When It Comes To Security Tools, More Isn't More

Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success.

Lamont Orange, Chief Information Security Officer at Netskope

January 11, 2021

5 Min Read

Companies fast-tracked their security plans in 2020 due to the pandemic. Timelines that had stretched into the next three or five years were condensed into six months as the business landscape underwent rapid change and the remote workforce boomed. 

Even pre-pandemic, many companies were undergoing significant transformation as they transitioned to cloud or hybrid architectures and grappled with problems caused by tool sprawl due to the quick adoption of many disparate tools. For some, COVID fueled and exacerbated these challenges.

Organizations, and especially chief information security officers (CISOs), should keep the following in mind with the COVID-accelerated shift to the cloud, where they're running into trouble with tool sprawl and looking to implement new security solutions.

Factors to Remember When Shifting to the Cloud
It's no secret that companies have been moving to the cloud in droves. In some cases, the pandemic sparked this shift, but many were already on the path. And COVID's impact hasn't been all negative; in many ways it let organizations hit the "restart" button and take a close look at their security strategy. 

Regardless of what prompts a company's move to the cloud, it's important to not neglect the first requirement of any successful security program: Visibility. 

Companies must be cognizant that their existing tools may not provide as much (if any) value in the cloud. Visibility is the key to determining whether old tools still provide value, and if not, what should be replaced. 

Additionally, companies need to set a cadence of patching and maintaining systems that are no longer on-premises. Even though an organization is in the cloud, there are still infrastructure components that must be patched, like software as a service (SaaS), infrastructure as a service (IaaS), function as a service (FaaS), and containerization. 

When it comes to data loss prevention (DLP), storage strategies used on-premises won't fit the bill. There will be an onslaught of SaaS applications storing data, so companies need a strategy for gaining the data control and protection they need. 

It's also critical for organizations to manage endpoints effectively, since that's where the data is going. Companies need to ensure that their endpoints control threat protection at every stage of the journey.

In the rush to adopt new technology and transition to the cloud, companies tend to neglect these practices and fail to uphold security standards. This can cause major security gaps down the line.

The Trouble With Tool Sprawl, and the Perks of Eliminating It
Many organizations felt tremendous pressure to bolster their security strategy when their workforce suddenly went remote in 2020. For some, this sparked panic-buying of new solutions without much consideration to security, return on investment (ROI), and integration. We have yet to see the long-term effects of these actions, but there's no doubt that they caused numerous gaps in security, and bad actors may be lying in wait. 

But COVID isn't 100% to blame: Tool sprawl has been alive and well since long before the pandemic. This added complexity creates natural gaps, with negative effects including breaches, disclosures, and even a scramble to remove new tools that create vulnerabilities. Tool sprawl also generates more operational challenges for security teams and can increase how long it takes to identify, resolve, and report incidents. 

Another issue with many disparate tools is a dip in workforce productivity and satisfaction. Managing multivendor environments is operationally challenging and adds complexity. Complexity introduces gaps and mounting alerts that stress teams' productivity and endurance. If, for example, small teams are bombarded with thousands of security alerts per day, it hurts their work efficiency and sense of well-being. Alert-management tools (especially those powered by artificial intelligence and machine learning) can help teams sift through the signal-to-noise ratio and uncover what's important. However, the ultimate goal should be to eliminate tool sprawl altogether through optimization. Integration is the key to simplification.

At its core, tool sprawl may be due to security leaders trying to "technology" the business with a tool-centric approach. By taking a more business-centric approach and focusing on optimizing tools, companies stand to enhance security, increase ROI, save on budget, and see immediate value from moving to new stacks.

Still in the Market for New Tools? Consider This
Of course, not all tools are bad. But companies need to do their due diligence when researching new solutions because their old checklists may no longer apply. 

Focus on rationalizing and optimizing new tools by taking a more business-focused approach. For example, CISOs can ask themselves: Can I consolidate these four solutions that provide marginal value into one that covers all my bases? 

When onboarding new solutions, CISOs should put as much emphasis on the capabilities of new tools as on who they're purchasing them from. Does the vendor pride itself on its security standards? Does it have the most robust certifications? Does it employ individuals who are exclusively responsible for security? 

Since applications have access to an organization's data, workforce, and team, these factors should be closely examined before diving into a tool's capabilities, integrations with existing tools, management, risk factors, and more.

Businesses have undergone a massive amount of change recently, and there are no signs of that slowing down. As companies take on security, it's important to remember that, when it comes to tools, more isn't always more. Organizations that focus on optimizing their tools, cutting down on tool sprawl, and taking a strategic approach to transitioning to the cloud are poised for success as the world continues creating new demands for security.

About the Author(s)

Lamont Orange

Chief Information Security Officer at Netskope

Lamont Orange has more than 20 years of experience in the information security industry, having previously served as vice president of enterprise security for Charter Communications (now Spectrum) and as senior manager for the security and technology services practice at Ernst & Young. Prior to joining Netskope, Lamont was CISO for Vista Equity Partners/Vista Consulting Group. He was responsible for managing the cybersecurity programs and development of cybersecurity talent within the Vista portfolio, which included more than 50 companies. Prior to Vista, Lamont was Information Security Officer for Websense. In that role, he was responsible for developing, maintaining and socializing the company's internal security program.  He was also responsible for working with current and potential customers demonstrating security of the solutions and the connection to the overall security ecosystem.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights