We’ve seen a tremendous amount of innovation and change in the last few years, but when it comes to computing, it will always move in iterations between the dynamics of centralized and distributed computing – from mainframes, to PCs, to data centers, to multi-clouds, and now to the enterprise edge.
For networking and security, it’s always been about connecting and protecting these computing resources. That’s why networking and security always follows computing. For managed security service providers (MSSPs), the shift to a much more distributed computing environment, characterized by hybrid clouds and workplaces, means that their services need to evolve as well. The question is, what is the best way to do that?
Author: Jonathan Nguyen-Duy, VP of field CISO, Fortinet
As we come to this inflection point, it presents a good opportunity to re-evaluate our current, multi-vendor approach. Up to this time, most MSSPs have sought the best technology possible, while balancing scalability and profitability. Driven by concerns over single points of failure, vendor lock-in, and having to take over management of someone else’s work, MSSPs have traditionally adopted a multi-vendor approach. The resulting compromise between performance and security was always problematic, but even more so now as MSSPs struggle to address more advanced threats, complexity, and the paradox of rarely actually having enough tools, resources or people to adequately manage an ever-growing sprawl of products and vendors.
We’re now at a breaking point as networking and security converge to deliver consistent edge-to-edge performance that is critical to all things in digital transformation – from multi-clouds, to Secure Software Defined Wide Area Network (SD-WAN), to Zero Trust Network Access (ZTNA), and Secure Access Service Edge (SASE). Accelerated computing, data-driven decision-making, connected platforms and all things digital transformation are driving the need for networking and security to work in concert, and the trade-offs and work-arounds of many legacy multi-vendor MSSP solutions are no longer viable.
The Perils of Complexity
The traditional branch-to-branch, hub-and-spoke, expensive MPLS network architecture is becoming a thing of the past, and the level of complexity is compounded as networks become more distributed. Enterprises no longer have well-defined network perimeters, and the attack surface now extends beyond traditional boundaries because of increased cloud adoption, remote work, branch office transformation, connected platforms, and edge computing.
Integrating multiple networking and security products gets increasingly difficult over time as more solutions are added to meet new requirements. In the IBM 2020 Cyber Resilient Organization Report, organizations reported deploying an average of 45 different solutions, and each incident requires coordination across 19 different tools.
Multi-vendor approaches are difficult to successfully operate because very few enterprises ever had or will ever have enough resources and staffing to manage that level of complexity. Much has been written about the cybersecurity skills shortage, but when have organizations ever had enough staff? It wasn’t like five years ago everyone had all the people they needed. The practical reality for most organizations is they didn’t then and don’t now. Dealing with the complexity of poorly integrated solutions and point products is a time consuming, resource intensive endeavor that often leads to siloed teams and security gaps. Lack of integration means limited visibility and control on the LAN, WAN, data center and cloud network edges. It’s no wonder that one of the most common problems cited by organizations is that they can’t manage their environments. Thus, we see why traditional non-integrated, bolted-on multi-vendor approaches have set up so many organizations for failure from the outset.
In a large, distributed network, making even a small change can cause issues in other areas of the network. Any additions, changes, or updates need to be tracked and managed, so that all areas of the network remain in sync and operational. And at remote sites, network deployments have the potential for configuration problems; installing and overseeing many remote locations and disparate branch topologies can drain resources. Adding more cloud resources increases the potential for misconfigurations that can compromise security as well. According to the Fortinet 2021 Cloud Security Report, 67% of surveyed cybersecurity professionals stated that misconfigurations remain the most significant cloud security risk facing their companies. It not surprising that Gartner recently reported that by 2025, 75% of large organizations will be actively pursuing a vendor consolidation strategy, up from approximately 25% today.
MSSPs are Judged on Performance
Enterprises outsource security to MSSPs because they don’t have the resources or inclination to handle it in house. Threats like ransomware have increased dramatically, rising more than 1100% from June 2020 to July 2021, and for MSSPs, their future depends on protecting their customers and keeping them from falling victim to an attack. At the same time, MSSPs are also being asked to support Secure SD-WAN as the reality of delivering better business outcomes and experiences requires converged networking and security solutions.
To better address the challenges of greater complexity and new customer requirements, MSSPs need to reconsider their traditional multi-vendor approaches. Instead of trying to integrate multiple point products and vendors, they should consider a platform consolidation strategy. The industry is moving towards integrated platforms and solutions, as evidenced by the integration of the Next Generation Firewall and SD-WAN. These unified platforms span premises to cloud environments, and provide the foundation for solutions in demand for distributed networks – Secure SD-WAN, ZTNA, and SASE.
Moving to a unified platform, or what Gartner calls a Cybersecurity Mesh, provides more consistent edge-to-edge performance along with centralized policy management and orchestration because everything is under a single “umbrella,” with unified visibility rather than multiple dashboards and reports. This type of platform can cover today’s highly distributed networks and features tightly integrated solutions that can share information for more accurate and accelerated detection and mitigation. Better performance also means better cybersecurity ROI. According to Gartner, by 2024, organizations adopting a cybersecurity mesh architecture will reduce the financial impact of security incidents by an average of 90%.
Of course, many MSSPs aren’t in the position to completely rip and replace their networking and security infrastructure in favor of a new single vendor platform. That’s why a gradual, strategic platform approach that focuses on a few strategic vendors and converges networking and security is the prudent course. MSSPs should consider the completeness of a vendor’s offerings from end-point security, to NGFWs and SD-WAN, level of cloud integration, cloud native capabilities, form factors, and consumption models. Most importantly, MSSPs should understand the level of integration across a vendor’s portfolio. Understanding bought versus built and a vendor’s ability to provide long-term support are key to an MSSP’s future success. In the end, providing managed security services today means delivering consistent networking and security performance for better outcomes and experiences.