Platformisation or platform theatre? Navigating cyber consolidation
The consolidation wave in enterprise safety is actual, and the enterprise case is compelling. A January 2025 report from IBM and Palo Alto Networks discovered that organisations handle a median of 83 safety options from 29 distributors. The complexity is staggering – and attackers exploit the gaps between these instruments. The push to rationalise is not only about price range; it is about coherence.
However the attract of a unified platform brings its personal hazard. Not each vendor providing “end-to-end visibility” is delivering real integration. And even when they’re, consolidation can silently introduce the very danger it guarantees to get rid of: a single level of catastrophic failure.
Recognizing integration theatre
Integration theatre is the cyber safety equal of a Potemkin village: utility programming interfaces (APIs) stitched along with no shared information mannequin, dashboards that combination alerts with out correlating them, and licensing bundles that market themselves as platforms whereas working as loosely coupled level options.
The diagnostic questions I ask distributors are intentionally outcome-focused, not feature-focused. Does menace detection in a single module routinely set off a coverage change in one other, with out human intervention? Does a compromise of an id set off endpoint quarantine in beneath a minute? Are you able to exhibit bi-directional information circulate between your prolonged detection and response (XDR), safety info and occasion administration (SIEM) and cloud safety posture administration in a stay setting – not a gross sales demo? Real platforms cut back imply time to detect (MTTD) and imply time to reply (MTTR). Theatre doesn’t.
An additional inform: ask how the seller handles failure of a single module. If the reply is that the platform degrades gracefully, probe it. If the entire stack collapses, it was by no means actually built-in – it was simply co-located.
The CrowdStrike warning shot
On 19 July 2024, a defective configuration replace to CrowdStrike’s Falcon sensor introduced down roughly 8.5 million Home windows units globally – airways, hospitals, broadcasters, 911 name centres. Fortune 500 losses have been estimated at $5.4bn (£4.03bn). Delta Air Strains alone reported $500m in damages. This was not a cyber assault. It was a platform failure.
For organisations that had consolidated endpoint safety, id menace detection and cloud safety posture administration into one vendor stack, the incident was not a localised disruption – it was organisational paralysis. The lesson, as one post-incident evaluation framed it, is to not keep away from consolidation. It’s to know what you’re buying and selling away: architectural redundancy and failure isolation in alternate for operational simplicity.
Governance and architectural safeguards
In case you are consolidating, the governance framework should be commensurate with the focus of danger. The Monetary Conduct Authority’s (FCA’s) post-CrowdStrike steerage is instructive right here: by March 2025, companies in scope of operational resilience guidelines have been required to exhibit they may maintain vital enterprise companies in extreme however believable failure eventualities. That’s the proper commonplace of pondering for any CISO evaluating platformisation.
My method rests on three pillars. First, layered redundancy: no single vendor ought to personal greater than two adjoining safety domains with no contractual and technical fallback. Staged rollouts, canary deployments and automatic rollback mechanisms are non-negotiable SLA necessities, not elective extras.
Second, zero-trust structure: platformisation doesn’t exempt you from zero belief rules. Compartmentalise blast radius. Even inside a unified platform, section information flows so a compromise or failure in a single area can not propagate laterally.
Third, steady third-party danger oversight: the WEF International Cybersecurity Outlook 2025 explicitly flags provide chain vulnerabilities as a systemic amplifier. Your platform vendor is a important third celebration. Contractual rights to audit, unbiased pentesting, escrow preparations and documented exit methods are governance necessities, not aspirations.
The board dialog
The WEF notes that boards are not asking whether or not they’re safe – they’re asking whether or not they’re resilient. Platformisation can completely assist resilience. However provided that the CISO insists on real integration over advertising, builds governance buildings proportionate to the focus danger created, and retains the architectural independence to outlive vendor failure.
Consolidation is a method. Platform theatre is a legal responsibility. Know the distinction earlier than you signal.
John Bruce is CISO at Quorum Cyber, an Edinburgh-based managed safety companies supplier and Microsoft associate.
