With experts predicting cybersecurity investments spending to increase again this year, one of the most frequent questions Conventus consultants field from customers is whether their organization should invest in new security solutions or reinvest in their already deployed solutions. While there are obvious advances in technology in new solutions, there is the perception that “old systems are lesser systems” that seems to permeate IT security groups.
In our experience, companies that excel at cybersecurity are not the ones with the newest, flashiest products, but rather the ones that focus on maximum efficiency with their existing solutions. For these organizations, maximum efficiency means ensuring that their tools are deployed correctly, managed effectively, and all in-scope assets are being actively managed.
Too often, I engage with companies that view “rip and replace” as the only option when trying to solve the problem of a failing security product when there can be many other factors contributing to their lack of success with the solution.
For example, I remember the first meeting with a customer that started with the sentence, “This product is garbage and tell me why I shouldn’t I rip it out and install another solution?” Once I began asking some questions, it was revealed that the customer was still using the same seven-year-old design and hardware even though they had tripled the asset footprint of the organization. They also had deviated from the original deployment design and were using the product on unsupported operating systems. It was a minor miracle that this customer was not having more issues than they currently had.
This attitude of fixing problems by replacing entire solutions is far too common among enterprise organizations. I don’t junk my car simply because it has a flat tire or needs a tune up, so why are companies so willing to rip and replace entire IT security solutions.
Health checks are not sexy
Many CISOs and IT Managers view solution health checks as a waste time and money. However, we have found that companies that embrace health checks as an important part of the operational life of their IT security solutions can extend the usability and functionality of these solutions and avoid large expensive overhauls and upgrades until truly necessary. Effective investment in the maintenance of their security solutions allows for an appreciable savings in both capital and labor.
Companies lack accurate intelligence about their assets
Often the growth of an organization far outpaces that ability for the IT support and security infrastructure to track. Every organization I have talked to has issues understanding the true scope of their networks at any given time and thus have difficulty understanding whether appropriate security and management tools are being applied to all their assets.
Homebrew InfoSec solutions can be the most costly path
It is consistently baffling why an organization will pay hundreds of thousands to millions of dollars to purchase a security product, but then will task their internal resources to try and design and deploy the product. Conventus is frequently contacted by organizations looking for help because of a failed deployment. This wasted time and effort often leads to higher costs as we must redesign and fix the failing solution as well as provide training for their resources.
While organizations struggle to judiciously spend their IT security budgets, there are tangible savings to be realized by ensuring that your IT security solutions are working at maximum efficiency before looking to completely redesign and replace the existing products.
Contributed by: Kevin Saucier