The cybersecurity industry, and SaaS as a whole, is continually reshaping and changing through acquisitions. These deals have led to a boom in consolidated platforms offering multiple bundled solutions, and more companies attempting to satisfy multiple use cases through a diverse product portfolio.
However, these all-in-one platforms come with a cost (literally and figuratively). IT leaders and CISOs may now find themselves questioning whether an all-in-one vendor into which they’ve already sunk a lot of costs is better than simplified solutions that deliver on more focused use cases and value, minimizing shelfware. In this post, we’ll break down the pros and cons of using a point solution vs an all-in-one platform and why you shouldn’t get stuck in the sunk cost fallacy.
In September 2023, a staggering 28 cybersecurity-related merger and acquisition (M&A) deals were announced. Similarly intriguing: in the first half of 2023, more than 210 cybersecurity-related mergers and acquisitions were announced. These mergers included a wide range of companies, from SaaS giants like Palo Alto and Google, to mid-sized companies like the acquisition of Perimeter81 by Checkpoint.
All of these acquisitions and mergers mean there are now fewer unbundled cybersecurity solutions in the market. This has also created the opportunity for more so-called “all-in-one platforms” to sell the promise of a simplified security strategy. (Spoiler alert: simplified is not always the case.)
It’s important to consider these evolutions in the market within the context of your business. Does it make sense to go with an all-in-one vendor, or are there very real benefits to using unbundled, point solutions? Is convenience worth sacrificing other elements, and if so, what are the elements you’d be sacrificing?
To help you decide what is right for your business, we have a few pros and cons of specialized unbundled software to consider.
Before we dive into the benefits and disadvantages of point solution vs. an all-in-one platform, let’s clearly define each term.
Point solutions, sometimes called single solution software, unbundled software, or a monolithic approach, in this context, refers to software or an application that was created to solve a specific set of use cases or pain points in a specific area of business. For example, while OpenVPN can be used in several use cases, the main objective is to provide secure remote access for businesses with a hybrid workforce.
But don’t be tricked by the name – just because a point solution was created with an intended use case doesn’t mean it is tied solely to that use case or unable to move beyond the traditional bounds of that use.
An all-in-one platform, sometimes referred to as a consolidated, bundled, or enterprise vendor, refers to a platform that provides multiple solutions housed in one place, often under one contract or company umbrella. You may see these solutions use the marketing term “end-to-end solution” to describe their services. For example, Cisco and Fortinet bundle their respective firewall, detection and response, and VPN products – therefore these companies would be considered an all-in-one or platform vendor.
It’s important to note that when we talk about a consolidated vendor, we are not talking about a managed service provider, or MSP, like the ones in our Partner Network. An MSP provider can consolidate your vendors and manage them for you, however they are not the owner of the different software being deployed and often the software vendors are unbundled solutions.
With hundreds of consolidated platforms and point solutions to choose from, there are some considerations to keep in mind as you build, or improve upon, your security strategy. Below we have a few of the most important benefits of point solutions to consider.
One of the benefits of an all-in-one platform is that you don’t have to think about your choices – because with a consolidated platform, you don’t actually have them. And it is that lack of choice that can hold you back from accessing cutting edge innovations and best-of-breed technology that can level up your security (and at a competitive price).
Companies with a hyper focused approach to network security for their customers’ specific pain points can often put more time and resources into creating a top-of-the-line solution that caters to your business size. A best-of-breed solution may have more robust features and more detailed reporting than a feature set that's part of a more extensive suite of products.
Because many unbundled solutions (like OpenVPN) are independently operated, there is a greater drive, and investment, to create a product that goes beyond something that is simply “good enough”, or a part of a collection of “good enough” solutions. Additionally, the team building the product is more likely to be experts in the specific technology they are building, creating an edge that helps to get the product right and to the right people.
