When it comes to a company’s security, it is important to understand the difference between a company with a comprehensive solution and a company with a complex solution. These are two things that can often be confused, and for many years now they went hand in hand.
Today, security leaders are showing a desire to get away from security solutions that are both complex and comprehensive. For years security leaders would favor single point solutions that excelled in their very specific areas, because the only alternative to this were gigantic monolithic IT solution providers. Think of the difference between a company that only does antivirus versus a company that does complete endpoint security and protection. The former would be typically simpler, easier, less expensive, and less complex. On paper, the simpler single solution looked like the best answer upfront.
So how have those single point solutions faired? So far so good, but it’s not enough.
Complex IT Solutions are Dead
Security leaders are starting to realize that trying to implement 10 different single point solutions, which may or may not integrate together, is turning into a management nightmare. The very thing that these leaders have been attempting to avoid, they’ve managed to implement on their own: an overly complex but comprehensive security posture.
This seems to happen in cycles in all areas of IT solutions. For example, DevOps chains are going through the start of this, where many different groups in the DevOps teams are all purchasing single point solutions to solve a single problem, but are now realizing that this brings a level of complexity that is detrimental to the very thing that DevOps is all about: Time to Market.
So now security leaders are trying to figure out what is the right move.
The “On Premises” Ecosystem is Dying
A contributing factor to this entire equation is the enterprise movement to the cloud – which is happening faster than people may realize. Large shifts in mindsets seem to happen overnight and all it takes is for one large, Fortune 500 company to pull the trigger and transition. When this happens, the rest of the companies engage their plans and move quickly as well.
Most large companies, are already building their plans for cloud migration; whether that is moving to a SaaS provider or simply lifting their infrastructure into an IaaS provider like AWS or Azure. Plans are already in place, on how this migration could occur, and it’s simply a matter of getting the CISO/CIO/CTO on the same page and giving the green light.
And it will be like dominos, one company after the next. We’re already starting to see this happen. Give it another three years (by the end of 2020), every major company will have a “cloud first” initiative in action.
But what does this have to do with complex IT solutions?
IT leaders are starting to realize that managing on premises infrastructure is an unnecessary burden, cost, and responsibility. There is no reason not to have your infrastructure managed in an IaaS, especially since you can extend your corporate MPLS to that IaaS provider, effectively creating a “private cloud”. Every IT and Security solution that requires you to manage on premises infrastructure, comes with a very hidden cost associated with it. Cost Of maintaining, managing, upgrading, patching, and repairing that infrastructure. You have hardware, personnel, and power costs all associated with the solution that is never really considered or included (obviously) in that original price quote.
Security Leaders Want a Change
Security and IT leaders are looking for a change. The transformation is happening. Not too long-ago Gartner conducted a survey asking security leaders why they would replace an existing security solution. The top three responses were because their current infrastructure had changed too quickly for the vendor to keep up, because they wanted to save money, and because they were planning for moving to the cloud across the board.
Companies need to be able to provide all three of those to their customers if they want to keep them moving forward: a comprehensive solution that can meet the rapidly changing IT environments, that saves money by not coming with ‘hidden costs’, and a cloud based solution for when the company is ready for that transition.
Shelfware is a Huge Threat to Security
In the end, why does any of this matter? Why is this a question today?
Although much of the focus of this article is on Security, it’s the same for any IT solution out there. Organizations are buying overly complicated and complex solutions that are extremely difficult to implement, or buying numerous point solutions that do not integrate. Both of which end up leading to lower adoption of the solutions, and in many cases lowering both the productivity of different teams and the security of the entire organization.
Shadow IT plays a big part in this. If a solution is too complex, or does not solve someone’s problem, they will go around the IT department to find their own solution. And when departments are leveraging IT solutions that are not being managed by IT, it leads to the IT and Security departments being in the dark, and a weaker security posture for the business in place.
And the reason this is happening?
Because humans are at the center of every security program. It’s important to ensure that you are working with a vendor that can provide a comprehensive solution that is not complex and can lead to high adoption.
About the Author: Jai Dargan is Senior Director of Product Management, responsible for Thycotic’s overall product strategy, roadmap, execution, and end user experience. Prior to joining Thycotic in April of 2017, Jai worked in different product management roles at Metalogix Software, a Microsoft ISV, where he launched and led enterprise security and compliance products. Prior to Metalogix, Jai co-founded Pim Labs, a social-network security startup, acquired by Metalogix.
