Want your firm to be more secure? Use fewer security tools

Companies best prepared for cyber threats are the ones with fewer security tools, it is claimed.

Firms who take on products from too many security vendors in an effort to fend off hackers end up less confident about tackling cybercrime, according to analyst group Quocirca.

After interviewing 100 IT managers or business executives from 50 companies, Quocirca ranked them in terms of how confident they could be about their data security.

Those with an average of more than two security vendors, and more than two security policies, were less confident about their security than those boasting just two of each.

And analyst Bob Tarzey told IT Pro that those cluttering their security environment with a wealth of tools end up suffering from a lack of integration between their solutions.

This is a problem that can start the moment people start to upgrade from basic measures, he added.

"If you've already got a firewall you get a next-generation firewall, if you have email filtering you might put in place more advanced software looking at application data across the web," said Tarzey. "But to do that you have to invest in more tools.

"The trouble with investing in more tools is that co-ordinated capability tends to break down, because it's hard to get some of these tools integrated."

Instead, he recommends that CIOs who find themselves in this situation part ways with most of their security suppliers.

"They can start to think about how to integrate tools better, often that will involve dealing with fewer suppliers who can match all their needs, and they get more co-ordination into the system," he added.

The study, carried out in partnership with endpoint security specialist Digital Guardian, found that the most secure companies concentrate on co-ordinating security efforts across the company.

These measures include end user knowledge, endpoint management, incident response and data security technology.

The report read: "Having the combination of higher knowledge levels, advanced data security technology and the capability to coordinate all this with the responses to cyber-threats should lead to the highest levels of confidence."

Overall, just 29 per cent of companies were very confident about their data security, with 61 per cent somewhat confident. Despite recent hacking debacles like the data breach of Sony Pictures, regulatory compliance was still the biggest driver to improve security.