Consolidating vendors has always been on the mind of digital leaders, but the current economic climate has elevated this topic, with a recent Gartner survey claiming that 75% of organisations are currently pursuing security vendor consolidation projects, up from 29% in 2020.
On the face of it, we can put this down to the need to reduce costs as both consumers and businesses tighten their belts. But the Gartner survey suggests that the real driving factors behind this consolidation are more strategic than that. It identifies both risk reduction and the need to reduce complexity and operational inefficiencies as the primary motivations. This aligns to the conversations I have with customers, who understand the operational gains to be had in reducing vendors, as well as limiting use of disparate, unintegrated technologies, even if procured from a single vendor.
Organisations understand these benefits and many have identified technology areas such as extended detection and response (XDR) and secure access services edge (SASE) as two strong sources of consolidation advantages. However, any change requires an organisation to consider three key metrics:
- Are we improving or worsening our risk posture?
- Is this enhancing or limiting business agility?
- Are we reducing costs to our bottom line P&L, including through areas such as reduced cyber insurance outlays
Any project requires careful analysis and the right balance between three factors: risk reduction, business agility, and cost reduction. And if all three can be realised then we can make a strong business case for change. In this blog I would like to explore the three Why’s that infrastructure and security leaders have to consider and articulate when presenting their business case for approval. Why should we change? Why do this now? and Why the chosen vendor?
While some consolidation initiatives are driven by executive team priorities, most commonly they stem from a desire to reduce the operational and cyber risk caused by multi-vendor complexity. Let’s consider providing access to and securing applications. It is very common to see four or more vendors in the mix, all essentially providing the same functionality but for different channels. This not only leads to an inconsistent policy and different threat and data protection policies, but it creates gaps in security and provides a poor user experience. This ultimately increases risk and reduces business agility.
For network and security operations teams, having many data feeds leads to a huge amount of integration work to not only ingest but also normalise the data. In some cases it means logging in to many consoles to troubleshoot one single issue or incident. Added to this issue are the current problems with recruiting and keeping security and networking talent—lots of systems need lots of people to operate them.
So, the business case is there to increase both business agility and operational efficiency, moving precious resources from reactive to proactive investigation and analysis, and to projects that will help transform the business.
Often timing is driven by a pending event; a renewal of a legacy technology license, the risk of an unplanned price increase, or perhaps a deadline for compliance. But for many organisations, the timeframe for a consolidation project comes from budgetary cycles and a desire for cost reduction. As discussed earlier, while this is often not a primary driver for a consolidation project, it is often the primary reason for the timing. Telling a CFO of a 5,000 user organisation that it will cost them $3.5m over the next three years by not making this change now is a very compelling argument! It is also the reason why, here at Netskope, we work hand in hand with organisations to create a business value proposition that forms part of a project justification. I call this the “cost of no decision”.
Cost savings not only include direct subscription costs, but moving to a single vendor SASE solution incorporating SD-WAN and local on-ramps to the internet also reduces an organisation’s connectivity costs, removing the need to backhaul traffic and pay for expensive connections to Public Cloud services. This “cost of no decision” is often much higher than companies first expect.
It is most appropriate that I address the “Why x vendor?” question with a Netskope lens, and therefore talk specifically about secure access services edge (SASE) initiatives. Earlier on I mentioned the three metrics that a consolidation project manager should be measuring;
“Does my chosen vendor represent the right balance of risk reduction, increased agility and reduced cost?”
Our customers, of course, answer this question to the affirmative. Netskope is the only vendor to appear in both the leader’s quadrant of the 2022 Gartner Magic Quadrant™ for Security Service Edge, and Gartner’s single-vendor SASE Market Guide. Which means we are both best-of-breed for consolidation in the security stack, and the perfect choice for a converging network and security architecture. Consolidating into a single-vendor SASE solution with Netskope brings:
- A single vendor SASE solution with a true single platform, single console, and single agent for ALL services.
- Proven FTE utilisation benefits
- Ability to streamline NOC and SOC processes
- Proven ability to consolidate vendors and substantiate the business value analysis
- Partnership in the SASE migration journey, showing business value across implementation, adoption, and expansion
- A predictable and flexible cost model
These aspects are just as important as the technical capabilities of the solution (which you can get the lowdown on in here on our “what is SASE?” page, but are, in short, about fast, easy access to applications with a threat and data protection overlay that does not impact productivity.)
Here at Netskope we truly believe that we are best placed to offer the best balance of risk reduction, increased agility and reduced cost. Put us to the test and we will prove it!