Seven key questions for successful vendor consolidation
Vendor consolidation promises a great deal for stretched mid-market IT teams. Fewer licenses to manage, fewer updates to oversee, and fewer integrations to build and maintain all mean more time available for strategically valuable work.
Above all, though, vendor consolidation promises to reduce the number of vulnerabilities ‘in between’ different vendors’ systems – and so improve the resilience of companies’ overall protection. Indeed, according to Gartner, 65% of organisations who are currently pursuing or plan to pursue vendor consolidation expect to improve their overall risk posture.
That’s the goal. However, we know that it’s not a simple process or a straightforward journey. Indeed, of those organisations who have begun pursuing vendor consolidation, the biggest resulting drawback according to Gartner, (for 24% of respondents) was actually a reduction of the quality of their risk posture.
So what’s causing the negative impact?
The reality is that many mid-market firms are facing short term financial pressures that might impact their decision making. That’s not to say that quality vendor consolidation has to mean massive expense – but it is to say that if you grab the cheapest thing quickly, you’re unlikely to build a resilient consolidated security system.
Equally, every vendor does things differently. If you don’t assess your choices carefully, you’re likely to reintroduce those risky gaps between products. And as soon as they’re there, attackers will know how to target them. Suddenly you’re wide open to threats again.
So – how do you avoid falling into that 24% that fails to benefit from consolidation? And how do you make sure your risk posture improves as you consolidate? Here are seven key questions to consider when you’re establishing your vendor consolidation framework:
1) Come up with a plan – what are you trying to achieve?
It might sound obvious, but it’s always wise to put first things first. What is the goal of your consolidation programme? Being driven purely by cost savings or an arbitrary vendor cap isn’t going to yield the best results. What security goals do you need to achieve, and where are you seeing poor performance that needs to be improved? Shoot for those points, and let the end benefit guide purchase choices.
2) Have you developed a security framework aligned with your objectives?
In 99 cases out of 100, getting down to a single vendor is impossible and inadvisable. Instead, you need to consolidate the tools that make sense at the right time, with an eye to the future. You might start with a web security deployment and then add on application security and data loss prevention over time, ensuring the platform you’re using enables that journey. Again, ensure your business needs drive the process.
3) Have you mapped out if you’re going to have security gaps?
Consolidating frontline defences with fewer vendors can expose weak spots in your security. When you plan out your transitions, give particular attention to areas where two vendor systems will need to talk to each other for the first time. How are you going to bridge that gap and ensure the two systems work well together? Have you planned in a review process to identify further gaps that may have been missed?
4) What’s your total cost of ownership with a smaller number of vendors?
Cost may not be the best consideration to lead your consolidation strategy, but it is a significant area of benefit when done right. Keep track of the savings you’re likely to reap from the process, and ensure that the cost of ownership is moving in the right direction. If you’re seeing overall cost heading far northwards, there may be more procurement conversations to be had.
5) What’s your projected ROI?
This question takes the previous point a step further. Don’t just consider the cost of licences and maintenance – what savings will you see in terms of staff time and resource? What cost benefits are you going to see in the wider business? You may well see less disruption to other teams as a result of smoother security processes, and of course there’s the projected benefit of reduced time neutralising threats that penetrate your first line of defence. Overall, ROI may be more significant than immediate bottom-line savings.
6) Are you working with the right partners?
Sometimes, the work of a consolidation programme could be massively reduced by the right VAR or MSP – someone who understands your business and needs, has a shrewd knowledge of the vendor market, and can help you get up and running fast. If the legwork or research required feel outfacing, consider finding a trusted partner that can help thin the field – and identify the best solutions for you.
7) Are you heading into any technological dead ends?
Don’t make the mistake of seeing consolidation as a simple retrenching of what you’ve already got. As you move forward with new vendors, you will need to make choices about which technologies and approaches to invest in. As you do, make sure you’re not pursuing dead ends. VPN technology, for example, is a dying art, and for good reason – as we move towards a world where zero-trust approaches deliver more flexible, granular, resilient security, VPNs are not only outdated – they actively stand in the way of your organisations’ evolution.
Join us next week as we explore what the true benefit of vendor consolidation is for small-medium organisations. Can’t wait for the next blog? You can download the Gartner® Infographic behind the series now.