Reducing The Risk Of Weak Links With Consolidation

The breadth of tools that IT teams have at their disposal to protect their organisations can be both a blessing and a curse. On the one hand, having a diverse array of products and technologies to detect threats and help protect the organisation can be seen as a good thing; but on the other, it raises the risk that there could be a weak link somewhere within this array of tools.

As the SolarWinds attack and the Log4j vulnerability make all too clear, the old adage about a chain only being as strong as its weakest link has never been more relevant. 

Consolidation of security technologies presents a way to “remove” weak links and blunt the impact of this risk. However, this approach needs to be carried out in a carefully planned manner if cybersecurity professionals hope to reduce their overall risk without creating a new set of security challenges that need to be managed.

Identify Opportunities For Consolidation - But Be Smart About It

How best to get started? Organisations need to evaluate their existing security vendors by performing a Know Your Third-Party assessment. Security vendors that were once “best of breed” might not have been keeping pace with the rapidly evolving threat landscape over the years; alternately, they might not have been consistently investing in the ongoing development of their product or the people they hire.

Once a potential “weak link” vendor has been identified, the next step is to see if there is a vendor who can provide similar functionality as part of a consolidated platform. There has been a fair amount of consolidation in the technology space in recent years - Cisco’s purchase of Splunk, for example – so this task is more easily accomplished today than it would have been ten or even five years ago.

Before moving forward with this type of consolidation, however, organisations should make sure that the vendor services that will be connecting with internal systems comply with the security requirements specified by the organisation.

If your organisation embraces zero trust principles that eliminate implicit trust, for instance, then the services need to leverage these principles as well. 

Additionally, the vendor services should only be accessing the specific resources necessary to carry out their function; providing full access to network resources increases risk. Again, the idea is not to swap out one weak link and inadvertently create a different weak link.

Another consideration: even if a single vendor provides multiple security products, do those different products seamlessly integrate with one another? To our earlier point about companies growing through acquisition and buying up smaller companies, this isn’t always a foregone conclusion. Organisations should seek out vendors that have done the work to make sure their various acquired technologies all work with one another so that security teams can easily gain a comprehensive view across them. Careful evaluation is required in this case.

The Goal: Less Complexity, Less Risk 

It can be tempting to view technology consolidation solely as a cost-cutting exercise – particularly if there is a lot of input coming from the finance side of the house. This is the wrong lens through which to view a consolidation exercise. 

There can certainly be financial benefits if an organisation chooses to consolidate multiple products or services with one vendor, but that shouldn’t be the primary consideration. The focus should be on looking at the supply chain and identifying areas to remove complexity and reduce overall risk. 

This means that CIOs and CISOs should be actively involved in any technology consolidation activities - the process should not be left solely in the hands of the finance team, who might only have a cost reduction mindset rather than the fuller security and risk management mindset.

Ultimately, supply chain complexities – and the inadvertent loopholes that they offer to bad actors – make a consolidation strategy to evaluate and adopt best-of-breed technologies more important than ever.

By taking a well thought out approach to eliminating weak links in their supply chain through consolidation, CIOs, CISOs, and other cybersecurity professionals will be able to bolster their overall security posture, allowing them to better navigate today’s challenging threat landscape. 

Manuel Sanchez is Information Security and Compliance Specialist at iManage

Image: Fill

You Might Also Read:

Misconfigured Cloud Applications Are Putting Your Data At Risk:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« The Importance Of Cloud Access Security In Today's Cyber Landscape
Fast Forward - Technology Developments By 2040 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

WireX Systems

WireX Systems

WireX is an innovative network intelligence and forensics company that is changing the way businesses resolve cyber-attacks.

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

Bl4ckswan

Bl4ckswan

Bl4ckswan is a Management Consulting firm specialized in the delivery of information security and compliance services.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

CITRA - Information Security and Emergency Response

CITRA - Information Security and Emergency Response

CITRA is responsible for overseeing the telecommunications sector, monitoring and protecting the interests of users and service providers, and regulating the services of telecomms networks in Kuwait.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

Beround

Beround

Beround is an IT consultancy firm specialized in software testing.