IT Solutions, Managed Services, Structured Cabling — Telcion

View Original

Security Vendors: Is It Better to Have One or Multiple?

Reading Time: 5 minutes

We often get asked how important it is to have multiple security vendors versus invest in a single vendor security strategy. This is a good question and worth considering.
 
The reason this question comes up is because we have clients who are concerned about relying on a single vendor to protect them from all angles. Can one IT security vendor stay on the forefront of security technology without having any holes in their products? This is a reasonable concern, but there is no straightforward answer. It will largely depend on your environment, size, and general IT philosophy. Let’s explore the possibilities. 

A Multi-Layered Approach is Important

The first thing to consider is that it’s very important to not depend on one product category for protection – for example, it’s not enough to just own a firewall. A multi-layered security approach that includes multiple product categories will provide the best protection. The more layers, the higher chance of maintaining a strong security defense.  A multi-layered approach contains some or all of the following:

  • Firewall with Intrusion Prevention

  • Cloud DNS Security

  • Endpoint security

  • Network Access Control

  • Multi-factor authentication

  • End-user training

  • Backup and Remediation

  • Security Management

As you evaluate each of these layers and the vendors that have products in these categories, you will see that there is no single vendor that has a solution for every one of them.  However, there are vendors that provide solutions for many of them.   

Pros & Cons

Single Security Vendor

Pros

  • Single pane of glass management

  • Ability to negotiate pricing by combining multiple solutions together in a single package

  • Not just one hardware/software vendor, but one IT integrator that will know all products and how they work together best

  • Less training required

  • No finger pointing - vendor technical support can’t point the finger at another vendor

  • One partner, one account team, one contract, one support number

  • One trusted security advisor

Cons

  • Fewer product choices

  • May be best in breed in some products, but not all products

  • Multiple vendors will likely have overlap in their product features, so you may buy the same feature more than once (like content filtering)

  • Dependent on a single vendor to stay current on the latest threats

  • Product innovation happens at vendor’s pace

Multiple SecurityVendors

Pros

  • If one security vendor doesn’t find the latest threat, maybe another one will

  • More product choices

  • Lower risk of being locked into one vendor or product

  • Lower total cost of ownership potential if you can get smaller vendors to compete with each other for your business

Cons

  • No single pane of glass management – different portals for each product

  • Higher training costs to be effective on multiple vendor products

  • Multiple security vendors will likely have overlap in their product features, so you may buy the same feature more than once (like content filtering)

  • Finding an IT integrator that knows all of your products and how they work together will be more difficult and may require multiple IT integrators

  • More security vendors equals more complexity, making it more difficult to manage the security environment

  • High procurement costs when buying one product versus packaging an entire solution together from a single vendor

  • Smaller vendors are likely to be acquired over time, while larger vendors have broader portfolios with longer lifespan and support

  • Technical support may point fingers to other vendors

  • Updates and maintenance from multiple vendors creates a more complex environment to manage

Which is Best for Your Business?

A single-vendor approach may be the right choice for your business if:

  • Managing multiple vendors is too complex and time consuming.

  • You have limited IT resources that can only stay current on a smaller range of products.

  • You need IT resources that can work on a stable and reliable environment of one vendor.

  • You already have a good working relationship with a single vendor that understands your security environment. Why add complexity with additional vendors?

  • You do not need every component in your security stack to be best of breed. A functional, reliable, and predictable system is enough to achieve your business goals.

  • You have a desire to work with a single IT security vendor and integrator who understands all of the products and how they work together to complete an overall security strategy.

A multi-vendor approach may be the right choice for your business if:

  • You have a large IT staff that can dedicate resources to managing each vendor or product.

  • You are managing your own security strategy and have a dedicated security group.

  • The IT investment of your company is a strategic asset and having the latest tools and innovations is of high importance.

  • You are willing to invest in smaller, unproven companies with bleeding edge features in order to have the latest tools at your disposal.

  • You are willing to sacrifice ease of management of the entire security portfolio in order to have best-in-class products.

Conclusion

Most of our clients prefer a single-vendor approach for the reliable and smooth operating environment it provides and because there is value in streamlining your operations with a complete solution on a single platform.  Likewise, there are instances when a multiple-vendor strategy works well.  

For most companies—especially growing small and mid-sized businesses—budget is a major consideration in every technology decision. Unless you have a full IT team with diverse expertise and the experience needed to manage a multi-vendor strategy, a single security vendor strategy is likely best to minimize equipment management and costs. 

Additional Reading
How to Keep Tabs on Your Network Security
Protect Your Business with a Multi-Layer Security Approach
Security Best Practices for the Everyday Joe