Gartner 2022 security trend #6: Vendor Consolidation
This is the sixth in our ongoing series of articles about the seven key trends identified in Gartner’s report “Top Trends in Cybersecurity 2022,” released to its clients last March. The trend we’ll discuss here is “Vendor Consolidation.”
Over the next two to three years, Gartner predicts that this trend will see large numbers of companies moving away from the strategy of combining best-of-breed security products from multiple vendors. Instead, they will increasingly pursue a strategy of using single vendors to provide entire categories of security solutions.
For example, by 2024 they expect 30% of enterprises to use a single vendor to provide cloud-based secure web gateways (SWG), cloud access security brokers (CASB), Zero Trust Network Access (ZTNA), and firewall-as-a-service solutions (FWaaS).
By the following year, they expect to see half of all midmarket buyers to be making use of extended detection and response services (XDR) to consolidate and outsource multiple security functions.
And also by 2025, Gartner expects to see converged identity and access platforms account for 70% of new access management, governance, administration, and privileged access deployments.
Forces driving the trend
While multi-vendor best-of-breed portfolios of security solutions are appealing in principle to independent-minded security managers, the sheer complexity of administering such an approach is forcing many to reconsider. It requires a level of skilled technical IT security staffing that most organizations simply don’t have at their disposal.
Furthermore that approach introduces an undesirable level of redundancy. Many different types of security product leverage similar resources to perform their jobs, such as threat information databases. A single-vendor strategy allows buyers to leverage commonalities across solutions.
Another key driver is the emergence of new platform-based solutions such as XDR, secure service edge (SSE), and cloud-based application protection platforms. And vendors are offering significant savings on both platform-based and packaged-solution licensing deals.
The bottom line is that a single-vendor solution reduces complexity and involves considerably lower cost while also driving efficiencies that promise to reduce overall risk and improve security postures.
Gartner also notes that migrating from a multi-vendor to a single-vendor security strategy is not without its share of challenges. It can reduce buyers’ negotiating leverage with vendors, and in the near term it can entail new costs as a result of license overlap. Another potential source of short-term cost is the possible need to engage professional services to manage the migration.
On the technical side, it may introduce risks from a single point of failure, or from the reduction in the number of sources of threat intelligence. And beware vendors who simply bundle multiple non-integrating point products rather than providing genuinely comprehensive platforms and solutions, since these will not deliver the full spectrum of benefits driving this trend from the demand side.
Getting ahead of the trend
In order to get ahead of the vendor consolidation trend, begin by compiling a complete inventory of all your active security products, grouped by the security problems they are intended to solve.
Determine which products have overlapping capabilities, data management, policy enforcement, and workflows, in order to identify the greatest potential benefits from migrating to a single-vendor strategy.
Approach incumbent vendors with whom you are satisfied to discuss the possibilities of moving to a more comprehensive solution-based buy.
If you do purchase more standalone products, keep new licenses as short as possible to limit license overlap when you do replace them.
Ensure that near-term budgets include funding for professional services and/or extra staff to manage the transition to a new, more consolidated security infrastructure.