Securing your cloud data: Point solutions vs single pane of glass
Traditional, perimeter-focused security models that sufficed for an on-premises world are no longer effective in a cloud-centric reality.
IT decision-makers must address new and innovative ways of protecting their corporate data that now resides on-premises, on mobile devices, and in the cloud.
A report by Osterman Research, sponsored by Forcepoint, compared the advantages and disadvantages of using different approaches to securing a company’s cloud data.
The two general approaches to addressing whichever pattern is most relevant are integrating best-of-breed products to create a unified security posture or using a unified solution that delivers an integrated best-in-class security posture.
Osterman Research says both of these approaches have advantages and disadvantages.
Approach 1: Integrate multiple products
Integrating multiple products is based on the idea that different vendors have different strengths, and that one vendor is unlikely to offer a complete suite of defensive tools.
Organisations proceeding down this path take on-board the responsibility to identify, provision, and integrate the right mix of products to address current and emerging threats.
- Advantage: Organisations can create a tailored security environment that is responsive to the specific threats they are experiencing, using the best-in-class products available to address specific challenges.
- Disadvantage: Acquiring and managing multiple security products is generally a more expensive route compared with buying a unified solution. It comes with the responsibility to manage the complexities of multiple disparate products, such as working with different security interfaces.
- Disadvantage: The capabilities of products from different vendors can diverge over time, undermining an integration story that made sense on day one with the realities of vendors responding to different opportunities in a dynamic market. When one vendor upgrades its security capabilities, and these are dependent on another security vendor that is putting fewer engineering resources into its products, the degraded interlinked dependencies can cause a weakened posture.
- Disadvantage: Organisations going down the integration path need to ensure they have sufficiently well-trained IT security professionals to manage a diverse array of security capabilities. With cybersecurity specialists being difficult to find and expensive as a consequence, the war for talent can render it difficult to find and retain the right people.
Approach 2: Acquire a unified security solution
Vendors developing a unified security solution attempt to create a wide-ranging offering with as many separate capabilities as well integrated as possible, with usage and management coherency across the different modules and subsystems.
A single pane of glass approach can manage all of the available capabilities, as opposed to having separate and different management interfaces.
- Advantage: While security is an organisational responsibility for many customers, it is a core competency for very few. Coordinating the integration of multiple security products is a conceptually challenging task, with many technical complexities. Acquiring a unified security solution allows an organisation to leverage vendors where security is the core competency.
- Advantage: Vendors often have greater weight in the war for talent, being able to attract top cybersecurity talent with remuneration schemes and challenging and complex work tasks that surpass what any one organisation can deliver.
Working with a vendor offering a unified solution gives organisations an indirect way of gaining access to that same talent.
- Advantage: Increasingly, unified security offerings allow subscription to various defences independently, allowing replacement of existing on-premises vendors at staggered renewal times, supporting a smooth transition from multiple products to a unified security posture. This is applicable to UTM vendors that force switching to everything at once. For example, if an organisation’s web security is up for renewal and decision makers are looking at replacements, it may be necessary to replace other parts of the defence even if there is still remaining time on those subscriptions.
- Disadvantage: New entrant vendors generally bring new security products to market faster than large and established security vendors can update their unified offerings. This means that new and emerging threats may be better addressed by a new point solution, giving faster protection to organisational networks, applications, data and people in some situations. It must be noted, however, that while employing these point vendors may offer a short-term advantage, it may not be the best long-term strategy.
Assessment of TCO and level of security
Organisations that are able to use fewer security products that individually offer more capability are likely to have a lower total cost of ownership and a higher overall level of security.
Fewer, separate products mean lower coordination and configuration costs both initially and over time, a unified end-to-end security solution is likely to provide the best coverage against current, new and emerging threats.
The threatscape is expanding as organisations are migrating more and more of their data and IT functionality to the cloud.
These trends are creating a situation in which the old security models no longer work as well as they once did and must be carefully re-evaluated, new security models must adopted, and new strategies developed to ensure that all sensitive corporate data, regardless of its location, can be adequately protected.
Choosing the right security vendors – arguably a more important priority in the cloud era than it ever was in the on-premises era – must be among the highest priorities for both IT and business decision makers.