The benefits of vendor consolidation

We spoke to Palo Alto’s Simon Crocker about this growing trend and why the enterprise is turning towards this approach in the wake of security concerns

Over the last two years, organisations have expanded their use of cloud environments by more than 25%. Now, though, many are struggling to manage the technical complexity of cloud migration.

Gartner has been one of the prominent voices for the enterprise in recent times, particularly when it comes to weighing up the benefits of vendor consolidation in this cloud-dominated market. In fact, vendor consolidation was one of their Top 7 Trends in Cybersecurity for 2022, with Susan Moore, Communications Director of Asia Pacific for Gartner, stating in April this year:

“Security products are converging. Vendors are consolidating security functions into single platforms and introducing pricing and licensing options to make packaged solutions more attractive.

“While it may introduce new challenges – such as reduced negotiating power and potential single points of failure – Gartner sees consolidation as a welcome trend that should reduce complexity, cut costs and improve efficiency, leading to better overall security.”

As more cybersecurity point solutions come to market, the leading technology consultants believe that security and risk management leaders have reached the tipping point for vendor integration and management, claiming they must ‘rationalise their information security portfolio to determine if a consolidation strategy or best-of-breed is the right approach’.

So, does a multi-vendor approach really result in inconsistent and subpar security? And are there ever benefits to multi-vendor or this ‘best of breed’ approach? 

At Palo Alto Networks, a world leader in cybersecurity, their expanding product portfolio across network security, cloud security and security operations is paying dividends as customers look to reduce their vendor footprint. Enabling the ‘Zero Trust Enterprise’, responding to a security incident, and partnering to deliver better security outcomes are their bread-and-butter through a world-class partner ecosystem.

Simon Crocker is the Senior Director for Systems Engineering at Palo Alto Networks, UK&I, having previously been with Juniper Networks for 14 years. In his role, he is responsible for all of the technical pre-sales engagements on the territory. Crocker’s eight years with the company has seen him witness their growth from a single-point product company to a portfolio company around cybersecurity. 

The myth of the single pane of glass

When Crocker is asked about the recent buzzwords around a ‘single pane of glass’, where there’s supposedly an avalanche of cost efficiencies, better visibility, and potentially better security around having one platform, Crocker thinks there’s a misunderstanding in the industry for those outside cyber circles.

“I think there's this naive image in a lot of people's minds, the layman's mind, that a business, for cybersecurity, has a handful of vendors, big household names, to handle their web gateway, email system, and so on, but the actual reality is that they've got hundreds.”

With this way of thinking, consolidation means bringing a dozen or so vendors down to a couple, but in truth, Crocker adds that “many of the larger enterprise businesses have hundreds of solutions”. 

“Everywhere from the manufacturing floor through to the office, the door entry systems…it can number 150 and counting. A point product solution to fix these individual elements adds to the complexity, the management and the overheads.”

Are multiple point products contributing to the cyber talent crisis?

Crocker explains that technology specialists can sometimes want to experience the ‘greener grass’ of working for a vendor like a cloud service provider, but it creates a problem for business as end-users as they struggle to recruit cybersecurity-aware professionals who can handle the sheer number of point solutions.

“So that's where this consolidation comes in. Palo Alto may go in there and say, ‘Right, we're going to do a considerable consolidation for you, let's say, 20 different point products down to two or three’. Using our portfolio, that would have a massive impact in a positive way to that customer’s security, posture, simplification, ease of management.”

Crocker adds: “There is no mythical nirvana of a single pane of glass, but we can provide a single management for our solutions – just not for the other 110 that you've got in your network!”

Security posture needs tightening

According to Crocker, “the governance risk and compliance teams need a bigger voice around what's going on in some of these organisations”. 

“While a CIO may have views on security posture, the GRC need to look at the risk of having way too many solutions in a business around security, because the more complexity that you bring into that business, and into that architecture and your security posture, the bigger the likelihood is that there's going to be a mistake made. Especially when you have overworked human intervention. These are the little chinks in the armour that the adversaries will exploit for sure. Tightening up that security posture is what is needed.”

Benefits of a multi-vendor approach?

Palo Alto Networks don't profess to be able to do everything within cybersecurity, but the company does know where to play and how to strengthen consolidation around everything from the endpoint and the cloud to the network. 

“We have good collaboration through APIs and automation with other vendors. We are not one of those vendors that want world domination. We work with a whole host of vendors, integrating with solutions like email systems or web applications firewalls (WAF), the other sort of components that you would need in your cybersecurity posture. We can definitely add value to intelligence feeds into that,” said Crocker. 

An example of this is Palo Alto’s new Web Application and API Security (Out-of-Band WAAS) functionality. Through comprehensive detection and prevention of web application vulnerabilities and unsecured APIs, businesses could prevent multimillion dollar security incidents.

“Companies no longer have to decide between application security and performance,” said Ankur Shah, Senior Vice President, Prisma Cloud, Palo Alto Networks. “By adding Out-of-Band WAAS to Prisma Cloud, we are empowering customers with flexible security options that fit their evolving application needs”.

Palo Alto’s friendly manner of approach to integration with third parties demonstrates willingness to collaborate but also to share intel. Without this, Crocker suggests: “You're just going to get a patchy response and inconsistent reporting to the same system. You are not going to get false positives. You're going to just end up in a mess to be honest. So that's why we collaborate.”

Share

Featured Articles

McLaren Racing & Alteryx Analytics: Data-driven to win

McLaren CEO Zak Brown, Head of Technology Ed Brown, and Alteryx Analytics’ CTO, Alan Jacobsen, detail the widespread organisational benefits of good data

Bitcoin’s climate footprint is a step in the wrong direction

Bitcoin mining is becoming more damaging to the climate, according to new research, with the cost of impact outweighing the cost of coins in some cases

ICYMI: The potential of 5G and Europe’s technology gap

A week is a long time in tech, so here’s a round-up of Technology Magazine articles that have been starting conversations around the world

Oracle NetSuite’s SuiteWorld 2022 - Day 3 Highlights

Data & Data Analytics

Unlocking 5G’s potential with network slicing

Cloud & Cybersecurity

Global tech teams rewarded by post-pandemic performance

Digital Transformation