When you have a consolidated platform, you’re limited to the vendor’s product roadmap, which may not provide resources or investment into the necessary measures to make it best of the best. The pervasive “if you build it, they will come” mentality of larger consolidated enterprise platforms may mean you are buying capabilities you don’t actually need, sacrificing speed and security for these “features” with a lack of investment in cutting edge technology.
Let’s think about this in the real world. Say you go with an all-inclusive platform that originally focused on providing threat intelligence. Suddenly, through a series of acquisitions, that platform now offers breach response, firewall, and supposed ZTNA solutions. Chances are, the company will still invest heavily in the solution that they started with – in this case that would be threat intelligence – and less on the rest of the suite. After all, why invest in the add-ons when the real show-stopper is what the company got its start doing? So, you get the bare bones capabilities integrated into a user interface that has more bells and whistles on other solutions than you actually need. That means that you aren’t getting best-of-breed software, and you’re likely paying more for mediocrity.
Let’s say that you started as a customer of the same company in the example above – you needed a great threat intelligence tool and as their business grew you became a prime target for upselling. As more mediocre solutions in their platform are piled on, you begin to lose trust in their original software, which was working well. Not to mention you’re then dealing with a sales push to rip-and-replace your existing stack that has also been working well. In short – it’s a recipe for frustration.
As we mentioned previously, using a best-of-breed solution gives you access to best-of-breed technology. But it also gives you the freedom to pay for what you actually need, with the ability to scale up or down as your business grows and evolves – ultimately optimizing your network security costs.
TechCrunch found that “as many as 90% of companies are overpaying for their SaaS products by 20%-30%.” For small and mid-sized businesses, this savings can mean the difference between having all of the software you need to protect your business or having to choose between which capability is most important, leaving you more vulnerable to attack.
When you choose a point solution, you’re able to pay for only what you actually need and are less likely to overpay for features that don’t serve your goals. By the same token, you’ll often find flexibility with unbundled or monolithic solution vendors to negotiate pricing on the number of connections or accounts that you need for your small or mid-sized business. At the same time, you’ll save money on deployment because you will only need to set up the features you will actually use rather than spending hours on a complex deployment of a platform with features you don’t actually need.
In short: You’ll find more of the “Goldilocks” solution you need in point software in your budget rather than trying to spend the same budget as a much larger enterprise.
This also reduces a potentially costly vendor lock-in, leaving you vulnerable to price increases at the company’s whim. Ultimately, when you have the freedom and flexibility to choose individual solutions, you can take advantage of a more competitive market.
McKinsey estimates that by 2025, damage from cyberattacks will amount to about $10.5 trillion annually, representing a 300 percent increase from 2015. This correlates with research from Enterprise Strategy Group, which found that as of 2023 nearly two-thirds (62%) of organizations claim their attack surface has grown to varying degrees over the past two years.
One of the greatest advantages of point software that is often underestimated is a reduced risk of security breaches and incidents because of a smaller attack surface. Larger, consolidated vendors often have a greater target on their back – after all, if they are the primary (or in some cases, only) IT software vendor for a company, one attack represents a large-scale risk for their customers. Of course, that’s not to say that security incidents never occur in unbundled solutions. But it does represent a lower risk overall.
This isn’t just a hypothetical. Take, for example, the Solar Winds breach that occurred between 2019 and 2020. Bad actors were able to essentially gain access into an entire supply chain just by infiltrating one vendor that handled multiple solutions for their customers. This breach is still impacting Solar Winds and their customers today.
Consider this: if your secure remote access provider is bundled with your firewall provider and a breach response service, if the firewall has a vulnerability then you’re already at greater risk in areas beyond the firewall.
Improving your security posture takes several considerations, but one is simply to create multiple points where a breach can be detected and stopped while simultaneously minimizing your attack surface. A simple way to do that is to use specialized solutions, like secure remote access, to block threat actors as much as possible. Not only does this create fewer places of entry into your secure systems, but it also prevents lateral movement within potentially connected systems.
