Indian security pros struggle with complex cybersecurity stacks amid rapid digitalization

Security professionals in Indian firms are facing an uphill task, as years of cybersecurity being an afterthought is catching up with firms. Experts say that amid rapid digital transformation during and post the pandemic, firms have been forced to adopt multiple security solutions, most of which do not work well with each other. As a result, security pros have to deal with a complexity that they’re not used to, leading to even more struggles in managing a company’s security posture.

“A majority of the organizations in India were pushed to swiftly adopt new technologies and a digital-first approach to allow the organization to continue working smoothly, even while being remote,” said Manish Sinha, Director Sales Engineering-India and SAARC, at Trellix, a cybersecurity firm. 

“This required them to deploy end-user focused security solutions. Endpoint security therefore became a critical and a more widely deployed component in the security stack. Similarly, as new needs arose and hybrid work culture became the norm, increasingly relevant solutions, as needed, were deployed. This has made the organization's security infrastructure complex, with some solutions being siloed, resulting in potential blind spots,” he added.

A cybersecurity stack typically includes firewalls, prevention systems, endpoint protection, and security information and event management (SIEM) systems. For this, firms end up using multiple disjointed solutions that are not built to work with each other, thereby limiting a security professional's ability to analyze threats and anomalies properly, said experts.

An April report by software firm Splunk, found that a major problem faced by many organizations, especially those in India, is the complexity of their tool ecosystems. Around 48% of security professionals in India said that their security stack is too complex as compared to 28% of their global counterparts, the report found.

“Over the last few years, due to the digital growth that has happened, security teams have a very large infrastructure to protect. It has become more and more complicated for them. Limited visibility and the severe shortage of talent have added to the challenge. When we look at the solution landscape, the tooling out there is very fragmented,” said Terence Gomes, Country Head- Security at Microsoft India.

Trellix’s Sinha also noted that managing and maintaining a complex security stack requires expertise across multiple technologies, constant monitoring and updating, in order to ensure effectiveness.

Sinha said that 67% of cybersecurity professionals use more than ten different security tools or solutions throughout their organization. He added that most organizations deploy multiple security tools, and each of them has its own set of features, functions, and data formats.

“Problems arise when these tools operate in silos and are not able to work as effectively within the larger security infrastructure. Organizations are hindered by an excessive number of disjointed solutions which do not give the holistic visibility needed to respond to incidents quickly,” he said.

A September 2022 report by Trellix showed that 70% of cybersecurity professionals feel that their current security tools don't enable their operations teams to work with maximum efficiency, leading to blind spots in their security infrastructure.

Further, Aloke Kumar Dani, partner at Deloitte India, pointed out that the job of security professionals is to find patterns and anomalies. He added that even as most solutions use artificial intelligence (AI) and machine learning (ML) to find patterns, they do it within themselves, leaving security analysts to extrapolate the results across the enterprise’s infra.

This leads to creation of data silos, which limit communication between different parts of the security team. As cyberattacks become more sophisticated, such silos hamper security professionals’ ability to thwart newer attacks, or identify them in advance.

Dani said that a lot of fintech and national critical infrastructure organizations heavily invest in security and end up with more solutions, which often do not integrate well with each other. He added that a lot of global captives with backend operations in India expect a good amount of heavy lifting to happen in India resulting in more workload.

Microsoft’s Gomes said that what is needed are platforms that can simplify the whole security approach and give companies visibility and a more integrated view of their security posture.