It's hard to escape the conclusion that the global economy is in for a rough patch, to put it mildly. With record unemployment now and uncertainty about a timeline for the COVID-19 pandemic, companies are looking for ways to pare back spending. For IT leaders, this is an opportunity to rationalize their toolset to make the most of limited budgets, but also to modernize their toolset to meet changing requirements.
The past decade has seen robust growth in IT spending, especially for cybersecurity tools. However, as organizations added to their toolset, they seldom took anything away. It's always easier to add new tools to meet new requirements than it is to retire old ones. This tool sprawl has left many organizations feeling a little bloated, and why 68 percent of respondents in the 2020 SANS Network Visibility and Threat Detection report indicated a desire to reduce the number of tools in use. However, it takes pressure for an organization to ask hard questions about a tool's utility and find better solutions—pressure that was lacking for most IT leaders, until now.
How to Rationalize Your Toolset
There's no simple formula that will work for everyone, but here are some guidelines and considerations as you seek to consolidate your organization's set of tools.
Understand your current and future requirements
A lot has changed in technology and business in the last five years. The COVID-19 pandemic itself has "un-stalled" cloud initiatives, added urgency to digital transformation efforts, and hastened the move to remote work. The threat landscape has also changed, as sophisticated exploits and malware have made organizations realize that prevention alone is not sufficient. Instead of trying to stop all attacks at the perimeter, they are shifting their focus to detecting and responding to successful compromises. The process of rationalizing your toolset can help your organization adapt to changes in the technology and business landscape.
IT leaders should look three years ahead and then consult their teams to see their current toolsets are adequate to support these new requirements. If not, then is the right toolset going forward? Remember to focus on outcomes, not features. You may not need to replicate the exact feature set of a tool that should be retired if you can achieve the outcome in a different manner. In addition, instead of purchasing new discrete tools for new use cases, look for solutions that can cover a broad set of existing and new use cases.
Consider how to share visibility among different teams
Tool sprawl is both a cause and effect of silos between teams, which results in lack of communication and slower response to issues. Both Security and Network Operations teams rely on network and systems data, but look at it through different lenses. Consolidating your toolset around data platforms that both teams can use will not only help to save you CapEx and OpEx costs, but also provide teams with the shared visibility that is required for collaboration. Organizations that have achieved NetSecOps convergence see significantly higher rates of operational success, according to EMA Research in their 2020 Network Management Megatrends report.
Take Ulta Beauty, the U.S. cosmetics retailer, as an example. "Networking and security are so interrelated," says Ulta CISO Diane Brown. "It made sense for us to bring the two teams together into what we now call the 'secure network operations center' or the 'SNOC.'" Ulta provides both network engineers and security analysts with shared visibility into the environment through ExtraHop Reveal(x). (Read the case study or watch the case study video.) This has improved productivity dramatically. "The real value in ExtraHop Reveal(x) is the time we see returned to our engineers," said Brown. "That means they can focus on the things that matter, like projects, strategic initiatives, and—most importantly—innovation."
Calculate the benefit of rationalization
When creating the financial calculus for your organization, weigh the costs and benefits of your current toolset against a new rationalized toolset. Consider the following:
- How many teams currently use your current set of tools? The value of any particular tool to your organization is determined by how many people can utilize the tool. For example, many organizations have expensive network packet capture solutions for security or network engineering that are only used by a few engineers when there is an incident. Certainly, access to network packets for root cause analysis is a legitimate use case, but if it can be accomplished by a solution that is accessible to a variety of teams, then the value to your organization will be greater.
- What is the benefit to your organization of greater visibility? Visibility does have value for your organization and can be quantified in terms of reduced risk (through faster time to detection and resolution) and improved user experience for your critical applications (through improved monitoring and troubleshooting).
- What are the CapEx and OpEx costs? Capital expenditures are easier to measure and include hardware and software license costs. Ask your teams when your existing solutions will require a hardware refresh—if the appliances supporting your current platform will reach end-of-life within the next couple years, that strengthens the case for consolidation. Operational costs are less obvious. To calculate OpEx, you need to understand how many FTEs are required to maintain the platform and how much rack space the solution uses.
Strange as It Seems, Now Is the Time to Instigate Change
Given that no one knows how the COVID-19 pandemic will play out, it is prudent to expect an economic downturn due to high unemployment and dampened consumer spending. This will put pressure on IT and cybersecurity budgets, even though companies need those functions more than ever to survive through accelerated digital transformation efforts.
IT leaders can optimize their budgets and support new requirements by rationalizing their existing IT and cybersecurity toolsets, especially when consolidating on platforms that address multiple use cases and can be shared among multiple teams. Many enterprise IT organizations have seen success replacing multiple legacy platforms with ExtraHop Reveal(x). Curo Financial replaced their Riverbed deployment when it came up for renewal with Reveal(x), which today provides the organization with shared visibility between Application, IT Operations, and Security teams. To learn more about Curo's success, download the SANS WhatWorks case study or watch the on-demand webinar.