Why More Security Products Doesn’t Always Mean You’re More Secure

IT security used to be structured. Your users, devices, applications, and data all resided within a perimeter that you had control over, even though you did not have visibility on what was going within those firewalls! A lot has changed recently. While digital transformation and hybrid workplaces have enabled people to be more productive, they have also created a threat surface that’s more complicated than ever before.

Your data is now scattered across countless data stores -- like SaaS apps, private enterprise apps, unmanaged devices, and cloud and on-premises repositories -- and at the same time, people are working from all sorts of locations, often using public networks to connect to your corporate resources.

In an attempt to regain the control they used to have, many organizations have pieced together a system of standalone security products to address the individual security needs that have cropped up as they’ve modernized their infrastructure. This new reality has created somewhat of a security conundrum. Does having more security products actually make your environment more secure? In fact, organizations that used more than 50 security tools ranked themselves lower in their ability to detect and respond to threats. This clearly reinforces the age-old wisdom, as your infrastructure gets more complex a streamlined security operation is critical.

Buying Point Solutions Isn’t the Answer

In the time of the perimeter, point solutions were how we were secured. In a controlled environment, you could purchase a new piece of hardware for every new use case. Chief information officers (CIOs) and chief information security officers (CISOs) didn’t necessarily have complete visibility, but they could still feel safe because their data was fenced off from the rest of the world.

Large enterprises have an average of 76 security products deployed, making it very difficult to get a holistic view of what’s happening across your entire infrastructure. Without the safety net of the perimeter, you need full visibility so you can enforce granular policies on every access and every exchange of data to keep it safe. You can’t do that if you’re relying on a haphazard web of standalone tools.

Standalone Tools Drain Resources

When you purchase standalone security tools, not only do they cost you money, but they also cost you resources. If you have dozens of security tools, you need people to manage and operate these devices and to make them work together through various integrations. And that means your IT and security teams are going to be spread pretty thinly.

Given that there’s a global shortage of cybersecurity talent, your team is likely already stretched to their limit, and burdening them with a host of separate security consoles and policy frameworks will make it nearly impossible to keep pace with the increasing number of threat vectors.

This approach doesn’t set your organization up for success. With your IT and security teams busy managing different tools things will start to slip through the cracks. Whether it’s misconfiguration, insider threats, or ransomware, organizations are more prone to attacks when they have an overly complex security environment. Without a unified view of your organization’s security posture, your IT and security teams simply aren’t going to be able to detect and mitigate all these threats.

Streamline Security With a Consolidated, Platform Approach

As digital transformation continues and new use cases arise, it’s critical to resist the siren call of purpose-built standalone security tools. Instead, you need to step back and think about how your organization can most efficiently secure your entire digital infrastructure.

You need something that gives you visibility into where your data is, even when it’s not inside your perimeter, allows you to monitor traffic and endpoints, and enables you to create policies that you can enforce across your entire organization. To accomplish that, you shouldn’t be looking for a single tool, but to a consolidated platform. Something that eliminates silos instead of creating them, like point products do.

Even though your infrastructure is complex, your security doesn’t have to be. As your organization enjoys the benefits of cloud and hybrid work, a platform that consolidates security services edge (SSE) and endpoint security capabilities will give you the insights you need. Rather than waste your resources wrangling a host of individual tools that don’t give you the visibility and control you need anyway, you can focus on writing and enforcing policies that protect your data.

Sundaram Lakshmanan is the Chief Technology Officer at Lookout. He brings over 20+ years of network and security product development experience and has a successful track record of delivering innovative first-to-market and market-leading security products, as well as leading the global engineering team. Prior to Lookout he was the founder and CEO/CTO of Anicut Systems, a Distinguished Engineer at Juniper Networks, and held senior positions at Blue Coat (now Symantec).