Cybersecurity Dive: Security vendor consolidation a priority for majority of organizations worldwide

Gartner research shows a surge in organizations that want to reduce the complexity of their security stacks.

Picture of a cybersecurity lock

Dive Brief:

  • Three-quarters of organizations are working to consolidate the number of cybersecurity vendors they use amid heightened concerns about operational complexity and a need to strengthen risk mitigation, according to research from Gartner released Tuesday. The percentage is more than double the 29% rate of organizations pursuing consolidation in 2020.
  • A majority of IT security leaders are concerned about a lack of efficiency in their security stack, according to the research. Leaders are actively trying to consolidate the number of vendors they work with in order to pursue a more integrated security stack. Budget constraints were not a major issue for most organizations.
  • Organizations are pursuing extended detection and response (XDR) technology for endpoints and secure access service edge (SASE) for edge connectivity and security on the back end.

The need for vendor consolidation follows a rapid increase in malicious cyberattacks on U.S. organizations, with nation-state and criminal actors launching ransomware attacks and taking advantage of software vulnerabilities.

At the same time, organizations have more complex security environments, with a large percentage of workers operating remotely while security operations staff remain desperately short-handed.

“Greater than 50% of security respondents indicate that the primary reason for consolidation is to improve the productivity of the scarce security staff they have, improve the efficacy of the security stack and improve visibility and reporting,” Peter Firstbrook, VP analyst at Gartner, said via email. “Spending and procurement ease were cited by only 35% of respondents.”

The research was based on 418 respondents in North America, the Asia-Pacific region, Europe, the Middle East and Africa. The online research was conducted during March and April.

The desire to consolidate and create a more integrated security stack has been echoed by a number of major information security providers in recent years.Recently CrowdStrike echoed similar demands from customers during a quarterly earnings call.

Eric Bell, managing director at Progress Partners, said the need for integrated security technology had driven much of the recent wave of M&A activity as cybersecurity vendors look to provide more comprehensive platforms.

“Rather than having to worry about integrating multiple tools that may (or may not) work together or talk to each other, CISOs often prefer to work with one integrated platform provider who already has done the work to integrate its toolset,” Bell said via email.

A July study by the Information Systems Security Association and Enterprise Strategy Group showed nearly half of organizations were pursuing vendor consolidation. More than three-quarters of information security professionals wanted to see support for open standards, which would allow security technologies to work in a more integrated manner.

Published via: Cybersecurity Dive