry standards.

Better Security for Less

Of course, these aren’t the only options. The right solution for an organization may not meet all of these, but if CISOs follow these guidelines, they will be in a much better position to consolidate vendors, reduce ongoing management costs, keep vendor sprawl under control, and secure expanding digital footprints without overwhelming IT staff. As a result, IT leaders can have more freedom to develop the business networks they need without fear of being exposed to additional, unnecessary risks.