That’s where we come in. I’m Andy Powell, Key Commercial Account Manager at Babble. Thousands of SMBs in the UK trust us with their cyber security needs, and we help businesses like yours to navigate these choppy waters every day. We understand the challenges you face, and we’ve got the expertise to guide you toward a solution that fits your specific needs.
So, while there’s no magic number, in this article, I’m going to give you a framework that will help you to make informed decisions, avoid common pitfalls, and ultimately, achieve that “just right” level of protection. We’ll explore how to balance your security needs with your budget, ensuring you’re not left exposed, or wasting money on overlapping tech. Think of it as a practical guide to building a cyber security strategy that actually works for you.
–
As I often say, the question of how many security vendors you need is a tricky one. The honest answer is; it depends. It depends on several factors unique to your business such as your budget, your risk tolerance, and the specific needs of your company all play a role in determining the right number of vendors.
Ultimately, you’re aiming for that “Goldilocks” scenario: investing in the right amount of security – not too much, not too little.
A crucial step, arguably the first step, in this process is understanding your company’s risk profile. To determine the appropriate level of security investment, you need to ask yourself some key questions. As I always say, “What is the risk profile of my users?” because it’s usually the users that seem to cause all the problems.
Think about it:
It’s important to remember that security solutions should be balanced and proportionate to what you’re looking to protect without hindering productivity. Frameworks like NIST can be helpful in addressing cyber risks.
One thing to keep in mind: it’s a balancing act. Having too few vendors can leave gaps in your protection, meaning you might not cover all the key aspects of security. On the flip side, having too many can lead to overlapping solutions, wasted budget, and what I like to call “double counting” of threats, which can cause confusion and inefficiency. Security teams can also get held up with unnecessary work and excessive reporting, which delays response times and can even lead to cyber fatigue.
Another thing I’ve noticed is that endpoint protection solutions don’t always “play nice” together, so you could end up paying for something that isn’t even turned on.
When building your security stack, it’s essential to cover the critical capabilities. I like to think of it as working from the “network from the end user outwards”. Here are a few of the basics that I think every business should be thinking about when it comes to critical cyber security cover:
Here’s why: They understand that if they can compromise your backups, you’re far more likely to pay a ransom because you’ve lost your ability to recover independently. That’s why immutable data storage is so important. This means your backup data can’t be altered or deleted, protecting it from being accessed by hackers. It’s a critical layer of defence in your overall security strategy.
Something I feel we also need to address is the growing importance of AI security – it’s a whole new frontier, and businesses need to start asking themselves some tough questions when it comes to how AI could be impacting what their security stack looks like.
Questions you should be asking are ones like:
AI presents fantastic opportunities, but it also introduces new security challenges that must be addressed proactively.
Let’s be clear: there’s no single product that does everything. You might be looking at multiple providers to cover all your bases. That’s where a trusted technology provider comes in – to guide you through the complexities of choosing the right solutions and help you build a security stack that truly meets your specific requirements.
In my experience, you’ll likely need to work with around three or four different providers to get comprehensive coverage. You might get endpoint security and data loss prevention from one vendor, but still need separate solutions for web content control, email protection, and so on.
A best-of-breed approach , on the other hand, involves strategically selecting point solutions to address each specific security challenge. This means identifying individual risks and vulnerabilities, and then choosing the most specialised tool to mitigate them.
For example, instead of relying on a broad suite of tools, you might opt for a dedicated web application firewall for web security, a separate data loss prevention tool for sensitive data, and a specialised endpoint detection and response solution.
This granular approach allows you to choose solutions that may provide superior protection in specific areas.
To build your security stack effectively, here’s a step-by-step approach:
So, how many security vendors should you have? As we have just seen, there’s no magic number; the ideal setup really does depend on your unique circumstances.
Hopefully, this has given you some food for thought and you’re responding by taking a fresh look at your cyber security. Ultimately, it’s about taking what you’ve learned here and using it to refine your approach. Reconstructing your security strategy might involve reassessing your current vendor relationships, identifying any gaps in your defences, or seeking expert guidance to build a more robust security posture. If you’d like to gain a clear understanding of the components of a comprehensive Cyber Security Risk Assessment and learn how to prepare for one effectively, have a look at our guide.
Remember, cyber security isn’t a one-off task; it’s an ongoing process. It requires continuous attention, adaptation, and a willingness to evolve alongside the ever-changing threat landscape. Stay alert, stay informed, and don’t hesitate to ask for help when you need it.
