IT security leaders are increasingly cutting the number of vendors they buy products from, according to Gartner.
The market research firm said Tuesday that 75 per cent of organizations it recently surveyed said they have a strategy of security vendor consolidation. By comparison, only 29 per cent of those surveyed in 2022 said they were trimming the number of security companies they buy from.
Fifty-seven per cent of respondents said their organizations are working with fewer than 10 vendors for their security needs.
Why the vendor consolidation? Because firms don’t think they’re getting the most out of their products.
“Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack,” said John Watts, who works in Gartner’s research infrastructure protection program. “As a result, they are consolidating the number of security vendors they use.”
The online survey was conducted in March and April among 418 respondents from North America, Asia-Pacific and Europe-Middle East. Its objective was to determine organizations’ security vendor consolidation efforts and priorities, and the drivers and benefits of consolidation.
Gartner said the survey found that organizations want to consolidate their security vendors to reduce complexity and improve risk posture, not to save on budget or to improve procurement. Sixty-five percent of surveyed organizations expect to improve their overall risk posture, and only 29 per cent of respondents expect reduced spending on licensing.
“Cost optimization should not be the primary driver for vendor consolidation,” said Watts. “Organizations that look to optimize costs must reduce products, licenses, and features, or ultimately renegotiate contracts.”
Organizations that have not pursued security vendor consolidation said the two primary impediments to consolidation were time constraints and having a vendor partnership that is too rigid.
Lengthy procurement processes or requests for proposals are allowing for consolidated offerings, such as XDR for endpoints and secure access service edge (SASE) for edge connectivity and security with integration on the backend, the survey report adds. The survey found that 41.5 per cent of respondents plan to have adopted SASE within their organizations by the end of this year, while 54.5 per cent of organizations have plans to adopt XDR by the end of 2022.
“Security and risk management leaders must consider XDR and SASE as compelling options to start their consolidation journey,” said Dionisio Zumerle, a Gartner vice president and analyst said. “SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints and other components.”