Technology Rationalization Can Strengthen Security on a Budget

In today's hyper-connected world, businesses face an ever-evolving array of cyber threats. Emerging technologies, such as generative artificial intelligence (AI), enable cybercriminals to execute advanced, large-scale attacks at unprecedented speed. In fact, Check Point Research found that in the second quarter of 2024 alone there was a 30 percent year-over-year increase in global cyberattacks, culminating in 1,636 attacks per organization per week.

For many companies, the reaction to this dynamic threat landscape is to purchase a new tool every time they need to quickly address a new security gap or threat. In today’s threat environment, companies should understand that constantly innovating creates risk and the average midsize enterprise now has between 70 and 90 technologies in its technology ecosystem. Conversely, stagnation, or not innovating and expanding a company’s technology ecosystem in the right areas, also creates risk. This not only leaves security teams overwhelmed but also introduces additional risks, as the lack of proper management of these tools reduces visibility into security gaps, ultimately leaving organizations more vulnerable to attacks.

As we move into 2025, these challenges are compounded by economic pressures, forcing companies to reassess how they allocate financial resources for cybersecurity. According to the 2024 Security Budget Benchmark Report from IANS Research and Artico Search, 25 percent of chief information security officers (CISOs) are dealing with flat budgets, while 12 percent are facing budget cuts. This trifecta has left boards of directors facing a critical decision: how to defend against an unprecedented threat landscape amid sprawling security infrastructures and tightening budgets. One answer lies in technology consolidation and rationalization.

Stronger Security through Optimization

Improving cyber resilience doesn’t have to solely depend on increased security budgets. Organizations should also focus on the efficiency of the security tools already in place.

Technology consolidation and rationalization accomplish this by driving organizations to review their existing ecosystems to identify gaps in coverage and tool redundancies, to ensure tools are fully utilized and fulfill intended use cases, to eliminate tools that are no longer needed, and to find ways to integrate and optimize them across the board.

The impact technology consolidation and rationalization can have on a business is profound. First, management must identify the most important applications and data repositories in the company’s ecosystem. What data run the business? With an average of 70 to 90 technologies in an environment, not all applications or tools are created equal and certainly not all are mission critical. The CEO, chief information officer, CISO, and board must come together to identify and agree on the “crown jewels” of the organization. Once leadership honestly identifies and defines those mission critical crown jewels, then and only then can the optimization and rationalization journey begin. An honest rationalization will simplify and streamline corporate architectures and operations for greater efficiency. Identifying and defining the crown jewels will provide an opportunity to extract more value out of existing tools, saving money over time. This also increases visibility into the tool stack so that organizations can buy down systemic risk, strengthen their security postures, and achieve cyber resilience. 

Given today’s complex security environments and financial constraints, here are six steps directors can ask security leaders to take to rationalize and optimize technology within their own organizations:

1. Inventory security technology. The first step of optimization is understanding the entire security ecosystem. Audit and create an inventory of all security tools in the organization, from firewalls to intrusion detection systems. In addition, gather key insights on each, such as the tool’s security functions, drivers, and use cases. This will give comprehensive visibility into the existing security stack.
2. Analyze usage and effectiveness. Evaluate each tool’s usage, effectiveness, efficiency, and continued ability to meet the business and security needs of the organization. The outcome of this analysis will help determine which tools should be prioritized for retention or upgrade and which should be retired.
3. Identify gaps in coverage. Use visibility into the security tool stack to identify gaps in coverage. This allows any security holes to be filled before cybercriminals can exploit them.
4. Remove technology waste. In cases where tools aren’t being used frequently, they no longer produce results, or they no longer meet business and security needs, it is important to eliminate them to avoid unnecessary spend and risk.
5. Evaluate overlap. It’s common for different departments to procure their own solutions, leading to tool redundancies. Find opportunities for interoperability and integration throughout the enterprise.
6. Maximize the return on investment. Unlock supplemental tool capabilities and software licenses in existing solutions to ensure security investments are showing their worth.

In addition to taking these steps initially, it’s important to remember that technology consolidation and rationalization is not a one-time project. Because the process is dynamic, cyclical, and iterative, it requires a continuous commitment and regular reevaluation and reassessment of the security tool stack to ensure that it aligns with evolving threats and business objectives. 

Maximizing Security with Strategic Investment

As organizations plan for 2025 and beyond, technology consolidation and rationalization should form the bedrock of their cybersecurity strategies. It’s not just about cutting costs—it's about achieving a leaner, more focused, and more effective security posture. Modernizing in this way empowers organizations to protect their businesses no matter what external factors are thrown in their paths. 

Optiv is a NACD partner, providing directors with critical and timely information, and perspectives. Optiv is a financial supporter of the NACD.