Email Security

    How Many IT Security Tools Do You Need?

    How many IT Security tools are you currently using to keep your IT environment secure? Odds are, it’s too many.

    by Marc French

    There’s a big, big problem taking hold in the IT world today: IT/security teams are constantly expanding tooling and architecture to protect their organization from the latest threats. A recent research report from Optiv highlighted that the average number of IT security tools currently in use in any given enterprise environment is 75.

    It’s true that it’s a big, bad cybersecurity world out there. It’s true that attackers are getting more and more sophisticated and they do everything they can to stay one step ahead of the good guys.

    However, the approach of acquiring more and more information security technology as a means of keeping up runs counter to what our goal should be as IT security professionals. The level of these new IT security tooling implementations is unsustainable for most organizations outside the Fortune 100.

    This way of approaching the issue forces us to face down a dangerous arms race we have little hope of winning. It’s my hypothesis that we should instead use fewer IT tools to be more secure.

    With Security Infrastructure, Less Can Be More

    For most organizations, IT security resources are finite. This includes limited access to funds for personnel and technology, and time is short as well. For those without infinite resources, putting your people and technology on the most relevant and most critical possible cyber threats takes on major importance.

    Because of this, your enemy is risk distraction. Chasing the latest and greatest cyber threats out there may not be your best risk decision depending on how your organization profiles and what your biggest risks are on a day-to-day basis.

    As a rule of thumb, if you have implemented and are managing more than two tools per IT/security professional on your team, it may be time to reconsider your approach. You have to consider your force multipliers in this count (that includes your MSSPs, champions, proxies and vendors).

    Then, consider if you’ve truly implemented these IT security tools in question to their fullest capability. If you haven’t done that, you’ve likely created a bigger cyber risk as a result with a false sense of security.

    If you’re planning on attending the Gartner Security & Risk Management Summit at National Harbor, Md. from June 17-20, visit Mimecast at Booth 307 and sign up here to schedule some time to talk with us. We'd love to chat with you about your cyber resilience plans and how you can simplify your IT security environment.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top