As enterprises navigate a rapidly evolving threat landscape, balancing vendor dependencies and technological innovation remains a central challenge. In this ETR Insights interview, we explore evolving strategies and challenges in enterprise security with the GRC Director for a global hospitality enterprise. Key topics include the use of leading vendors like Wiz, Rubrik, Okta, and CrowdStrike, balancing vendor lock-in with best-of-breed solutions, managing a global security stack, and leveraging innovative tools for cloud security, identity access, and ransomware recovery.
Managing Complexity in a Global Security Stack
Multilayered Security Approach. Our guest's organization employs a four-pillar security strategy: Corporate Security, Governance Risk & Compliance (GRC), Cloud Security & Engineering, and Security Operations. This comprehensive approach ensures robust coverage of their global IT footprint. While certain operations are managed in-house, the company relies heavily on external vendors for specialized needs, particularly in cloud security and identity access management. The Director emphasized the importance of aligning security strategies with overarching business goals: "Technology decisions must directly support business objectives while maintaining the highest security standards."
Wiz: Cloud Security Innovator. Wiz emerged as the cornerstone of the enterprise’s cloud security strategy due to its seamless integration with Google Cloud Platform (GCP), their primary infrastructure. The Director highlighted Wiz's ability to provide real-time visibility into containers and virtual machines, as well as advanced vulnerability management. "Wiz offered unmatched compatibility with GCP and has been instrumental in shaping our hybrid cloud environment," they noted. Their long-standing collaboration with Wiz underscores the vendor’s adaptability and innovation in addressing enterprise-specific challenges.
Okta: Backbone of Identity Management. Identity and access management remains a critical focus area, with Okta playing a central role. The organization has expanded its multi-factor authentication (MFA) capabilities, integrating tools like Duo and FastPass to complement Okta’s features. The Director shared their caution regarding vendor lock-in: "While Okta provides excellent functionality, we continue to explore supplementary solutions to mitigate over-reliance."
Rubrik: Ransomware Recovery Game-Changer. Rubrik has been a recent addition to the enterprise’s disaster recovery arsenal, chosen for its automation capabilities and support for hybrid cloud environments. The Director praised Rubrik’s potential in ransomware recovery: "Rubrik’s orchestration and recovery automation provide a much-needed safety net in today’s threat landscape."
CrowdStrike: Reassessment Underway. While CrowdStrike has long been a leader in endpoint security, the July service outage has prompted this enterprise to evaluate alternative vendors like SentinelOne and Fortinet. However, the lack of immediate alternatives keeps CrowdStrike in their stack for now.
ETR Data: With an expanding portfolio of security offerings, customers indicate net-positive plans on future usage of Rubrik products. In a recent drill down survey on the vendor, an aggregate 40% of respondents indicated plans to add at least one Rubrik product in the next 12 months, whereas only 23% of respondents have plans to stop using at least one Rubrik product. Reach out for a deeper dive into our recent data set on Rubrik.
Balancing Vendor Lock-In and Innovation. A recurring theme in the discussion was the tension between vendor lock-in and the need for best-of-breed solutions. Despite a deliberate diversification strategy, this enterprise faces challenges in consolidating its vendor stack due to the specialized expertise required for different use cases. "Vendor harmonization is a long-term goal, but expertise and unique capabilities often necessitate a broader vendor ecosystem," the Director explained.
As enterprises grapple with complex security challenges, the emphasis remains on leveraging innovative tools while mitigating risks associated with vendor dependencies. This global enterprise’s strategic approach offers a blueprint for balancing adaptability, innovation, and resilience in the face of evolving threats.
To dive deeper into this interview and access ETR's full Transcript Library, reach out to your ETR service rep today! Stay ahead of the market with actionable insights into vendor performance.
Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai