Overinvestment breeds overconfidence among security pros

My conversations with infosec professionals gives a different picture. They are heartily fed up with having to manage multiple security ‘solutions’ that don’t integrate well and the so-called ‘single pane of glass’ approach hasn’t worked either. How’s this for a radical suggestions: if someone wants to introduce a new security technology, they have to be able to retire two existing systems…:

[…] Respondents to the survey said they employed a wide variety of security tools and technology, but according to Panaseer, this leaves them with “point-in-time assessments” that force them to cobble together data from various systems to truly understand their security posture. It said this approach was “reactive, labour-intensive and insufficient in scale”.

Moreover, it led to a disconnect between appearances and reality – 86% of respondents said they were either confident or very confident that they had no gaps in their security controls, whereas in reality this was clearly very unlikely to be the case.

[…]

Original article here