Moving From Cybersecurity Point Solutions to a Platform Approach

There are many reasons that businesses reach for best-of-breed cybersecurity point solutions to combat specific threats. Today’s cybersecurity landscape, though, requires seeing the whole picture.

From Cybersecurity Point Solutions to Plaftorm ArchitectureAs more and more businesses and organizations undergo digital transformation to stay competitive and meet constituent needs, technology teams are under pressure to deliver a greater number of capabilities, often through the implementation of point solutions: Single tools created to address single requirements. Cybersecurity has its own world of point solutions – often referred to by acronym and built to stave off specific types of threats. While the method of going best of breed might seem like an obvious path, it carries with it hidden overhead costs. It takes time to train staff on specific features, it takes resources to keep solutions maintained and upgraded, issues arise with data consistency, costs are exacerbated for IT/cybersecurity training, and so on.

Such point solutions can certainly be valuable if, and only if, there’s a sound justification for using them and a lack of existing capability. This might seem obvious at first – we get a tool because we need it to solve a problem, right? I buy a snowblower if I’m a homeowner in an area with severe winters, but I wouldn’t bring it with me to a holiday home in Southern Spain. (If only I had one!)

If you look at your buying habits in general, you’ll realize that rational decisions don’t always drive your purchases. In fact, right now you might have a closet full of tools you bought but only used once, a couple that you thought you might need but never used, ones that didn’t quite work for what you needed but that you hung on to just in case, ones you’ve completely forgotten about and so on.

The same phenomenon exists with businesses that implement digital point solutions piecemeal – though when it comes to enterprise tech, there are many more downsides than just the sunk cost of a drill press collecting cobwebs in your garage.

By taking a look at the hazards of this approach, we can see exactly why it’s not just better, but necessary, to build out smart platform architecture rather than pursuing a seat-of-the-pants strategy that collects point solutions a la carte.

Reacting to Cyber Threats with Dollars Instead of Sense

News of data breaches tends to be followed by an uptick in sales for point solutions related to that type of cyberattack. The reasoning behind this seems to make sense. A string of high-profile data thefts gives the impression that it’s time to implement a data loss protection solution. Then when a string of ransomware attacks hit the following week, businesses search for a malware sandboxing solution that will keep them from getting their computers locked.

This approach presents a number of issues. First, it fails to take into consideration the risk of getting hit by a particular type of attack, and thus the chances that the cybersecurity solution in question will be useful. Risk, not reactivity, needs to drive implementing cybersecurity solutions if a business wants to get value out of them, rather than bloat.

Perhaps more importantly, it neglects to appreciate what goes into deploying the service:

  • Who manages it?
  • Who keeps it upgraded?
  • How does the business actually use it?
  • How does the security team providing meaningful metrics that confirm the tool is doing its job?

These are questions that need to be thought out beforehand – but they often get lost in the wave of enthusiasm over something new.

The Dangers of a Point Solution Smorgasbord

Just because a point solution isn’t the best choice for you doesn’t mean it’s not the best choice for someone. We certainly shouldn’t dismiss targeted solutions as snake oil when they’ve demonstrated their effectiveness.

However, when they’re purchased piecemeal, without considering business need, actual risk and other concepts foundational to building out a platform, what businesses end up with is a smorgasbord of technology.

  • A few solutions that a couple of departments use now and again.
  • A fancy new internal messaging software package that one department is getting some value out of, but they’re only using about 20% of its features.
  • A half-forgotten solution or two purchased by a person no longer with the organization.

There are countless possibilities for how such solutions can pile up and work against a business. As a whole, this approach positions a business to be:

  • Less streamlined in a financial sense (hemorrhaging money on contracts for solutions that are under-used, un-used or ineffective).
  • Less secure (in the case of cybersecurity solutions, focusing resources on preventing unlikely threats while more realistic threat scenarios go unprotected against).

But perhaps one of most ironic things about this model for implementing point solutions is that it compromises efficiency, putting companies right back where they started.

Digital transformation promises streamlined processes:

  • A move away from having data siloed in different departments
  • Critical information stuffed into drawers or stashed on drives
  • Multiple tools doing the same thing at an exponentially greater cost than a single solution

Bringing in point solution after point solution – in an effort to streamline – can leave businesses with a high-tech, cloud-based iteration of the same mess they wanted to clean up.

Identifying the Cybersecurity Solutions That Make Sense for Your Organization

Let’s assume we take an enterprise view of security in our organization (quite an assumption), we define a core set of architectural building blocks and then we decide that we’re going to select the best vendor/technology in that specialist field. Sounds like the prudent approach: we’ll get the best technology for the job. Not always.

You may well get the best intrusion prevention system (IPS) or firewall based on a series of generic or abstract metrics, but as security people, we sometimes miss what we’re there to do. The aforementioned job of the chief information security officer (CISO) is to preserve the confidentiality, integrity and availability of organizational data assets and systems.

Information security controls are comprised of people, processes and technology and should not be parochially viewed as a set of appliances flashing away in a data center. Having individual, best-of-breed components does not automatically create a best-of-breed security architecture for the enterprise. Best-of-breed components loosely coupled and poorly integrated provide a security veneer, an impression of layered security, but without the attributes of a platform, these solutions are failing to protect our users and data.

In a bit where he ineptly plays a piano alongside conductor Andre Previn’s orchestra, comedian Eric Morecambe famously said, “I’m playing all the right notes. But not necessarily in the right order.” There are similarities in how we provision our cyber protections: we have all the right instruments, but it’s how they are played together that matters.

A Platform Approach for a Strong Cybersecurity Posture

A platform approach is needed to assure that a cybersecurity posture is well-orchestrated, where everything is in the right place, rather than a conglomeration of expensive solutions facing in the wrong directions, which threats can circumvent from myriad different angles. That means treating solutions as part of an integrated, functional, scalable whole.

As a cybersecurity team pursues the implementation of a technology platform, it must assure is the following characteristics:

  • Modular: Can you select components based on your risk posture and threat landscape?
  • Centralized: Do you have a centralized management pane? Are you required to maintain multiple logins for each capability? Does the platform protect your users irrespective of their location and device?
  • Interoperable: It’s no good if your platforms cannot work harmoniously. A strong cybersecurity strategy identifies the need to prevent, detect and remediate cyber-attacks. Security services need to exchange information (logs, indicators of compromise, etc.) to facilitate this approach.
  • Cost-effective: Strong security is no good if it isn’t cost-effective. If security controls cost more than the value of the data they’re protecting, there’s a problem. Your security platforms should lower your total cost of ownership when compared to point-based solutions.
  • Efficient: Efficiency is key. Without it, a platform cannot scale. Platforms should be designed ground-up as platforms. Solutions that do not follow this approach suffer from performance degradation as additional services and capabilities are switched on. This isn’t a true platform.

The IT Pro: A Necessary Voice In Platform Architecture

So how do we ensure that any business is implementing – as reliably as possible – solutions that are necessary, valuable and provide ROI?

It requires a thinking of a network and all of its functioning components as a platform in which each piece plays a carefully considered, justified role. Asking that all-important, simple question of why for every solution implemented or related business relationship will go a long way in building a platform with rational justification for each piece. In terms of cybersecurity solutions, this means conducting a proper risk assessment.

That’s where CompTIA-certified IT professionals play a critical role. They have expertise, to know whether a given solution is capable of doing what it purports. They have perspective, both on the internal workings of a network and the threat and technology landscape at large, to say for certain if the issues the solution works to address are real, applicable and worth the investment. CompTIA Security+ certification holders are especially well-positioned to qualify what’s necessary to manage the tasks and distill departmental needs into a meaningful set of requirements that a solution must meet.

We can’t account for what software packages might become popular or useful tomorrow, or for what the upgrade costs might be. What we can do, though, is make sure that with knowledge, smart partnering and skilled, certified IT professionals, we keep our usage of technology lean, effective and efficient – so that it always aligns with and enables the goals we’re trying to accomplish.

Prove that you have the skills to implement lean and effective cybersecurity solutions with CompTIA Security+. Download the exam objectives to see what it covers.

Email us at [email protected] for inquiries related to contributed articles, link building and other web content needs.

Read More from the CompTIA Blog

Leave a Comment