With cyberattacks growing in sophistication and frequency, well-intentioned security professionals rely on a variety of tools to help them be proactive in protecting and backing up data. As the arsenal grows, however, many issues arise — including interoperability, management, governance, and usability.
Adopting multiple tools also doesn’t necessarily improve security response, and may achieve the opposite effect, according to the Ponemon Institute’s 2020 Cyber Resilient Organization Study. It found that organizations are averaging more than 45 different tools. Those using more than 50 ranked themselves 8% lower in their ability to detect an attack, and 7% lower in terms of responding to an attack.
So, what are the challenges with using multiple data protection tools and backup systems for cybersecurity? That’s the question we posed to members of the IDG Influencer Network, a community of journalists, industry analysts, and IT professionals who contribute their knowledge and expertise to IDG clients.
“There are serious risks of using too many different products to protect and back up data,” said Sridhar Iyengar (@isridhar), Managing Director at Zoho Europe. “Companies, therefore, need to have a well-defined strategy and specific areas of responsibility to ensure it is crystal clear how data is accessed and used, plus how it is stored, shared, managed, and protected across the enterprise.”
Wanted: Tools that are easy and interoperable
Too many cybersecurity tools can be overwhelming, say the experts:
- “The most interesting problem with using multiple data protection and backup systems is their tendency for conflict. For example, IT might use SVN to back up files to a check-pointed file system. If everything fails, do you restore the check-pointed file system first or the SVN repository? Generally, there should be only one backup system.” — Brent Kirkpatrick (@DrBKirkpatrick), Cybersecurity Consultant and Researcher at Intrepid Net Computing
- “Many of these systems are deployed for a special cybersecurity purpose. But enterprise IT ecosystems are so interconnected that every platform can provide a back door to enter another unrelated part of the system.” — Frank Cutitta (@fcutitta), CEO and founder, HealthTech Decisions Lab
- “If the solutions are not integrated, it is difficult and time-consuming to get a holistic view and react quickly without jumping from console to console and adapting to every available functionality.” — Candid Wuest, Vice President of Cyber Protection Research at Acronis
Specifically, using multiple solutions can increase the time it takes for incident analysis and security system maintenance, not to mention the learning curve.
“This can also introduce compatibility issues, where data from one system may not be able to be read by another, requiring more manual work, or additional applications to enable some form of compatibility,’’ says Topher Tebow, Senior Cybersecurity Researcher at Acronis.
“The more software you have, the more pieces there are in your security puzzle, and you may even find that a normally secure piece of code will become vulnerable if combined with certain other pieces of code being present on the system,’’ Tebow adds. “Using a single multi-layered solution can help to ensure compatibility and reduce the risk of adding unexpected vulnerabilities on your systems.”
The Influencers also pointed to other concerns when organizations use an overwhelming number of data protection and backup systems:
- Ease of use. “Most businesses today must protect data residing in multiple databases, proprietary apps, cloud file systems, and SaaS, and are operating a hybrid cloud or multi-clouds,” says Isaac Sacolick (@nyike), president of StarCIO and digital transformation leader and influencer. “It’s a significant challenge to provide seamless access to authorized employees while protecting data at rest and in transit from ransomware, device vulnerabilities, and disasters.”
- Staffing. “Can a cybersecurity team find and keep the needed expertise internally to use those multiple systems? That can be a tall order in some markets today,’’ says Will Kelly (@willkelly), Technical Marketing Manager for a container security startup.
- Technical debt. “There’s also the audit and reporting debt when teams have to do added work for audits and reporting because they’re using multiple tools and systems,’’ Kelly adds.
The experts also had a lot to say about the issues multiple tools can cause with collaboration and data access:
- “Organizational collaboration is difficult when different data protection tools perform similar functions, as it may be unclear how to allow a collaborator to access or modify data. Something as simple as data classification and labeling becomes overly complex and a nuisance to end users if they need to set a label in multiple locations, particularly when the labels are not consistent across tools.” — Kayne McGladrey (@kaynemcgladrey), Cybersecurity Strategist at Ascent Solutions
“We found that we need multiple data protection tools because none of the tools fully meet our cybersecurity needs. Plus, all tools must be accessible for my staff that is using and implementing them. Often, the cybersecurity tools are not accessible. So we get limited, and sometimes not as robust, options when we select tools that our entire team can use.” — Debra Ruh (@debraruh), CEO of Ruh Global IMPACT and Executive Chair of Billion Strong
With a multitude of tools and backup systems comes the need for proper coordination and management:
“The main challenge is coordinating and normalizing all of the information from the various tools. While it is one thing to have a tool, the administrator must be trained and know how to use it to get any benefit from it. Multiple backups also need security. And if it is regulated data being backed up, there is a risk in just having that data, which is yet another reason for tokenization.” — Ben Rothke (@benrothke), Senior Information Security Manager at Tapad
“The key with any data protection plan is to make sure you have documented what data you are trying to protect. This would also cover what tools are protecting each data class. Using multiple tools and/or vendors can be more complex and cause things to be missed or mismanaged if objectives are not clearly stated and processes not clearly documented.” —Adam Martin (@colttrickle), IT Director
There’s also an impact on end users. “One of the problems workers always talk about is how they must interface with too many different systems,” says Jeff Kagan (@jeffkagan), industry analyst columnist. “Most workers are not IT workers. Yet, this is the world they are forced to work in.”
Copyright © 2021 IDG Communications, Inc.