In a rapidly digitised world, tech management's scope of responsibilities is exponentially broader. In response, vendors now include premium support and training on top of traditional products. New offerings might have started as a way to manage rising operating costs, but they now provide the most value by handling operating complexity.
Consider cybersecurity, which is just one facet of IT management. According to a report on CIO.com, companies deploy about 70 individual security products in hopes of providing comprehensive security. Managing these offerings presents a significant burden, which ironically causes cybersecurity to suffer. This dilemma puts companies in an ambiguous position where any security additions they make open them up to more risk and further complicate their tech management.
Some companies have recognised the unsustainable nature of this situation and opted for a "less is more" approach to vendor selection. Because individual vendors offer a broader range of services, it’s possible to rely on fewer of them and simultaneously streamline tech management.
This same trend has led companies to rely on engineers to handle traditional security workflows. Experts who understand the underlying tech (instead of just the overlying security features) deliver more value to organisations and reduce the footprint of their security teams.
Companies that reconfigured their security strategies have already seen demonstrable improvements. Better yet, they've verified that this model is possible for companies of all sizes.
A new security strategy in action
By simplifying tech management, companies enjoy other benefits. For instance, relying on fewer vendors makes life easier for CSOs and the teams they lead. With fewer tools to oversee, CSOs can maximise each solution's value and better fortify their systems.
The right vendors can also help teams relieve the stress of hiring challenges. Competition is fierce for top security talent, and many companies have roster shortages and skills gaps they’re struggling to fill. Technologies that automate time- and labour-intensive workflows allow smaller teams to complete more work and use their skills more productively.
When factoring in the operational savings, the case for vendor consolidation seems obvious. The main reason it's not more widely used is change aversion. Making complex changes is hard, and the teams responsible for leading these efforts are understandably wary. Many rightly assume they lack the time and skills to implement automation successfully. Poor coordination between the engineering and operations teams also doesn’t help.
Each of these objections is actually an argument in favour of vendor consolidation and engineer engagement. Companies worry about how new approaches will disrupt tech management, but that fear is misplaced. What should concern them is how much longer they can sustain their current path.
Transitioning tech teams
With engineers taking on day-to-day responsibilities for security operations and vendors playing more prominent roles, companies will need to prioritise change management. Just because this change is beneficial (and inevitable) doesn’t mean it’s entirely organic. Organisations can use these strategies to optimise those efforts:
1. Explain the motives. Business leaders must let their companies know about their visions. This change should deliver IT projects that support critical business objectives and keep existing infrastructures unbothered and compromised. Leaders must communicate the why behind these initiatives to secure top-down buy-in and improve operations.
2. Empower the centre. As organisations invest more in security operations centres, or SOCs, they can't stop detection at incidents. Instead, they should consider getting visibility into operational issues that are equal — albeit, less sexy — threats to the business. When defining SOC strategy, leaders must articulate how shifting responsibilities from engineering to operations will automate the detection of violations related to performance and configuration best practises.
3. Engage the experts. Companies need to find ways to show their engineering and operations teams how this change will boost productivity and increase the volume, velocity, and quality of IT projects. By using automation to move operational responsibilities to engineers, they can collectively reduce the human labour (and potential human error) involved in operating the infrastructure. If the IT organisation succeeds, there will be additional opportunities to nurture professional growth and ambition for all team members.
4. Extend the solution. Operations teams have a wealth of device-specific and tribal knowledge about how to solve problems when they arise. Businesses should select technologies that have out-of-the-box automation capabilities and will be able to adapt and grow as organisation, network, and security needs change over time.
5. Emphasise integrations. The easiest way to build trust is to be reliable. Companies could showcase the performance of engineering to operations through automated reports that include issues detected, resolved, etc. They would be wise to find solutions that can serve as sources of truth for the detection of operational infrastructure issues, including recommendations for how to fix them.
As companies begin to reconfigure security operations, lean teams require technologies that can complete large volumes of work with high levels of accuracy. Once the right people and the right processes are in place, the unthinkable happens — technology becomes manageable.
Yoni Leitersdorf, founder and CEO, Indeni