Sometimes, technology can make things overly complex.

Even with the best of intentions, there can be too much of a good thing. In the world of cybersecurity, complexity has been a mainstay, but in recent years, it has grown beyond its breaking point and has become a liability for security practitioners.

The Forrester study, titled Security Through Simplicity (Dec. 2018)—commissioned by the Microsoft Security team—clearly shows that digital transformation, while necessary for business success, compounds the complexity of an already tangled security threat landscape. However, the study also found a correlation between vendor consolidation and strategy modernization to reduce security complexity.

Digital transformation introduces new levels of complexity

Digital transformation is a critical shift under which businesses are using data-powered platforms and applications to improve nearly every aspect of their business operations. New open ecosystems and the democratization of data means more users in varied locations sharing data across more applications, devices, platforms, and environments—both internally and externally.

As businesses continue to digitize processes, security teams must contend with an increase in attack vectors and more complicated management, all while keeping pace with increasingly sophisticated attackers. In the face of this massive challenge, security teams must evaluate and refresh their legacy security procedures, tools, and skill sets to accommodate a new and adaptable approach to enterprise security.

In the study, paid for by Microsoft, Forrester asked 481 IT security decision makers, “How challenging are the following security goals/objectives to achieve?” and found them all to be highly or extremely challenging:

Infographic showing 59% correlate security alerts from disparate technologies to detect actual threats, 57% hire trained IT security staff, 57% modernize their organization's IT security strategies, and 60% retrain IT security staff.

Reducing security complexity

So how are enterprise IT security teams successfully reducing complexity to improve their security efforts in the face of digital transformation? The study found an interesting correlation between vendor consolidation and strategy modernization in successfully achieving both business and security initiatives, when executed in concert with each other.

A high number of disparate security solutions in place for on-premises and cloud infrastructure and applications makes visibility and central management extremely difficult. Reducing the number of disparate security point solutions that must interact with each other—particularly older, legacy ones—brings complexity down to a manageable level and allows businesses the visibility, security, and control to expand their digital adoption with confidence. Vendor consolidation and modernization can also yield cost savings by lowering technology budgets, increasing management efficiencies, and avoiding the costs of a data breach or regulatory noncompliance.

A small subset (11 percent) of enterprises that have successfully achieved both critical initiatives, modernization, and vendor consolidation, have been able to reduce complexity and reap the rewards of digital transformation. These organization are:

  • 54 percent more likely to feel that their IT security strategy helps them to digitally transform their organization.
  • 42 percent more likely to feel that their IT security strategy helps reduce risk of a customer data breach.
  • 33 percent more likely to feel that their IT security strategy improves their customers’ experiences.

Key recommendations

Companies undergoing digital transformation seek new ways to engage with customers, create additional revenue streams, and place innovation at the forefront of their corporate strategy. Failing to secure their digital assets can lead to those same organizations forfeiting hard-won successes.

Forrester’s in-depth survey of 481 IT security decision makers yielded several important recommendations:

  • Implement security by design.
  • Consolidate security vendors and security solutions.
  • Increase measurement, analytics, and reporting capabilities.
  • Discover and manage shadow IT.
  • Adapt security to users.

Get your copy of the full study.