CISOs Guide: Top 3 Consolidation Strategies to Maximize Data Security budgets for 2023

This edition of Titaniam’s Data Security Blog is dedicated to optimizing budgets and saving money. With the economic forecast being gloomy and waves of budget cuts as well as layoffs, it has become more challenging than ever before for CISOs to afford all the security controls that their organizations need in the present threat climate.

As always let’s get the Titaniam angle clarified up front. A big part of the CISO wisdom on the topic of cyber budgets for 2023 is about consolidation – consolidation across use cases, consolidation across vendors, and consolidation across budgets. These three also happen to be basic principles on which Titaniam was created and so there is a lot of overlap between the budget optimization story and Titaniam’s value proposition.

Also, for the practical reality of what needs to get accomplished inside organizations against available budgets for 2023, there are not too many Titaniam like options out there - and our in-depth understanding of our own platform allows me to provide real world examples where applicable. So, you will see these throughout this edition of Titaniam’s Data Security Blog.

I. Data Security Budgets for 2023

According to Titaniam’s 2023 Data Security Predictions Survey, data security remains a top priority for enterprises. If you combine generally stated data security projects (greater than 30% of enterprises) and projects aiming to secure data against ransomware and extortion (a bit less than 30%), we are looking at over 60% of enterprises who have recognized data security as a top 2023 priority in some form or another.

The economic climate going into 2023 is tough and so for this year all purchases will need to be examined through the lens of economic efficiency. The question for CISOs this year is: How can you fulfil your objective of strong data security without straining your budget? Here are recommendations based on Titaniam’s interactions with CISOs as well as what we are seeing in projects in the field.

II. Consolidation is the Name of the Game

Based on what we are seeing in the market, CISOs who are presenting consolidation-based strategies to their executive leadership and board are seeing more success with their data security budgets than those that are sticking to one off projects/priorities in their proposals.

Here are the Top 3 data security consolidation strategies that are winning/have won budgets going into 2023:

1. Consolidation across use cases
2. Consolidation across vendors
3. Consolidation across departmental budgets

I.??????????????Consolidation across Use Cases

Currently all major analyst and research houses are pushing the idea of use case consolidation in data security. From the new, bright, and shiny DSPM (the previous blog in this series was dedicated to DSPM), DDR (Data detection and response), the prior acronym DSP (data security platform) and one Gartner used for a while – Broad Spectrum Data Security Platform, it is clear that many industry pundits are pushing a use case consolidation story.

This means that CISOs should consider favoring platforms that address more than one internal initiative. At Titaniam, as we have met with CISOs across verticals, our most successful conversations have been ones where CISOs have brought multiple initiatives into a single investment decision.

When presented with a multi-use case investment CISOs tend to ask the following two questions. Having good answers to these boosts their argument for budget:

• Are all presented use cases equally well served? A good answer here prevents CISOs from dropping back to the very expensive best-of-breed arguments from prior years.
• Do multi-use case solutions suffer from performance issues? High latency for enterprise grade use cases can be a deal killer.

Titaniam for multi-use case investments

Titaniam was built with the idea of collapsing many use cases into a single solution, while maintaining high-performance for high-throughput, petabyte scale use cases. The Titaniam solution offers a converged platform for the following use cases/technologies/security controls.

Since different people make their lists differently, I am presenting a “messy” list. This includes pure controls, application of controls, and true use cases all mixed together:

1. Encryption-in-use/ Searchable Encryption
2. Traditional Encryption
3. Format Preserving Encryption (FPE)
4. Vaulted and Vaultless Tokenization
5. Static and Dynamic Data Masking
6. Whole and Partial Redaction
7. Anonymization/De-identification using multiple privacy preserving formats
8. Cryptographic Hashing
9. Field Level Key Derivation
10. Bring/Hold Your Own Key (BYOK/HYOK)

Applications or Use Cases for the above controls are all be supported within a single Titaniam solution, representing one of the industry’s best examples of use case consolidation and strong budget support. Examples of applications and use cases are below:

1. Securing structured and unstructured data in specific platforms, databases, data lakes, repositories, and applications
2. Making specific applications and datastores compliant with regulations like PCI, GDPR, etc.
3. Developing applications that are natively secure against data compromise i.e. developer led security
4. Securing data against supply chain attacks
5. Secure data sharing and collaboration
6. Dev to test data anonymization
7. AI/ML data privacy
8. SaaS data security and compliance
9. Securing enterprise search use cases

If you read the above list carefully, you will see each of these has the potential to drive its own budget and ROI.

For Titaniam, having the ability to offer it all in the one platform, allows us to help CISOs make a very strong case for investment. Other benefits include

1. Easy budget justification
2. Additional use cases without additional deployments
3. Additional use cases leverage the same platform features and back-end integrations
4. Additional use cases leverage the same policies and drive consistency
5. Lower cost per use case
6. Single management console and reporting across use cases

II.?????????????Consolidation across Vendors

Vendor consolidation is another big focus for CISOs going into 2023. These days, the more modern data security platforms are able to replace many point solutions and present excellent coast saving opportunities.

Today there are three types of data security platforms in the market:

A. Single use case, single platform offerings: Many vendors, traditional and newly funded do not offer anything beyond a single use case for a single platform. Some believe staying hyper focused is the right approach but the current market appears to only reward this if that hyper focused use case is a top3 strategic initiative. If this happened to not be the case, it is tough for vendors to make it. Examples of these would be data masking solutions for particular platforms, or encryption solutions for particular file shares, or log cleansing solutions for particular SIEMs and so on. I’d like to stay away from being too specific so that I do not paint any vendor in bad light. In any event, single use case solutions present a challenge for the vendor as well as the CISO on the other end of the purchase decision. ?

