Multiple combined security solutions can be expensive for partners and customers alike, and can cause security gaps. So do integrated suites make more sense?
Calling all security partners - here's a scenario you might recognise: you sell the customer an individual “point” solution to address a specific security need, then you widen the customer’s understanding of their needs and gradually sell them a range of other point solutions to suit. Right?
But is this really the most profitable sell? And isn’t its viability called into question by the fact that the point solutions are only as robust as the glue that’s holding them together?
Here’s what some of the security partners who are our customers told us.
"Individual security solutions inflate costs."
As the quote above suggests, partners must balance the relative ease of progressively selling point solutions with the upward price spiral (and competitive impact) that this process tends to introduce.
Integrated suites of solutions, however, typically tend to be priced much more favourably; entire suites of security products can often be bought by the partner for a fraction of the price of combining point solutions!
But it’s not just about licensing costs. As you’ll read below, industry analysts support the idea that an ecosystem of integrated solutions will be more resource-efficient, enabling repositories to be shared effortlessly between the component solutions within it, and minimising operational costs too.
“Managing complexity is an expensive problem with point solutions.”
Essentially, this boils down to two issues.
Firstly, effective security has to work seamlessly across multiple layers (endpoint, application, network) but it has to do so in a user-centric way.
But if you stitch myriad point solutions together there is typically no centralised console for easily managing security across all these layers. Solutions for every layer then have to be managed in isolation, seamlessness evaporates, and admin and management overheads are multiplied, biting deeply into operating margins.
Secondly, point solutions, by their nature, are not greatly flexible, so they put partners into a complex and therefore potentially costly technical position when it comes to scaling to meet growing user demand, or deploying across mixed on-premise, cloud and hybrid environments.
In short, layered security suites are essential to enable partners to protect their customers comprehensively – but if those layers can’t be controlled from a “single pane of glass” then those partners are heading for a huge profitability drain.
“Combining point solutions doesn’t work 100% - it leaves security gaps.”
This is perhaps the most fundamental observation of all, explained best by industry analyst firm Forrester in this paper.
They say that in systems “protected by separate point products with isolated intelligence analysis/policy engines and management consoles, complexity increases and gaps in security coverage are more likely to present opportunities for exploit by malicious parties.”
They also confirm that integrated suites incorporating layered security offer partners (and customers) significant reductions in “operational friction” and cost, as we have already mentioned above.
“Point solutions have limited threat coverage.”
Related to what we’ve said above, if point solutions struggle inherently to work together, it’s logical to assume that, as attack surfaces and threat vectors proliferate, this shortcoming degrades even further - and there comes a juncture when point solutions effectively become functionally unable to cover off the full spectrum of threat sources.
A cursory glance at the kind of threats that integrated security solutions must now protect against reinforces this view.
Endpoints, smartphones and tablets no longer cut the mustard. Instead, protection must extend to USB, removable drives, mail and file servers, messaging and web gateways, collaboration portals, instant messaging (IM) servers – and, as we noted in a previous post, cloud applications (like Office 365) whose use within businesses is skyrocketing.
Clearly, however, not all point solutions are created equal. A carefully assembled, multi-vendor solution, using only established best-of-breed components, might arguably be up to the tasks demanded of it - but at what cost?
Disparate licensing agreements. Disparate billing arrangements. The need for a separately purchased and configured remote monitoring and management (RMM) console...
These obstacles are a world away, in cost and complexity terms, from a one-vendor solution with specialist components that target specific security layers, and with its own in-built "single pane of glass", delivering unified management, from very first use, across the customer's entire security estate.
Conclusion: integrated suites make security (and business) sense
According to experts quoted in security publication CSO Online, 2016 is the year of advanced cyber attacks, insider threats, ransomware, “cloud wars” - and a huge shortage of in-house cyber talent that security partners will have to help their customers to fill!
Against the backdrop of this surging demand, the notion that partners can profitably supply and effectively manage individual point solutions to simultaneously address such a vast (and growing!) expanse of ever more sophisticated threat sources doesn’t stand up to reasoned analysis.
There seems to be only one sensible way forward for partners in the security channel, and Forrester once again nails it when it writes: “Integrating the security management and analysis within each layer is crucial when protecting against advanced or targeted attacks.”
The day is surely coming when there simply won’t be much point in point solutions.