“How would it impact your business if you saved 40 to 60% on your overall security spend, and get better security?”
This is the question I ask clients most during consulting engagements. Typically there are a variety of responses that end with the question “how?”
On average organizations spend 5% of their total I.T. budget on security solutions and probably have the bare minimum. When those organizations attempt to adequately secure their environments or are driving towards compliance they spend 8 to 12% of their total I.T. budget on security solutions. They are purchasing many point products that don’t work well together. And because they are purchasing point products from several manufacturers there is no real relationship and the manufacturer, and potentially reseller, will want to make more because this is the only deal they are getting.
Imagine cutting your I.T. security spend in half
The following example is real and common. Recently we looked at the three security solutions a client purchased through us. This organization definitely purchases many more security solutions. These are just the ones we have visibility to. I am keeping the client’s name private because most organizations don’t want anyone to demonstrate what could be perceived as a lack of strategy. I am keeping the manufacturers private to keep this unbiased (even though there are a couple of manufacturers I do this with more often with than others).
To renew the following three solutions, this is what the client would pay for a new three year term:
- Endpoint Anti-Virus – $320,000
- Full Disk Encryption – $156,000
- Web Security Gateway – $182,000
The organizations current security renewal comes in at approximately $658,000.
We put together a package from two major security software and hardware manufacturers that included suites and a couple of their point products. One of the manufacturers is already represented in the environment in the Full Disk Encryption solution. We typically try to find at least one manufacturer the client has an existing relationship with when doing this and often look to an endpoint solution because they can be more painful to change.
This is where the new solutions landed on price for three years:
- Vendor A – $276,000
- Vendor B – $224,000
By consolidating security vendors we have saved this client approximately 42%, and got them more security.
What’s more, consider that this is only a few technologies and that there are a couple more typically implemented to protect client computing devices. Then consider the fact that you are probably spending 5 times this number in the data center. You can do that math on what those savings look like.
Strategizing with one security vendor can help to accelerate longer term plans with regards to security by helping to narrow the vendor selection and work on pricing.
The only question we typically get at this point is of the risk of having layered security from a single manufacturer. The various solutions offered from the leaders in this space today are very different. It’s no longer that you are getting the endpoint anti-virus signatures on the email gateway.
Security is one of those things that sound sexy in the news when something bad happens, but is considered nice to have in most organizations. Because security crosses all technology boundaries (servers, storage, networking, clients, etc.) it is easy to see how point products are purchased reactively to fill a gap. Developing a strategic partnership with as few security manufacturers as possible will yield the best capital savings, operational savings, and because things will likely work to get you better security.
As usual please feel free to reach out if you would like to discuss further.