Cybersecurity Vendor Consolidation on the Horizon

A survey of 280 cybersecurity professionals conducted by the research firm Enterprise Strategy Group (ESG) on behalf of Information Systems Security Association (ISSA) found nearly half (46%) of respondents work at organizations that either plan to (25%) or are currently consolidating (21%) the number of security vendors they rely on.

ISSA president Candy Alexander said the number of security vendors from which organizations buy products and services has exploded in recent years. The challenge is that most cybersecurity teams are short-staffed and there simply are not enough individuals on these teams to manage all the products and services that organizations are trying to use.

As a consequence, cybersecurity teams are looking to reduce the number of platforms they have to use by, for example, relying more on cloud services that combine multiple features in one platform. These cloud services are replacing myriad tools that were previously deployed separately in an on-premises IT environment, she noted.

More than half of respondents (53%) said they usually purchase—or will purchase in the future—security technology platforms rather than best-of-breed products. The most common benefits of consolidation cited by survey respondents were operational efficiencies realized by security and IT teams (65%), tighter integration between previously disparate security controls (60%) and improved threat detection efficiency (51%).

Jon Oltsik, senior principal analyst for ESG, also noted that the current economic downturn is providing additional economic impetus to reduce costs by consolidating cybersecurity platforms. In fact, many cybersecurity companies are now finding it more challenging to raise additional rounds of capital from venture capital firms. That is also likely to add to a wave of consolidation as many of those companies are acquired by larger companies with greater financial resources.

Many cybersecurity professionals are all too aware of the implications those acquisitions might have on costs and continued support as products and services are either phased out over time or outright discontinued. In fact, the survey found more than three-quarters of respondents (77%) would like to see more industry cooperation and support for open standards to promote interoperability.

A full 83% also said future technology interoperability depends upon established industry standards, and 84% also noted that integration capabilities are important. A total of 86% said it’s either critical or important that best-of-breed products have built-in integration with other products. After cost (46%), product integration capabilities (37%) are the most important security product consideration, the survey found.

Other critical attributes for vendors included a proven track record of executing its cybersecurity product roadmap and strategy (34%), products designed for enterprise-scale, integration and business process requirements (33%) and a commitment to reducing operational complexity and lowering cost of ownership (31%).

Mergers and acquisitions have, of course, always been difficult for cybersecurity teams to navigate. Now, the pace at which those deals are made is likely to accelerate as the valuations of companies decline. Cybersecurity teams will further accelerate that trend as they move to consolidate security vendors to reduce their costs. As a result, it’s going to be more critical than ever for cybersecurity teams to carefully evaluate their future choices.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 747 posts and counting.See all posts by mike-vizard