South African companies are investing in more security tools to stay ahead of cyber threats. However, this often leads to 'security sprawl'. This occurs when companies deploy numerous point solutions without adequate integration, ultimately weakening their resilience.
According to Richard Ford, group CTO of Integrity360, this sprawl fragments visibility and complicates incident response rather than strengthening defences.
Ford explains that without a 'single pane of glass', security teams cannot see the full picture of an attack. This also creates overwhelming 'alert fatigue'.
“When teams are buried in alerts from dozens of different tools, they are more likely to miss the critical alerts that matter, which dangerously slows down the response,” he says.
Ford describes the inclination to add more tools as a well-intentioned but reactive response to new threats.
“As a new type of threat emerges, an organisation might buy a new 'point solution' to deal with it. Over time, this results in the 'more is better' trap – a collection of disconnected tools rather than a single, integrated system,” he says. “(This) represents a significant and uncontrolled operational expenditure with diminishing returns… in short, many organisations have unintentionally created their own vulnerability: complexity.”
Integrity360 cites CSIR research, which claims 88% of companies have now faced at least one data breach.
The company adds that according to PwC’s Global Digital Trust Insights survey, 59% of South African companies are simplifying their technology stack.
Ford continues: “The reason they are doing this is because a sprawling environment creates 'alert fatigue' among security teams, who spend more time managing tools than managing threats. This operational drag means critical alerts get missed, and the organisation’s ability to respond to a real incident is dangerously slowed.”
According to the Integrity360 executive, this research proves the market is beginning to understand that complexity itself has become a vulnerability and that simplification is an important strategic move for business.
Ford adds that consolidation is best paired with modern practices like attack surface management (ASM).
“Rather than a technical process, ASM should be viewed as a continuous, evidence-based audit of the organisation's entire digital footprint. It provides leadership with a live view of where the business is exposed, enabling informed, risk-based decisions. ASM is the continuous process of identifying what assets you have, their exposures and vulnerabilities, and mitigating the pertinent risks across them. That is why ASM is so complementary to platform consolidation efforts in providing that unifying view of the environment rather than fragmented siloed perspectives.”
Consolidation tends to cluster around domains such as SASE and SSE for secure end-user networking, CNAPP for cloud security, XDR for threat detection and response, and threat exposure management for proactive risk reduction.
“But even these categories are evolving and merging in different ways that makes it difficult for many organisations to choose the right path. Developing the right architectural vision either with in-house expertise or assisted by partners is vital in navigating this landscape,” says Ford.
Integrity360 advocates a four-step roadmap to help transition from complexity to clarity:
- Audit the current environment to find redundancies and gaps.
- Prioritise platforms that offer interoperability and centralised visibility.
- Streamline vendor relationships to reduce administrative overhead.
- Align every decision with clear business outcomes, like risk reduction and operational resilience.
Ford concludes: “True resilience isn’t dependent on the number of tools in the stack, but on the clarity of the view they provide. By focusing on consolidation and aligning security investment with business outcomes, organisations can build a security posture that is easier to manage, more cost-effective and ultimately more resilient.”
Share