Vendor challenges include:

• Inability to justify more than minimal cost
• Inability to demonstrate enterprise-wide applicability
• Inability to justify integration expenses
• Inability to truly secure data against real world attacks since these present low data coverage relative to the extent of data sprawl faced by the enterprise
• Inability to bring in sufficient revenue to maintain operations or to secure venture financing, thus creating a customer confidence issue
• For the more established single use case vendors, they are seeing a significant decline as multi-use case vendors eat into their market share

CISO challenges include:

• Inability to justify additional budget for a new investment or a rip-and-replace since there are limited additional benefits. The only scenario where this would still work is if the new solution is dramatically less expensive.
• Becomes another point solution to manage
• Cannot benefit from broader visibility
• Harder to justify investment since vendor presents a higher risk profile
• Adds to the integration load since each point solution needs to be integrated into the broader architecture
• Harder to get peer and executive buy in for budgeting
• Individual use cases do not get exec or board level visibility

B. Single Use Case, Multiple Platform Offerings: These solutions take a single use case and make it work across multiple platforms. These are a little easier to justify for CISOs especially if there are multiple platforms that have significant market share for that particular use case. This type of offering has a lot of players and has attracted a good amount of investment.

Vendor challenges include:

• Different platforms tend to speak to different customers but within a single customer this looks a lot like a single use case single platform offering and faces all the same limitations.
• Within a single customer’s context they still face the Inability to justify more than minimal cost
• Within a single customer’s context they still face the inability to demonstrate enterprise-wide applicability
• Within a single customer’s context they still face the Inability to justify integration expenses
• Within a single customer’s context they still face the Inability to truly secure data against real world attacks since these present low data coverage relative to the extent of data sprawl faced by the enterprise

CISO challenges include all the same challenges as single use case single platform if a given CISO generally uses these on a single platform:

• Inability to justify additional budget for a new investment or a rip-and-replace since there are limited additional benefits. The only scenario where this would still work is if the new solution is dramatically less expensive.
• Becomes another point solution to manage
• Harder to justify investment since vendor presents a higher risk profile
• Adds to the integration load since each point solution needs to be integrated into the broader architecture
• Harder to get peer and executive buy in for budgeting
• Individual use cases do not get exec or board level visibility

C. Multi-use case multi-platform offerings: As long as these solutions are built to support enterprise grade use cases without high performance overheads, these solutions are best suited to meet the enormous data security needs while satisfying todays budgetary challenges

Vendor advantages include:

• Easy justification for budget
• The ROI story gets better and better with each use case
• The deployment and integration story also gets better with additional use cases and platforms
• Multiple platforms and use cases in a single management console and policy is exciting and visible
• Executive and board level visibility and support

CISO advantages include:

• Easy to justify budget
• Presents as a strategic investment
• Single investment pays off dividends for many years
• Cost and resource efficient

Multi-use case multi-platform solutions are easiest to justify and also result in vendor consolidation. Vendor consolidation further adds to the advantages in the following way:

1.????Reduction in integration

2.????Reduction in vendor risk

3.????Reduction in cost

4.????Ease of administration and reporting

Titaniam is the industry’s richest multi-use case multi-platform solution

Titaniam provides all security and privacy enforcement controls in a single solution and delivers it via six modules to all types of databases, repositories, applications and to developers across the enterprise. The level of flexibility, composability, and coverage offered by Titaniam is unprecedented and so Titaniam drives extremely strong, well-budgeted, and highly visible data security initiatives.

Whether you are looking for cutting edge encryption-in-use to shut down those ransomware extortion threats or looking to run a strong enterprise-wide privacy enforcement initiative, Titaniam has in our one engine, every control you can find in every other solution out there. Check us out on our website here

III.???????????Consolidation across departmental budgets

The third and final strategy we are seeing to support data security budgets in 2023, is consolidation across departmental budgets. This refers to the pooling of resources that we are seeing take place when multi-use case multi-platform solutions gain visibility and create excitement inside the enterprise.

For me, this was something unexpected but when we saw it play out, it made a ton of sense. We have seen this in a few cases in organizations with the following attributes:

• Data security is a true strategic priority
• Data is viewed as a critical asset
• Multiple executive positions have significant data related responsibilities e.g. CISO, CDO, Chief Privacy Officer, CPO
• Prior strategic initiatives have already forged a collaborative path between departments. Examples are: CDO and CISO are already collaborating on ML initiatives, CISO and Chief Privacy Officer are already collaborating on Dev to Test data anonymization pipelines etc.

Titaniam’s Data Security Platform is the broadest offering in the market and has the functionality needed for many enterprise wide, multi-platform, multi-cloud, and hybrid use cases. We are seeing 2023 data security budgets for solutions like Titaniam garner support from multiple stakeholders, especially in the context of initiatives that already go across departments.

IV.???????????Conclusion: Consolidation is going to be the leading, if not the only way for CISOs to support all the cybersecurity initiatives they will need to stand up to attackers this year. Use case and vendor consolidation is the name of the game for CISOs in 2023! Those that can also pool in budgets with their CDO and CPO counterparts can get even more done this year! To learn more about Titaniam please visit our website here. To schedule a demo please visit us here.