Platformization is the buzzword du jour in cybersecurity circles. The general idea is that enterprises are consolidating vendors and will ultimately bet on one platform to solve for cybersecurity.
Palo Alto Networks earlier this year set off the debate with a plan to bet that it could be the leading cybersecurity platform. Although the company said it has seen strong interest from customers, it's far too early to say the debate is settled. After all, CrowdStrike and a bevy of others also have platform plans.
But we've seen this movie before. Platformization isn't exactly new. It's a strategy that has been deployed in enterprise software for decades and mainframes before that. The benefit is customers get one throat to choke. The downside is you bet on a platform and lose your negotiation leverage.
With that backdrop, I caught up with Constellation Research analyst Chirag Mehta, who noted the potential risks of platformization in a Wall Street Journal article. Here are some of the takeaways.
Two perspectives of platformization (vendor and customer). "Platformization is not something new. The word sounds new, but it's been in existence for many years," said Mehta. "A vendor tries to create a single platform where it can control the experience that end users get since data is shared across applications without requiring explicit integrations. The platform shares the common fabric. You can think about the operating system as a platform."
And the customer gets more simplicity. "From a customer perspective it's a best of breed versus best of suites approach. Best of breed is specific niche vendors who provide functionality that you really care about. And you have many of those, and some of them talk to each other. Some of them don't talk to each other. Best of suite you trust one vendor to do many, many different things and you expect that the vendors roadmap will align with your business needs."
When platformization bites back. Mehta said the issue with platformization occurs when you bet on a vendor that doesn't meet your needs. For instance, the enterprise resource planning space had multiple vendors, but the industry has consolidated. There aren't ERP startups to drive innovation. "It's very difficult to compete against a best of suite vendor," said Mehta. "It becomes difficult for a CXO to make a business case to buy something outside of the best of suite. You might see benefits in the short term because you are consolidating multiple applications on one platform, but in the long run it always costs more and limits the choices you have."
Mehta added:
"You want to be really careful if you are going down the road of platform migration because of how much influence you're going to have on that platform, what your roadmap is, and how open that platform is, and whether it works with some of the other solutions that you have today, or you might consider in the future."
Is the cybersecurity industry maturing enough to bet on one platform? The short answer from Mehta is no. He said:
"Cybersecurity is far from mature when it comes to the business processes, categories, specific functionalities or use cases. It's still a very specialized domain and fragmented landscape. If you look at the innovation that is happening there are many startups doing amazing things. At the same time, there are few large vendors but there are very few of them. There are many midsized vendors. So, the domain is not mature. And the processes are not mature at all."
Open platforms matter. Mehta said CXOs should evaluate platforms based on how open they are. "I'm not against platform isolation, but openness is key," said Mehta. "Many operating systems have been open. You can go build applications. If the platform is not very easy to plug into--technology, ecosystem and commercial advantage--you can be in a difficult situation. If you are going to have multiple systems, spend the time and energy to make sure the platform is actually open."
The importance of data in cybersecurity. Mehta said the importance of data in cybersecurity from telemetry is critical. Any bet on a platform has to be able to integrate data from multiple systems. "More data and more information from different systems actually improves your security posture," said Mehta. "If and when you decide to go down the platformization route make sure you understand how it fits into your overall landscape."
