Three-quarters of all enterprises expect to reduce the number of security vendors they use according to a recent survey, more than double the number from 2020. Credit: Getty Images A total 75% of organizations across North America, Asia Pacific and EMEA plan to consolidate the number of security vendors they use, a Gartner survey of 418 respondents found. That percentage has increased significantly, as only 29% were looking to consolidate vendors in 2020. The main reasons are an increase in dissatisfaction with operational inefficiencies and lack of integration of a heterogenous security stack, the survey found.Companies look to reduce the number of vendors they work with in key areas like secure access service edge (SASE) and extended detection and response (XDR). The survey found that 57% of organizations are working with fewer than ten vendors for their security needs.Perhaps as a result of this shift in enterprises’ priorities, some vendors have already started to combine some products to offer simplified enterprise security. In February 2022, for example, Forcepoint announced an all-in-one cloud platform that integrates zero trust capabilities and SASE technologies so security teams can manage one set of policies through a single console. Pros and cons of consolidating security vendorsWhile saving money could be a result of consolidation, it is not what is driving organizations. Sixty-five percent of respondents said they expect to improve their overall risk posture and only 29% expect reduced spending on licensing. Cost optimization should not be a driver, Gartner VP analyst John Watts said. Those looking at cutting costs must reduce products, licenses and features, or ultimately renegotiate contracts. A drawback of those pursuing consolidation has been a reduction of risk posture in 24% of cases, rather than an improvement.But if cost savings becomes a result of consolidation, CISOs can invest that on preventing attack surface expansion. “This trend captures a dramatic increase in attack surface emerging from changes in the use of digital systems, including new hybrid work, accelerating use of public cloud, more tightly interconnected supply chains, expansion of public-facing digital assets and greater use of operational technology (cyber physical systems—CPS). Security teams may need to expand licensing, add new features, or point solutions to address this trend,” Watts says to CSO. The time invested should also not be taken for granted. Gartner found that vendor consolidation can take a long time with nearly two-thirds of organizations saying they have been consolidating for three years. Another obstacle facing enterprises are rigid vendor deals, an issue faced by 34% of respondents. Gartner advises IT leaders to plan at least two years for consolidation.“Our survey results show that security vendor consolidation is a multi-year effort for most organizations and requires planning to replace incumbent vendors coordinated with both technology migration projects and contract termination dates,” says Watts.One of the main benefits of the consolidation move is the initial opportunity to drive better pricing discounts from incumbent vendors and their competitors. “As vendors expand their functionality, they are increasingly competing against vendors with whom they have not have historically competed. For example, a CISO looking to replace an incumbent SWG [secure web gateways] or CASB [cloud access security brokers] point solution with a converged SSE [security service edge] offering can drive improved discounting as vendors look to gain or protect market share against new competitors. However, CISOs need to be aware of overlapping contract terms and potential shelfware from new, underutilized features which may drive higher overall licensing costs compared to the current status quo,” Watts says.What drives enterprises toward SASE and XDRThose who plan to have adopted SASE within their organizations by the end of 2022 make up 41.5% of respondents, and 50% of respondents use SASE projects to simplify network and security policy management and improve security posture.Organizations that have plans to adopt XDR by the end of 2022 make up 54.5% of respondents. XDR has already helped 57% of respondents to resolve security threats faster.“While 89% of surveyed organizations want SASE and XDR to work together, security and risk management leaders will often opt to keep them distinct from one another but ensure they can interoperate. This is an approach validated by 46% of surveyed organizations, which allows for flexibility to select best-of-breed functionality,” said Dionisio Zumerle, VP analyst at Gartner. Related content brandpost Sponsored by Microsoft Security New threat trends emerge out of East Asia With total vigilance concerning the latest East Asian developments in the threat landscape, security leaders can enhance their readiness to safeguard against the most imminent dangers. By Microsoft Security May 14, 2024 5 mins Security news Equipped with AI tools, hackers make apps riskier than ever The odds of attacks are growing as attackers can now easily access code modification and reverse engineering tools. By Shweta Sharma May 14, 2024 4 mins Application Security feature Low-tech tactics still top the IT security risk chart USB-based attacks, QR codes for phishing and social engineering continue to be some of the most effective, now more dangerous with the help of AI. By Rosalyn Page May 14, 2024 9 mins Cyberattacks Social Engineering Data and Information Security how-to Download the SASE and SSE enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what SASE (Secure Access Service Edge) and SSE (Secure Service Edge) can do for their organizations and how t By Neal Weinberg May 13, 2024 1 min Remote Access Security Network Security Enterprise Buyer’s Guides PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe