One or Many Approach to Security Vendors... Which is Better?
We are often asked how important it is to have multiple security vendors versus invest in a single-vendor strategy. This is a good question and worth considering.
The reason this question comes up is because we have clients who are concerned about relying on a single vendor to protect them from all angles and that vendor’s ability to stay on the forefront of security technology without having any holes in their products. This is a reasonable concern, but there is no straightforward answer. It will largely depend on your environment, size, and general IT philosophy. Let’s explore the possibilities.
A Multi-Layered Approach is Important
The first thing to consider is that it’s very important to not depend on one product category for protection – for example, it’s not enough to just own a firewall. A multi-layered security approach that includes multiple product categories will provide the best protection. The more layers, the higher chance of maintaining a strong security defense. A multi-layered approach contains some or all of the following:
Firewall with Intrusion Prevention
Cloud DNS Security
Endpoint security
Network Access Control
Multi-factor authentication
End-user training
Backup and Remediation
Security Management
To learn more about each of these layers, sign up for the Network Security video series.
As you evaluate each of these layers and the vendors that have products in these categories, you will see that there is no single vendor that has a solution for every one of them. However, there are vendors that provide solutions for many of them.
Pros & Cons
Single Vendor
Pros
Single pane of glass management
Ability to negotiate pricing by combining multiple solutions together in a single package
Not just one hardware/software vendor, but one IT integrator that will know all products and how they work together best
Less training required
No finger pointing - vendor technical support can’t point the finger at another vendor
One partner, one account team, one contract, one support number
One trusted security advisor
Cons
Fewer product choices
May be best in breed in some products, but not all products
Multiple vendors will likely have overlap in their product features, so you may buy the same feature more than once (like content filtering)
Dependent on a single vendor to stay current on the latest threats
Product innovation happens at vendor’s pace
Multiple Vendors
Pros
If one vendor doesn’t find the latest threat, maybe another one will
More product choices
Lower risk of being locked into one vendor or product
Lower total cost of ownership potential if you can get smaller vendors to compete with each other for your business
Cons
No single pane of glass management – different portals for each product
Higher training costs to be effective on multiple vendor products
Multiple vendors will likely have overlap in their product features, so you may buy the same feature more than once (like content filtering)
Finding an IT integrator that knows all of your products and how they work together will be more difficult and may require multiple IT integrators
More vendors equals more complexity, making it more difficult to manage the security environment
High procurement costs when buying one product versus packaging an entire solution together from a single vendor
Smaller vendors are likely to be acquired over time, while larger vendors have broader portfolios with longer lifespan and support
Technical support may point fingers to other vendors
Updates and maintenance from multiple vendors creates a more complex environment to manage
Which is Best for Your Business?
A single-vendor approach may be the right choice for your business if:
Managing multiple vendors is too complex and time consuming.
You have limited IT resources that can only stay current on a smaller range of products.
You need IT resources that can work on a stable and reliable environment of one vendor.
You already have a good working relationship with a single vendor that understands your security environment. Why add complexity with additional vendors?
You do not need every component in your security stack to be best of breed. A functional, reliable, and predictable system is enough to achieve your business goals.
You have a desire to work with a single IT integrator who understands all of the products and how they work together to complete an overall security strategy.
A multi-vendor approach may be the right choice for your business if:
You have a large IT staff that can dedicate resources to managing each vendor or product.
You are managing your own security strategy and have a dedicated security group.
The IT investment of your company is a strategic asset and having the latest tools and innovations is of high importance.
You are willing to invest in smaller, unproven companies with bleeding edge features in order to have the latest tools at your disposal.
You are willing to sacrifice ease of management of the entire security portfolio in order to have best-in-class products.
Conclusion
Most of our clients prefer a single-vendor approach for the reliable and smooth operating environment it provides and because there is value in streamlining your operations with a complete solution on a single platform. Likewise, there are instances when a multiple-vendor strategy works well.
For most companies—especially growing small and mid-sized businesses—budget is a major consideration in every technology decision. Unless you have a full IT team with diverse expertise and the experience needed to manage a multi-vendor strategy, a single vendor strategy is likely best to minimize equipment management and costs.
Additional Reading