Sep 04 2025
Security

How to Tackle Cybersecurity Tool Sprawl

Start with assessing your data assets, then ensure your people are trained to use the security tools you need.
Pat Kohl
by

Pat Kohl is a regional vice president for CDW.

Shaun Anderson
by

Shaun Anderson is director of security presales for CDW.

As businesses strive to support their customers, comply with regulations and protect their data, they often try to invest in best-of-breed security solutions to solve unique challenges within their business. It comes as no surprise, then, that 37% of IT leaders reported using as many as 19 security tools or platforms, while 5% reported using more than 100, according to the CDW Cybersecurity Research Report.

Is this approach effective? It can solve one problem, but it could also have other impacts on the organization. Companies don’t benefit from using a lot of security tools if they’re not well-integrated with the business and if employees don’t know how to use them. While getting security sprawl under control, companies also must contend with upskilling their employees.

This is the two-headed beast businesses must tame to thrive in today’s threat landscape.

DIG DEEPER: Strengthen supply chain resilience with third-party risk management. 

Data Security Starts With an Asset Assessment

To best manage security sprawl, companies must know exactly what they are protecting, which means starting with a thorough assessment of their data assets. With the surge of AI tools and platforms on the market, it’s critical to understand your data, where it is located and who has access to it, as end users have access to files with a quick prompt.

Businesses also need clarity on what their data governance policy should be. Identity solutions are modernizing to help control not only human identities but also the machine and agentic identities making their way into environments today. 

Click the banner below for a few security strategies that promote cyber resilience. 

x_security_q325_animated_click_desktop_03 (2).gif x_security_q325_animated_click_mobile_03 (2).gif

 

To put their houses in order, businesses must first assess their current state and evaluate how their existing security tools work in that environment. From there, they can identify the skills needed to run those tools.

For about half of companies, it takes at least six months to hire a qualified cybersecurity professional, according to a survey by Kaspersky. One way to mitigate the deficits produced by this challenge is to ensure that everyone has a hand in maintaining corporate security, whether that’s studiously containing phishing attacks or conducting business in compliance with security regulations. It’s a mistake to think of security as strictly the security team’s responsibility; the most secure and resilient companies ensure they have a culture of security that runs throughout the organization.

EXPLORE: The anatomy of a phishing attack and how to navigate this security scenario. 

Build Your Team for Cyber Resilience

Managed service providers can help relieve some of this pressure by handling security operations where skills are lacking, or help companies reduce their skills gaps.

In the past 18 months, skills development offerings have become a top priority for every CISO we meet. And it’s no wonder: Even the best people at the most successful companies require fresh skills to stay on top of emerging threats. It’s a good idea for companies to work with an experienced partner to help their employees continually sharpen their skills and propel their professional growth.

By aligning tools with business priorities and developing the talent to use them effectively, organizations can reduce complexity, improve visibility and respond faster to threats. Although fewer platforms and better compliance are excellent goals, the primary benefit of this approach is the realization of true cyber resilience. Companies that view security as both a technology and an investment in human capital position themselves to thrive, even as regulations tighten and attacks grow more sophisticated.

The future of security isn’t about having fewer or more tools. It’s about empowering smarter people to maximize the tools they already have.

FG Trade/Getty Images

More On

Related Articles

Close

See How Your Peers Are Leveling Up Their IT

Sign up for our financial services newsletter and get the latest insights and expert tips.

Click Here to Sign Up Now