Lowering your security risk with an unbundled or monolithic vendor also ties into choosing a best-of-breed solution. When a company has the time and placed their main investment into a specific product, they may be more likely to conduct frequent security audits. This can help resolve vulnerabilities before bad actors have a chance to exploit them.
System outages are not cheap. According to recent research, the median cost of outages with high business impact was $7.75 million, and more than three in five technologists said outages cost their organizations at least $100,000 per hour, while one-third said hourly costs ran up to $500,000. For 1 in 5, companies endure $1 million in hourly costs due to an outage.
For the same reason that using multiple specialized solutions reduces your risk of cyber attack, it also reduces your risk of a major system failure, outage, or widespread scheduled maintenance that hinders your teams’ productivity.
Especially in network security, avoiding a single point-of-failure is not only important for productivity, but for protecting your business from a breach. Let’s say that you use an all-in-one vendor for your IT infrastructure. When that vendor has a system flaw that causes an outage or widespread latency, your entire team could be stuck waiting for a solution (costing thousands of dollars in time) while bad actors are able to target your business. Essentially, you’re a sitting duck if that happens. But, with an unbundled solution, you can work around the point-of-failure (and reach the support team more easily) until it is resolved more easily.
Of course, simplified point software is not without a few considerations that fall into the disadvantage category. However, in most cases these do not outweigh the pros, and most amount to a difference of convenience.
For a lot of companies, the allure of promised simplicity is strong. In fact, in the Gartner® Top Trends of 2023 Report, analysts stated, “Organizations desire less complexity, simplify operations and make their staff more efficient. Vendors are consolidating into platforms around one or more major cybersecurity domains.” However, this simplification can come at the sacrifice of best-of-breed technology and vulnerabilities in the event of a breach or failure.
In other words, the major selling factor for an all-in-one vendor boils down to one thing: convenience. This doesn’t always amount to better productivity. Rather, it amounts to fewer things to manage – fewer contracts to keep track of, one-stop-shop for product support, and perhaps a more seamless integration process since much of your existing tech stack will be eliminated.
As mentioned above, convenience ultimately comes with a cost. You may sacrifice cost optimization because you’re eliminating the more competitive nature of the single vendor market and potentially paying for features you don’t actually need. You may also sacrifice your team’s ability to get the full benefit of innovation from a singular solution. However, you will have very few relationships to manage.
To help you improve your efficiency with single solution software vendors, we will break down a few best practices in our upcoming series. For now it’s important to note that using multiple unbundled solutions doesn’t have to mean you fully sacrifice convenience.
When you use a larger, consolidated enterprise software, there’s a good chance that you’ll be able to train your team all at once on that suite of software. In the same vein, implementing the software all at once may seem a bit simpler because everything may be migrated at once, rather than in a more piecemeal fashion.
However, that doesn’t necessarily mean you’ll gain speed on the implementation or training process with an all-in-one vendor. In fact, you may find quite the opposite. When migrating large amounts of data from one software to another, there is a risk of broken or missing data hindering the process. In these cases you may find it simpler to use specialized solutions to prevent these time-consuming hangups.
Although it may require your team to learn a separate set of processes between point solutions, those best-of-breed vendors who have put time and effort into a simple user interface and quick implementation can offset this added training very quickly. For example, you may be able to get up and running with a point vendor in under an hour (a reality with OpenVPN CloudConnexa).
Getting your secure remote access tools from the same vendor that provides your other security solutions might seem easy. But, it may not be enough to protect your business and get you best-of-breed technology at an affordable cost. You may also find that trends surrounding point and platform solutions are a pendulum. Often when popularity swings toward platform, point solutions are able to create more innovation – which is exactly what we are seeing now. That means it's the perfect time to explore best-of-breed solutions, even if you already have a platform in place.
In our next post in the series, we will dive into a few tips for how to find the right point solution for your secure remote access needs with real world examples and guidance from industry experts. Stay tuned! Until then, you can sign up for OpenVPN for free today to test out up to three free connections.