Software developers, security experts, and even investment bankers all report that ‘tool sprawl’ is burning budgets and wasting employees’ time
Bloated software ecosystems saturated with underutilized or inefficient SaaS tools are bogging down practitioners operating across a range of different industries, but what can be done to remedy the situation?
Enterprises have complained repeatedly about being bogged down by the digital complexity in their IT estates, which is not only impacting productivity, but also expanding attack surfaces and exposing them to new cyber threats.
Research Red Canary’s 2024 Security Operations Trends report found 73% of security teams said their attack surface has widened by 77% in the past two years.
As a result, teams reported they spend twice as much time on operational tasks as opposed to improving their organization’s cyber readiness.
The research from Red Canary bears similarities to reports from other tech sector professions, with a recent IDC survey on behalf of JFrog noting that ‘context switching’ was a major problem reported by software developers.
A key factor behind this trend is that software developers are often forced to move from one environment to another due to the disparate ecosystem of tools used in their everyday work.
Nearly three-quarters (70%) of respondents told IDC that switching between different tools reduced their efficiency, with Katie Norton, research manager for DevSecOps and software supply chain security at IDC, stating “inefficient, poorly implemented tools” are squandering developers’ time and inflating costs.
Speaking to ITPro, Lauren Murphy, CEO of data consultancy Friday Initiatives, said current levels of tool sprawl are the result of firms trying to buy their way out of the problem by procuring new technologies to solve an issue, without addressing its root cause.
“Most companies look to tools to problem solve instead of taking a proper step back to fix their foundations. The issue is that foundational questions such as: what data do you have, what do you want to use it for, how do you protect it – are both slightly boring and also require a company-wide holistic solution.
Murphy added that if businesses took a hard look at their IT estate, they would likely find a number of tools they could happily remove without impacting operations.
“When they take a real look at what data they have and create an effective roadmap, most companies we work with can remove much of their tooling,” she said.
“This is because by aligning data strategy with business goals and removing internal silos, issues like duplication are fixed and tools are aligned to architecture, objectives and needs, instead of just ad-hoc use. Too many companies look to tools as a fast fix, when actually they’re a bandaid.”
IT leaders at investment banks say they are wasting millions on redundant software
New research from document automation firm UpSlide also found the investment banking sector is wasting millions in poorly managed software, with many tools rarely used by practitioners.
More than two-thirds (68%) of IT leaders told UpSlide their firms are wasting over a quarter of their remaining budget on underutilized software.
For those with budgets of over £10 million, more than half of leaders’ were wasted on redundant software that adds no value to the business.
In the investment banking sector, the problem only looks to be getting worse as an anticipated economic downturn will force many to economize on their IT spending, and a pessimistic economic outlook will likely have a similar effect in other industries.
Respondents told UpSlide they are facing cuts of more than 20% to their budgets, with 35% reporting the cuts would impact their business’ performance.
As a result, 55% of IT leaders said they were looking to establish stricter SLAs with software vendors, with ROI becoming the most important metric when choosing new vendors.
Platformization is the best way to consolidate your IT estate
Scott McKinnon, field CSO for UK & Ireland at Palo Alto Networks, told ITPro that although each individual tool was procured for a “well-intentioned purpose”, they end up creating a complex web of siloed data end-users are forced to spend time navigating.
“Organizations use an average of 32 tools to safeguard their networks and systems,” he said “Each of these tools was purchased to serve a specific, well-intentioned purpose, for example to protect a certain aspect of the enterprise, such as cloud applications or remote workers, or certain types of threats like file-based malware or DNS attacks.”
The answer, McKinnon argued, will be a shift towards consolidating tools through platformization, which offers a simplified user experience and can improve security outcomes.
“But in order for platformization to follow through on its promise, several critical requirements must be fulfilled. First, every product or service consolidated into the platform must be as good or better than the corresponding point products available in that space. Adopting a platform can never mean sacrificing security efficacy for simplified management or vendor consolidation,” he added.
“Next, the platform must be modular, allowing your organization to grow into the use of the platform over time. Finally, the platform must also enable native platform integrations that make each component even stronger than it would be on its own. All too often, vendors develop platforms as “ships in the night,” building a single UI, but with each product operating entirely independently beneath that UI.”
Source link