Reducing The Risk Of Weak Links With Consolidation

Uploaded on 2024-02-02 in TECHNOLOGY--Resilience, FREE TO VIEW

The breadth of tools that IT teams have at their disposal to protect their organisations can be both a blessing and a curse. On the one hand, having a diverse array of products and technologies to detect threats and help protect the organisation can be seen as a good thing; but on the other, it raises the risk that there could be a weak link somewhere within this array of tools.

As the SolarWinds attack and the Log4j vulnerability make all too clear, the old adage about a chain only being as strong as its weakest link has never been more relevant. 

Consolidation of security technologies presents a way to “remove” weak links and blunt the impact of this risk. However, this approach needs to be carried out in a carefully planned manner if cybersecurity professionals hope to reduce their overall risk without creating a new set of security challenges that need to be managed.

Identify Opportunities For Consolidation - But Be Smart About It

How best to get started? Organisations need to evaluate their existing security vendors by performing a Know Your Third-Party assessment. Security vendors that were once “best of breed” might not have been keeping pace with the rapidly evolving threat landscape over the years; alternately, they might not have been consistently investing in the ongoing development of their product or the people they hire.

Once a potential “weak link” vendor has been identified, the next step is to see if there is a vendor who can provide similar functionality as part of a consolidated platform. There has been a fair amount of consolidation in the technology space in recent years - Cisco’s purchase of Splunk, for example – so this task is more easily accomplished today than it would have been ten or even five years ago.

Before moving forward with this type of consolidation, however, organisations should make sure that the vendor services that will be connecting with internal systems comply with the security requirements specified by the organisation.

If your organisation embraces zero trust principles that eliminate implicit trust, for instance, then the services need to leverage these principles as well. 

Additionally, the vendor services should only be accessing the specific resources necessary to carry out their function; providing full access to network resources increases risk. Again, the idea is not to swap out one weak link and inadvertently create a different weak link.

Another consideration: even if a single vendor provides multiple security products, do those different products seamlessly integrate with one another? To our earlier point about companies growing through acquisition and buying up smaller companies, this isn’t always a foregone conclusion. Organisations should seek out vendors that have done the work to make sure their various acquired technologies all work with one another so that security teams can easily gain a comprehensive view across them. Careful evaluation is required in this case.

The Goal: Less Complexity, Less Risk 

It can be tempting to view technology consolidation solely as a cost-cutting exercise – particularly if there is a lot of input coming from the finance side of the house. This is the wrong lens through which to view a consolidation exercise. 

There can certainly be financial benefits if an organisation chooses to consolidate multiple products or services with one vendor, but that shouldn’t be the primary consideration. The focus should be on looking at the supply chain and identifying areas to remove complexity and reduce overall risk. 

This means that CIOs and CISOs should be actively involved in any technology consolidation activities - the process should not be left solely in the hands of the finance team, who might only have a cost reduction mindset rather than the fuller security and risk management mindset.

Ultimately, supply chain complexities – and the inadvertent loopholes that they offer to bad actors – make a consolidation strategy to evaluate and adopt best-of-breed technologies more important than ever.

By taking a well thought out approach to eliminating weak links in their supply chain through consolidation, CIOs, CISOs, and other cybersecurity professionals will be able to bolster their overall security posture, allowing them to better navigate today’s challenging threat landscape. 

Manuel Sanchez is Information Security and Compliance Specialist at iManage

Image: Fill

You Might Also Read:

Misconfigured Cloud Applications Are Putting Your Data At Risk:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« The Importance Of Cloud Access Security In Today's Cyber Landscape
Fast Forward - Technology Developments By 2040 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

RealCISO

RealCISO

RealCISO is a CISO grade cloud platform to help companies understand, manage, and mitigate their cyber risk.

CAPSLOCK

CAPSLOCK

CAPSLOCK delivers career-changing cyber training to help adults re-skill. Learn online to become a cyber security professional and pay no tuition until you land a high-paying job.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

Innov8tif

Innov8tif

Innov8tif is an AI company specialised in providing ID assurance solutions — helping digital businesses to prevent frauds by verifying and authenticating customers identity.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.

Deloitte Denmark

Deloitte Denmark

Swift incident management, worldwide support, and advanced defense strategies ensure comprehensive recovery and enterprise security with our IR service.

Techtron Business IT Services

Techtron Business IT Services

TECHTRON has been providing business IT services since 2004. Our focus is on SMBs and we are good at it. Our customers trust us, they love our high levels of service, and they love what we stand for.

Dedagroup (Deda)

Dedagroup (Deda)

Dedagroup provide application solutions and IT services to bring innovation at the core of business processes.

CelcomDigi

CelcomDigi

CelcomDigi aspire to be Malaysia’s top Telco-Tech company, transforming beyond core connectivity to lead digitalization and innovation as part of nation-building.