Home Community The Cybersecurity Consolidation Conundrum: Why Less is Sometimes More

The Cybersecurity Consolidation Conundrum: Why Less is Sometimes More

by Shah Farouq

According to a recent survey that is conducted by Check Point with Vanson Bourne, one of the biggest challenges of securing a remote workforce is in fact managing multiple point-products or vendors.

This is due to poor visibility and gaps between the protections that each product delivers, not to mention the complexity and the higher cost of managing multiple vendor relationships. Almost all respondents in the survey (87%) believe that consolidation is an important part of securing the remote workforce, yet despite knowing this, over half (54%) reported that their organisations use more than 10 point-products.

The healthcare sector is furthest behind the curve in this regard, with nearly eight in 10 organisations using more than 10 separate point-products.  So, what’s holding organisations back? If the benefits of consolidation are so clear, why aren’t more doing it? 

Longer term versus shorter term requirements

One of the key reasons organisations are falling behind when it comes to consolidation is that decision-makers are, to all intents and purposes, spoiled for choice.

The security market is heavily saturated at the moment, particularly in light of the move toward remote or hybrid working. Yet despite this, it is a known fact that cyber attacks are increasing across every sector and in every country.

Here in Southeast Asia, an organisation is being on average 2,003 times per week in the last 6 months. The healthcare sector is the top most attacked industry in the region, standing at 4,373 weekly attacks.

Yet, despite organisations needing more robust security measures than ever before, budgets are tight and many feel pressured to only focus on the specific problem they face today. This is particularly true of the healthcare sector.

Managers in this sector especially have become accustomed to making short-term decisions to solve immediate problems instead of considering more long-term, strategic approaches to addressing their security concerns.

There are many reasons behind this tendency, not least the concept of vendor lock-in, which is still highly prevalent in the industry. Ongoing subscriptions make it difficult for organisations to switch vendors.

Likewise, it’s becoming increasingly difficult for vendors to get customers to commit to a relationship spanning multiple years. Such relationships take time to nurture and reach their full potential. With the threat landscape posing immediate risks, it is probably more realistic and achievable for organisations to leverage and integrate a smaller number of vendors than commit to any single one.

This multi-vendor approach might offer a fix for short-term problems, but it puts a great deal of strain on security teams who might not have the resources to adequately vet every product or vendor. CISOs might have a good idea of what’s best for their own organisation, but it’s difficult to apply that knowledge to an ever-expanding list of disparate vendors that are pulled together under one umbrella.

Healthcare organisations have complex networks

As healthcare is the least consolidated sector, it’s an ideal point of focus for a discussion on what might be holding consolidation back. It’s also a sector that’s ripe for consolidation and arguably stands to benefit the most, with a network footprint spanning everything from laptops to critical medical equipment like MRI scanners and kidney dialysis machines.

Healthcare should be the perfect fit for a consolidated security solution as this industry requires protection against a larger range of cyber-attacks, from ransomware to zero-day and 5th Gen threats, which could come from any means, from endpoints, to IoT devices, the network or even the cloud.

A case in point was the NHS Scotland which had bought into an enterprise agreement with Microsoft based on a consolidated offering of Azure, Windows 10, SQL Server, Office 365 and more, not unusual as nearly all Health Boards (Trusts) are large Microsoft consumers on desktops, servers, emails and Office suites.

However, when it comes to security, however, it was found that the foundation baseline of solutions is much larger, with Trusts and Boards having already invested in local solutions with local teams, as opposed to centralised solutions with centralised operations.

This highlights that consolidation is not only a technological and vendor-based challenge, but an infrastructure challenge. When piecemeal solutions are selected and deployed from one vendor to the next, teams are trained up and put in place to manage those services and the ecosystem develops around them.

To overcome this, Check Point worked with NHS Scotland and developed a business case to consolidate OS builds, Firewalls, EDR, Vulnerability Management, SOC & SIEM and CI/CD. This underpinned the security programme, but the majority of Trusts and Boards have limited security capability in those areas and securing investment funding was an issue.

The NHS is one of 13 sectors in the UK designated as Critical National Infrastructure and as such gets audited annually for compliance with the Security of Networks and Information Systems (NIS) Regulations. A consolidated security architecture would deliver improved cyber resilience and demonstrably increased compliance across all four top-level NIS objectives.

Another challenge comes from healthcare being a 24/7/365 industry and so any downtime to change or introduce new consolidated technologies is not an option that is often considered. In fact, disruption to normal service is probably what’s holding most organisations back from adopting a more consolidated cybersecurity infrastructure.

However, there is no reason why the introduction of a carefully planned consolidated platform implementation should cause any disruption to business or indeed patient care. The NHS has vast experience of large-scale digital improvement programs in areas such as Picture Archiving and Communication Systems (PACS) and Electronic Patient Records (EHR).

It’s a sobering thought that, while Digital projects such as this can be planned and managed around the needs of the business, cyberattacks can happen at any time and have the potential to take down an entire organisation.

To stay safe in today’s increasingly dangerous threat landscape, cybersecurity requires an integrated and consolidated approach that covers all the bases, from endpoint to data center to cloud.

While this is technically achievable with a multi-vendor approach, it’s simply not viable for organisations that want to take a long-term, streamlined, and cost-effective approach to security. For those organisations, consolidation is the answer.

Related Articles

We use cookies to improve user experience, and analyze website traffic. For these reasons, we may share your site usage data with our analytics partners. By clicking “Accept Cookies,” you consent to store on your device all the technologies described in our Cookie Policy. Accept Read More

ESPC on the go