In my last blog post, I discussed a new major trend in the security market, which is that security buyers are increasingly looking to consolidate vendors and want more of a platform approach to security versus stitching together point solutions. Besides hearing this directly from customers over the last few months, I documented in the blog how two different analysts, who were both doing comprehensive security customer surveys, both independently found that around “70% of enterprise security buyers are consolidating vendors.” In this blog post I want to further elaborate on this trend and share some additional data points that I encountered just in the last week.
The first new interesting data point comes from one of our investors, Accel. It recently hosted its third annual two-day retreat with CIOs, called the “Accel Tech Council,” which is an offsite gathering of a dozen prominent Fortune 100 CIOs and technologists across several industries including finance, healthcare, retail, technology, media, manufacturing and the government. Here’s what they had to say on Cybersecurity in general:
“Cybersecurity is baked into everybody’s thinking across the company. It has become part of every discussion. In fact, how we collaborate in security across the company has served as a blueprint for how we can better together on other initiatives.”
So, that’s great news about the rising importance of cybersecurity.
But … there is rub … while they may have “unlimited budgeted” in cybersecurity (well ok, not unlimited, but they have significantly increased spending in this area), these large enterprises have “limited bandwidth.” Specifically, one of the key takeaways from these CIOs vis a vis security was the following:
“Trying to keep up with concerns and products leads to security fatigue. CIOs and CSOs are faced with a barrage of new security vectors and threats, as well as an overwhelming number of technologies and vendors to stop them. Across organizations of all sizes, a sense of security fatigue has set in, and enterprises are consolidating around a few vendors and platforms rather than stitching together multiple point products. For example, rather than saddling each endpoint with multiple different products, enterprises are consolidating around one or two endpoint providers that all other companies must integrate with. The biggest opportunity in security might not be in building the next big thing, but in helping enterprises understand, optimize, integrate and take advantage of the substantial investments they’ve already made.”
So why the move towards vendor consolidation? I believe there are a number of reasons, including:
- When an organization has a patchwork of disparate products from different vendors, it leads to air gaps, which can make organizations actually less secure.
- Enterprises cannot find people who can deal with managing and operating a multitude of products from different vendors given the overall cybersecurity skill gaps (as evidenced by the huge number of open security jobs).
- The cost and expense of having to negotiate with and manage multiple vendors from a contractual, support, system overhead, etc. perspective, especially in light that many of these point solutions will have overlapping functionality.
Specific to Identity, Gartner has recently picked up on this as well. Here is a tweet coming out of this week’s Gartner IAM event:
To me this means that not only are security buyers looking to buy net new platforms within the various functions, but that they are also looking to rip and replace legacy solutions.
I personally think this move towards vendor consolidation puts Centrify in a new and better light for security buyers of identity solutions when evaluating us vs. point solutions. It starts with the fact that Centrify is the only vendor recognized by Gartner and Forrester as a leader in both the Identity-as-a-Service and Privileged Identity Management respectively. At the end of the day Centrify addresses the issues of too many passwords and too much privilege. So with that in mind, why buy a point SaaS SSO, EMM or MFA solution? Or a point password vault or user-level auditing solution? Or a separate IDaaS solution that does not work with a Privileged Identity Management solution?
As I stated above, this point solution approach just leaves air gaps (or significant product overlap) that force customers to find a plethora of unintegrated point solutions that is the equivalent of stuffing square pegs into round holes. Moreover, it leads to added costs and “security fatigue” as the CIOs noted above. But what is even more significant is that the point solution approach leads to enterprises being less secure — which is the topic of my next blog post as “part three” of this series on vendor consolidation.
Learn how to an identity platform will protect your organization from a security breach with our eBook, “Rethink Security: A Massive Paradigm Shift in the Age of Access.”