The Great Consolidation Debate – What Is Security Stack Consolidation?


This is the first part in a series from TMG talking about security stack consolidation. Stay tuned for more in-depth discussions of the pros, cons, common pitfalls, and more of security consolidation. 

When you get enough security professionals together in a space these days, two things tend to happen. 

First, they start speaking in acronyms that make the conversation nearly incomprehensible to non-security people. (This, as anyone who has ever met someone in security will confirm, is not novel behavior.) 

The second thing they tend to start doing is start talking about security consolidation.

What is security stack consolidation? 

To explain this conversation, let’s look at another industry where the same trends have occurred: television and streaming entertainment. 

For those of us who are not surprised to find a gray hair on our heads, we remember a time when television services were mostly delivered through cable providers who also happened to be ISPs. These companies introduced many people (some might choose the word “forced”) into the idea of bundling services. If you wanted sports channels, they came in the package with celebrity news. Even more sports channels meant you were tied into more home shopping. Oh, and your home phone and internet were tied into these bundles as well, with very little negotiating room, notoriously terrible customer service, and random price increases. 

Looking back, it shouldn’t have been surprising when customers started growing disgruntled with the state of affairs. The early cord cutters – the ones who cut cable and went fully to streaming services – showed us that we could start to cut the “fat” of our entertainment by choosing streaming services instead. 

Fast forward a little bit and jokes about the nonsense of juggling bunches of streaming services are almost as trite as comedians in the ‘90s asking why they don’t make the whole plane out of the black box material. This is also as we are starting to see streaming services merge and bundle their offerings again. Building back toward the entertainment consolidation customers fought against. 

The difference in the security world, of course, is that the consequences of these scattered services aren’t where to binge a series over the course of a weekend. These consequences result in possibly catastrophic losses of data and costs recovering from disaster. 

Why are security teams considering consolidation again?

The pipeline from consolidated services under a large corporation’s umbrella to more bespoke, independent options, and then back toward consolidation mirrors the security world. 

Security and finance teams grow frustrated with bundled security services they didn’t use or need from the mega corporations. They started building out their own set of security stacks and filling gaps with both large and independent vendors based on compliance and best practices. However, many organizations found this has become unmanageable for their teams for a variety of reasons, such as:

  • Tools have difficulty talking to each other and often overwhelm security teams with redundant alerts.
  • Teams having trouble managing all the different tools and UIs. 
  • Updates can be manual processes that are easily missed. 
  • Company acquisitions can lead to uncertainty and fears of sunsetting the technology entirely. 
  • Multiple bills and contract renewals a year with various vendors.

The debate around consolidation often centers around the idea of perfect conditions versus reality. In an ideal world, security teams could pick and choose their very best security stack tools and technologies across all the vendors based on needs, coverage gaps, staff, etc. If every tool and technology integrates well with one another, and the staff is trained and plentiful enough to manage updates and alerts, it’s likely this bespoke setup would, indeed, be the “best”.

As we all know, though, we are far from living in these perfect security conditions. Security budgets are tight, teams are stretched, and integrations often fall far from their vendors’ promises when implemented. The question then becomes if consolidating security stacks with major vendors, with (ideally) more native integrations, fewer panes of glass to manage, and almost-as-good (if not just-as-good, in some cases) protection is worth the risk of putting more eggs in one basket and the hassle of dealing with behemoth vendors who can be much slower to respond to issues and mired in layers of red tape.

How to navigate the consolidation debate

The debate around consolidation – just as in all security decisions – is never about if it’s a “good or bad” idea, but rather a company’s risk tolerance. Is 80-90% coverage of your security needs with a single vendor less risky than a hodgepodge of different solutions?

One company’s security needs and coverage are inherently going to be different from another’s, based on their setup, scaling abilities, locations, budgets, teams, and many other factors. And while their teams are stretched trying to keep everything safe, they can’t also be expected to be experts in all the different solutions, vendors, bundles, and security landscape. This is where TMG comes in- to help with security stack consolidation. 

As technology acquisition partners, we understand the pain points security teams are facing. We while also having a firm grasp of the cybersecurity landscapes to help navigate your team. We can help guide you through the pros and cons of tool consolidation, as we have expertise with any number of setups, architectures, vendors big and small, and how they align with your business needs. Perhaps most importantly, we can help with the transitions, as change management is often even more important than tool selection.

If you have questions about consolidating your tools, vendor selection, or anything else, please reach out.

Subscribe to get our most recent articles, case studies, events, and more delivered to your inbox: