For European security professionals, when the calendar flips over to June it can mean only one thing – Infosec – and as usual IDC attended in force. Although not on the same scale as San Francisco’s annual RSA security conference, with some 360 exhibitors present it can be tough to pick out consistent themes from all the noise. However, there were some common threads to be drawn.
Unsurprisingly, the most commonly referenced topic at Infosec was GDPR. Any number of vendors would have you believe that they can help to achieve GDPR compliance (or support readiness), to varying degrees of relevance and success. But with that topic already covered extensively, including on this blog (see here for IDC’s take on the topic), it seems appropriate to take another perspective.
The other common theme I encountered at Infosec was a topic that the market cannot agree on a term for. It is variously referred to as unified security, integrated security, platform security, and many other names besides. Exemplars of unified security include FireEye’s Helix, Fortinet’s Fabric OS, Sophos’ Synchronised Security and Symantec’s Integrated Cyber Defence. See IDC’s European reporting on the topic (here and here) for more detailed explanation and insight.
Just what do we mean by unified security? Broadly speaking, these are platform solutions that allow enterprises to more easily manage and/or integrate the various products that make up their security environment. They come in two major categories: as a foundation, they foster integration within a single provider’s portfolio. At the next level, they also facilitate integration between various third party products. Critically, unified security vendors need to embrace the concept of open integration and APIs to maximise buy in from as broad a base as possible. For example, Symantec’s platform approach (see here for details) offers 100 integrations ‘out the gate’.
The reason why unified security is interesting is because it is a rare example of a security topic becoming prominent due to customer demand. This is in contrast with the usual cycle, where solutions come to market on the back of either the evolving threat landscape (e.g. ransomware) or developments in technology (e.g. next generation endpoint).
Unified security is on the rise precisely because of the problems caused by the threat- and technology-led nature of security product development. Incremental add-ons and product releases have contributed to security product estates becoming so complex as to be unmanageable. Indeed, some CISOs now regard their security estate as a risk itself, due to the lack of integration and visibility a multi-product environment creates. In response, enterprises seek solutions to cut through this complexity.
While there has long been anecdotal evidence of this trend, IDC now has a data-point to back up this claim. According to IDC’s 2017 Western European security survey, this is becoming a critical factor in European product selection. Roughly one third of respondents make spending decisions based on how well a product integrates with other products in their existing environment (which also lets them retire products, or consolidate vendors). For comparison, one third select products based on price, and the final third on technical capability.
We’ll soon be releasing a report that will provide further insight into IDC’s recent European security survey, watch this space! In the meanwhile, look out for vendors seeking to position themselves as ‘strategic security partners’ or ‘security platform of choice’. This will signal that the starting gun has been fired on the battle for unified security supremacy.
If you want to learn more about this topic and other related European Security trends, please contact Dominic Trott.