According to a Forrester survey of IT decision-makers, more than half of businesses use 20 or more tools between security and operations, and 70% say these tools lack full integration. This is a prime example of tool sprawl, or adoption of too many one-off specialized solutions. Unfortunately, tool sprawl is a growing issue for many organizations – a trap that’s been made easier to fall into with the advent of cloud and software-as-a-service (SaaS). Using too many tools can reduce productivity, dramatically complicate management workflows, and inflate costs significantly.
Where security is concerned, WatchGuard’s director of product management, Himanshu Verma, says that simply deploying more technologies isn’t the best way to prevent cyber incidents and can in fact have the opposite effect. Here’s a brief excerpt from Himanshu’s recent guest article for Dark Reading on the subject:
“Every organization should be on guard against security tool sprawl. With the increase in IT security spending and the growing adoption of new defense technologies, network administrators often find themselves toggling between a large roster of security solutions with overlapping use cases and functionality — sometimes across up to 10 or more in specific functional areas (based on conversations I’ve had network admin customers and resellers who work with them). This creates many issues, including everything from licensing costs to reduced productivity and increased chances of missing or mishandling critical patches and bug fixes.
IT decision-makers within organizations of all sizes should focus on putting measures into place that curb security tool sprawl and curtail the serious security issues that can arise as a result. Here are several key best practices that every organization can use to avoid security tool sprawl:
- Clearly identify the scope and entities of coverage required before deploying a new security tool. It’s critical that you understand the various components of the IT infrastructure at hand (that is, network, endpoint, wireless, identities, etc.) and map security coverage across individual use cases (such as users, applications, physical, virtual, etc.). This will allow you to explore opportunities for consolidation when choosing the appropriate security solutions.
- Take a platform-based approach to security, leveraging connectors and integrations. Look for platforms that offer layered security services across multiple use cases with a wide breadth of coverage either natively or with seamless technology integrations.”
Check out the full article on Dark Reading for three more of Himanshu’s tips for avoiding security tool sprawl. Stay tuned to Secplicity for more security news, analysis and best practices, and be sure to sign up for the Secplicity Email Newsletter to get the latest updates delivered straight to your inbox.