75% of organizations pursue security vendor consolidation: Gartner

75 percent of organizations are pursuing security vendor consolidation in 2022, up from 29 percent in 2020, a recent survey by Gartner said.
Document scanning
The best cyber security service providers are Symantec, Check Point Software, Cisco, Palo Alto Networks, and McAfee, according to a research report.

The global cyber security market size is projected to reach $376 billion in 2029, at CAGR of 13.4 percent during forecast period, according to Fortune Business Insights.

“Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack,” said John Watts, VP Analyst at Gartner. “As a result, they are consolidating the number of security vendors they use.”

57 percent of organizations are working with fewer than 10 vendors for their security needs, as they are looking to optimize to fewer vendors in key areas like secure access service edge (SASE) and extended detection and response (XDR).

Gartner conducted the survey online during March and April 2022 among 418 respondents from North America, Asia Pacific and EMEA. Its objective was to determine organizations’ security vendor consolidation efforts and priorities, and the drivers and benefits of consolidation.

Organizations want to consolidate their security vendors to reduce complexity and improve risk posture, not to save on budget or to improve procurement. Sixty-five percent of surveyed organizations expect to improve their overall risk posture, and only 29 percent of respondents expect reduced spending on licensing.

Cost optimization should not be the primary driver for vendor consolidation. Organizations that look to optimize costs must reduce products, licenses and features, or ultimately renegotiate contracts.

Organizations that have not pursued security vendor consolidation yet indicated that the two primary impediments to consolidation were time constraints and having a vendor partnership that is too rigid (34 percent of respondents for each answer).

Lengthy procurement processes or requests for proposals are allowing for consolidated offerings, such as XDR for endpoints and SASE for edge connectivity and security with integration on the backend.

41.5 percent of respondents plan to have adopted SASE within their organizations by the end of 2022, while 54.5 percent of organizations have plans to adopt XDR by the end of 2022.

“Security and risk management leaders must consider XDR and SASE as compelling options to start their consolidation journey,” said Dionisio Zumerle, VP Analyst at Gartner. “SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints and other components.”

57 percent of organizations resolved security threats faster after implementing an XDR strategy. More than half use SASE projects to simplify network and security policy management and improve security posture.

While 89 percent of surveyed organizations want SASE and XDR to work together, security and risk management leaders will often opt to keep them distinct from one another but ensure they can interoperate. This is an approach validated by 46 percent of surveyed organizations, which allows for flexibility to select best-of-breed functionality.

Security and IT leaders should plan at least two years for consolidation as it takes time to effectively consolidate and consider incumbent vendor switching costs. It is also important to anticipate vendor M&A disruption as the security market is always consolidating but never consolidated.