Skip to content

Search the site

Single vendor IT and security strategies are creating risk

Cloud access security brokers, secure web gateways, and zero trust network access are all...

Today, organisations the world over are going ‘all-in’ with single vendor IT and security strategies. The rise of the ‘as-a-Service’ model, for instance, has played a huge role in widening software and infrastructure options, and picking one partner to deliver a multitude of services is more practical than ever. In doing so, businesses are enjoying new levels of convenience, and with outsourced IT doing much of the heavy lifting, in-house technology professionals are focusing on more strategic priorities.

The arguments in favour of a single vendor approach are, on paper, powerful, writes Nat Kausik, CEO and Founder of Bitglass. It can, for example, help eliminate interoperability challenges, make technology upgrades and rollouts easier or ensure a consistent level of performance. The problem is that relying on a single vendor strategy can also increase the risk of a cybersecurity breach.

Think of it this way: at the heart of a single vendor strategy sits a huge level of trust. For instance, users must have faith that their preferred provider can identify and address their own security vulnerabilities. What should be of concern, however, is that an all-in strategy is prepared to accept that level of risk even when other critical business functions such as Quality Assurance (QA), development, manufacturing and building are typically kept separate to ensure overall integrity.

In reality, placing complete trust in single vendor IT and security flies in the face of recent high profile attacks and breaches. For example, the hackers responsible for the notorious SolarWinds hack were able to move from a single compromised laptop to the company’s Active Directory and then to its Azure Active Directory and Office 365. From that point onwards, they were able to carry out “the largest and most sophisticated attack the world has ever seen,” according to Microsoft President, Brad Smith.

Clearly, the Solarwinds attack was highly sophisticated and targeted. It was carefully planned and executed to compromise a large number of systems worldwide. Given Microsoft is so popular and heavily integrated into IT strategies of many thousands of organisations, it made sense for them to target those environments and applications in order to access the maximum number of networks.

Without a doubt, Microsoft has invested heavily in its security infrastructure, but the problem is while it’s comparatively easy to improve the performance of cloud services, it’s much harder to make applications fully secure because technology organisations of all kinds tend to be less aware of their own vulnerabilities than some of the bad actors out there.

This raises some huge questions, not least of which is: have those responsible for the attacks set a precedent for others to target companies that rely on Microsoft Security infrastructure? Similarly, does it increase the risk that cybercriminals will focus more heavily on potential victims reliant on single vendor strategies in general - Microsoft or otherwise?

Supplementing single vendor IT security

As a result, it’s becoming increasingly important that organisations wedded to the single vendor strategy need options for additional layers of security. High on the list of priorities should be developing a strategy that provides consistent protection across every point of vulnerability in the IT estate.

Central to this objective is the integration of a suitable third party security product. By placing additional protection between applications and the security stack, each component can be partitioned to guard against attacks before they can spread throughout the network.

Fitting into this category are a range of technologies, such as cloud access security brokers (CASB), which can deliver end-to-end protection for data in any cloud service and any device. In addition, with solutions such as an on-device secure web gateway (SWG), organisations can decrypt and inspect traffic directly on user devices to deliver content filtering and threat protection. Other options include the implementation of a unique zero trust network access (ZTNA) approach that provides comprehensive and secure remote access to on-premises resources.

The opportunities for improvement don’t stop there. Secure access service edge (SASE) technologies, for instance, can streamline security by providing one unified platform that delivers comprehensive security across every element of the infrastructure. This approach takes the place of multiple, disparate solutions that have to be managed and updated separately. The point is, IT teams should evaluate the technologies available to them which can deliver better security within the confines of their current approach.

By building a security strategy that minimises the risks increasingly inherent in a single vendor approach, it becomes possible to create a win-win situation. Organisations can still deliver on technology consolidation with all the advantages that it brings, but don’t have to do that at the expense of safeguarding systems and data.

See also: This CISO went from the Army, to Federal Government, to Financial Services. Here's what he picked up along the way