All-in-one cybersecurity “platforms” that protect you from everything, eliminating the need for standalone “one-off” products – these certainly sound like a great idea. They are not. I will tell you why.
First, let me say that I understand the appeal. I’ve spoken with customers and researched the broader market, and know that companies often find themselves supporting multiple security products in their software stacks. In fact, a recent survey we conducted revealed that many organizations have dozens of cybersecurity products running in their environments. Each product does slightly different things, protecting against slightly different threats, in slightly different ways.
Operationally, supporting all of these applications can become a nightmare. Who wouldn’t want to bundle all those single-use “point products” and replace them with one integrated platform that “does it all”? As enticing as an all-in-one cybersecurity platform may seem, it’s just as elusive.
In fact, it doesn’t exist. It’s smoke, and in the world of cybersecurity, it always will be.
Why ‘Platform Plays’ Cybersecurity Eventually Falls Flat
As CEO of one of the world’s most trusted and enduring brands in security, I get it. I understand why each of our major competitors in the “next-gen” cybersecurity market have jumped on the “platformer” bandwagon. They point to incumbents that have become de facto “standards” in their respective enterprise software niches, morphing into monolithic platforms over the decades.
But what looks like success for a software vendor and its investors doesn’t always mean success for the customer. Over time, these platforms begin to exert such a hold on their customers that they stifle competition and innovation. Eventually those customers start to default and the wheels come off.
So while the single platform premise can be powerful and very compelling, it ultimately leads to broken promises and disappointed customers. But there are other reasons why “all-in-one” platform games ultimately don’t work, especially in the area of cybersecurity.
Unlike integrated platforms that support discrete functional areas of the business, such as sales automation/CRM or office productivity, cybersecurity is (or at least it is) should be) systemic throughout an organization. It must support and protect every function, application, device and person operating in this environment. It’s too big a job for a single vendor or a single “platform”.
Optimal security requires a small manageable set of complementary technologies to do the job. Attacks today are infinitely variable in approach and tactics, so we need to reflect some of that variability in our defenses. We need to leverage multiple high-performing security models, not just one, ideally from multiple vendors with different codebases and technology approaches. The technologies should even have a little “overlap”, just enough to fill in the gaps for each other, and maybe even provide some redundancy. More importantly, we need to focus on optimized technology approaches that provide the right balance of business risk and security capabilities for each organization.
Today’s savvy security decision-makers know this. They are realistic and recognize the consequences of putting all their eggs in one basket. And while many vendors try to sell them the benefits of their all-in-one, single-platform approaches, I’ve yet to come across a CISO who doesn’t hedge their bets with at least a few additional security measures. , from multiple vendors. .
The thing is, no matter how robust or profitable these “platformers” are, no single system – operating in isolation – is impenetrable. And the more ground they try to cover with an all-in-one approach that protects everything, the more gaps it will contain.
At BlackBerry, we do it differently. We always have. As a company that began as “Research In Motion (RIM),” this legacy of innovation continues today, with more than 1,400 patents granted in the past fiscal year. only. We are constantly looking for revolutionary new capabilities to maintain our leadership position in all markets where we compete.
Our endpoint security solution is a perfect example. We take a different approach that relies heavily on our industry-leading artificial intelligence (AI) and machine learning (ML) capabilities. This can often complement existing deployed solutions, identifying attacks that would be missed by an all-in-one platform solution. Our contribution to a healthy, multi-vendor security stack is based on best-in-class ML models, providing predictive AI that can identify zero-day threats years before they actually appear in the wild. We also offer a fully functional next-generation endpoint client with an extremely small footprint that provides superior protection whether the endpoint is connected to the network or not.
For those who are tempted by “platform games”, we will be there to complete and strengthen your security, whatever course you choose. We will continue to pursue our leading strategy, constantly innovating and improving our ability to increase and strengthen your security posture.
In my next blog, I will discuss other popular cybersecurity misconceptions.