By Pankaj Bhula, Regional Director for Africa at Check Point Software

While employees and organisations are busy settling into remote or hybrid working, cybersecurity professionals continue to grapple with the challenges that come with a rapidly expanding network perimeter. And with every new ransomware attack that hits the headlines, it would be fair to assume that adding more security products or vendors would make a company more secure. But that’s not the case.

According to a recent survey, conducted with Vanson Bourne, one of the biggest challenges of securing a remote workforce is in fact managing multiple point-products or vendors. This is due to poor visibility and gaps between the protections that each product delivers, not to mention the complexity (and higher cost) of managing multiple vendor relationships. Almost all respondents in the survey (87%) believe that consolidation is an important part of securing the remote workforce, yet despite knowing this, over half (54%) reported that their organisations use more than 10 point-products. The healthcare sector is furthest behind the curve, with nearly eight in 10 organisations using more than 10 separate point-products.

In the last year, across Africa, we have seen the demand for a consolidated security approach increase, especially among our customers in the public sector, financial services and telecommunications industries. For them, the benefits of efficiency and overall cost savings due to economies of scale are clear. 

So, what’s holding other organisations back? If the benefits of consolidation are so clear, why aren’t more doing it? 

Saturated security market

One of the key reasons organisations are falling behind when it comes to consolidation is that decision-makers are, to all intents and purposes, spoiled for choice. The security market is heavily saturated at the moment, particularly in light of the move toward remote or hybrid working. Yet, despite organisations needing more robust security measures than ever before, budgets are tight and many feel pressured to only focus on the specific problem they face today, instead of considering more long-term strategic approaches. This is particularly true of the healthcare sector.

There are many reasons behind this tendency, not least the concept of vendor lock-in, which is still highly prevalent in the industry. Ongoing subscriptions make it difficult for organisations to switch vendors. Likewise, it’s becoming increasingly difficult for vendors to get customers to commit to a relationship spanning multiple years. Such relationships take time to nurture and reach their full potential, so many organisations are using a smaller number of vendors rather than committing to a single one. 

This multi-vendor approach might offer a fix for short-term problems, but it puts a great deal of strain on security teams who might not have the resources to adequately vet every product or vendor. CISOs might have a good idea of what’s best for their own organisation, but it’s difficult to apply that knowledge to an ever-expanding list of disparate vendors that are pulled together under one umbrella.

Healthcare organisations have complex networks

As healthcare is the least consolidated sector, it’s an ideal point of focus for a discussion on what might be holding consolidation back. It’s also a sector that’s ripe for consolidation and arguably stands to benefit the most, with a network footprint spanning everything from laptops to critical medical equipment like MRI scanners and kidney dialysis machines.

Because healthcare is a 24/7/365 industry, any downtime to change or introduce new consolidated technologies is not an option that is often considered. In fact, disruption to normal service is probably what’s holding most organisations back from adopting a more consolidated cybersecurity infrastructure. However, there is no reason why the introduction of a carefully planned consolidated platform implementation should cause any disruption to business or indeed patient care.

To stay safe in today’s increasingly dangerous threat landscape, cybersecurity requires an integrated and consolidated approach that covers all the bases, from endpoint to data centre to cloud. While this is technically achievable with a multi-vendor approach, it’s simply not viable for organisations that want to take a long-term, streamlined and cost-effective approach to security. For those organisations, consolidation is the answer.