RSAC 2017: The Value in Security Vendor Consolidation
In addition to the theme of securing a new perimeter-less IT model, another message I heard repeatedly in several keynotes at the 2017 RSA Conference was urging simplification and consolidation of security solutions and vendors.
In past years at RSAC, I’d heard the message that the information security industry wasn’t doing enough, and we needed more threat intel, more big data, more anything to help people protect themselves. This year, I heard that we need to be a bit smarter with what we do have, and start paring down to effect real change with security that works.
Planning for Chaos
RSA Chief Technology Officer (CTO) Dr. Zulfikar Ramzan opened Tuesday’s keynote address explaining that security isn’t just a technology problem; it’s a business problem.
One of his recommendations for businesses is to simplify what they can control. He quoted a customer he knew that had 84 different security vendors - how can you justify the return on that type of investment? By consolidating your vendors; that is, doubling down on vendors that work well and ditching everyone else, you can contain chaos at your organization.
The Coming Disruption in Security
Palo Alto Networks CEO and Chairman Mark McLaughlin gave a keynote on Wednesday morning about encouraging security innovation and the true measure of success in infosec. According to him, we’ll know when we’ve arrived as an industry when security is easy to use.
There’s not a lot of value in just consolidating vendors, but it’s ideal if you were actually more secure if you did that. With the high abundance of different security vendors in the market, we need to figure out how to deal with the growing associated complexity, consumption and costs. It’s really all about how security is delivered and consumed.
Delivering Effective Security Outcomes
VP Cisco Security Business Group David Ulevitch emphasized the need for more integrated and automated security solutions, stating that while we have the tools, we’re not using them to their full potential today.
The automation problem can be traced back to the siloed nature of the information security industry today that encourages people to adopt millions of security products. Companies may have up to 50 different siloed solutions that are bolted on and don’t talk to each other.
APIs, according to David, are a cop-out, as they shift the burden to customers. The infosec industry today needs integrations in order to drive security to be out of the box. One way to do that is to leverage the cloud for integrations, and as a way of delivering security policies by analyzing data and enforcing policies quickly. The cloud is not just another IT surface we need to protect - it can be used to drive security automation.
Check out the keynote speakers and videos on the RSAC 2017 website (click on the session titles to view the videos).
Simplifying Security With Duo Beyond
At Duo, we also believe simplification and consolidation is key to driving security effectiveness. Our latest product release, Duo Beyond, is a major indicator of those principles.
We combine verifying the identities of your users with ensuring the security health of their devices before granting them access to certain applications - the main pillars of our Trusted Access platform. By using Duo’s secure single sign-on (SSO), you can give your users secure remote access to certain cloud and on-premises applications without using a VPN.
With Duo’s Trusted Endpoints, you can easily identify and create policies for corporate-owned vs. personal devices accessing your applications by using Duo’s easy PKI to deploy device certificates, eliminating the need to manage your infrastructure.