Updated: Mar 15, 2021
Thoughts on Convergence Strategies
Hello and welcome to the ICM Cyber Blog. I wanted to share with you my thoughts regarding toolset convergence strategies and effective ways to approach your architecture and design efforts.
It should come as no surprise that most Cyber Defense Leaders are once again being asked to do more with less. It’s a common dialog year over year and the built-up economic effects of the pandemic are starting to tighten organizational finances. Coupling financial constraints with the lack of available skilled cyber warriors, the maintenance effort and expense to sustain multiple point solutions, and the availability of integrated platforms (well at least Integrated Platform 1.0) by toolset providers makes the option to move to a converged platform very attractive.
As we have helped many organizations develop successful Convergence Strategies over the last several years, ICM Cyber is advising our clients to follow these guidelines:
1. Convergence does lower Total Cost of Ownership and Operations over time but the impact on budgets in Year 1 to 3 is generally an increase in spend. There are several factors contributing to the increase in spending including initialization costs, implementation consulting, and the licensing of new capabilities that are available in the converged platform. This “bump” in immediate spend will be offset by the reduction of software and support costs versus a similar point solution investment and improved efficiencies in staffing. However, prepare your leaders for the reality that they will need to spend more to ultimately spend less.
2. Convergence Strategies should center around horizontally layered platforms such as an inbound and outbound content control platform and not a vertical platform (i.e. Sandbox – Edge – Content – Endpoint – Information Asset Store from a single Technology Provider). Why? ICM Cyber dedicates resources to think about smart guy stuff like detection algorithms. A vertical platform is typically going to take advantage of shared threat intelligence and a common analysis engine backplane (i.e. the algorithms). So, if your Edge Protection uses the same threat determination as your Endpoint Layer, are you really that resilient? This isn’t to say that you must give up operational efficiency for operational resiliency – but you need to structure your internal operations to work efficiently with integrated horizontally layered platforms (i.e. Edge Platform to Content Platform to Endpoint Platform)
3. Convergence Strategies require a village. If you consider that most converged platforms will require multiple disciplines for installation, and have multiple operational integration points, you must involve the many operational units of your enterprise as early as practical in the toolset evaluation, testing and design process. No one likes to find out about an enterprise level change last minute, and you will often find that subject matter experts from other areas of the enterprise will provide invaluable insight into your environment’s specific realities and nuances. More communication (which is harder) leads to a better, cleaner implementation (which is easier).
4. Toolset Marketing means well but the reality is that nomenclature varies in meaning between organizations, and in highly dynamic change eras, the marketplace often sees diverse terms in use as definitions are still fluid. Case in point – what is your interpretation of Zero Trust Network? Or Converged Edge? Or Dynamic Content Control? Or Enterprise Detection and Response? Take your time to investigate what a Provider actually means by a term. Don’t assume. Surround a term with guide rails so the conversation stays centered during your due diligence phase. After all you, your Tool Set Provider, and your Integrator all want a positive outcome. Be definitive so that “Expectation meets Reality” post contract.
I know this blog was a little longer and more verbose than usual. It is my sincere hope that our experiences and guidance allow you and your organization to modernize and converge your cyber defense capabilities with a minimum of pain and a maximum of benefit.
If you would like to discuss specific toolset capabilities or collaborate further on Convergence Strategies, please reach out to your ICM Cyber Client Director or myself.
We are, first and foremost, here to help.
Mark Mahovlich Vice President of Strategy & Execution