Jun 30 2026
Security

How Security Platform Consolidation Improves Cybersecurity and Reduces Risk

Businesses are ditching point solutions for single platforms that simplify operations, cut costs and increase safety.

Digital transformation was a top priority for Zuora CIO Karthik Chakkarapani when he stepped into the role. But for the cloud-based subscription management provider, modernizing applications without addressing security would have left a critical gap.

Behind the scenes, Zuora’s security environment had grown fragmented and increasingly difficult to manage. A patchwork of VPNs, firewalls, proxies and colocation infrastructure created operational drag, limited visibility and introduced risk. Just as important, it was hurting the business in a more visible way: employee experience.

“Our legacy VPN-based setup caused slow performance, frequent logins and poor connectivity, which our employees repeatedly raised as an issue,” says Siva Vadakandra, director of security and infrastructure at Zuora.

Those challenges pushed the company to rethink not just individual tools, but its entire approach to security.

Click the banner below for a few security strategies that promote cyber resilience. 

 

Zuora Improves Security — and the Employee Experience

Zuora moved to consolidate its environment around Zscaler’s Zero Trust Exchange platform, replacing a wide array of legacy technologies and shifting to a cloud-native model built on identity-based access.

The impact was immediate and measurable.

“We’ve eliminated VPNs, firewalls, a DNS proxy, cloud access security brokers and several colocation centers, which has resulted in more than $500,000 in savings,” Vadakandra says.

Just as critical, the move addressed long-standing user friction. Employees now log in once and get fast, consistent access to applications, whether they’re working remotely or in the office. IT teams, meanwhile, gained the ability to monitor and troubleshoot user experience in real time.

Security also improved in ways that directly reduce business risk. Previously, VPN users who authenticated could move laterally across applications, increasing exposure if credentials were compromised. With identity-based segmentation, users now access only the specific applications they’re authorized to use.

“Access is granted only to specific apps and resources based on identity and context, preventing unauthorized lateral movement,” Vadakandra explains.

The transition took just four months, with minimal disruption — a key factor in maintaining productivity during the shift.

Simplicity Is Now a Security Strategy

Zuora’s experience reflects a broader shift in how organizations are approaching cybersecurity. As cloud adoption accelerates and AI expands the threat landscape, many organizations find themselves managing dozens of disconnected tools.

A recent IBM study found that businesses juggle an average of 83 security solutions from 29 vendors, a level of complexity that can undermine both security effectiveness and operational efficiency.

“A true cybersecurity platform goes beyond being a collection of tools; it offers a unified experience with a single interface, shared data model and seamless integration across controls,” says Jess Burn, principal analyst for security and risk at Forrester.

That consolidation can drive meaningful outcomes: improved visibility, faster response times and lower costs. But it doesn’t eliminate the need for skilled teams.

“It’s important to anticipate that platforms may consolidate tools but won’t necessarily reduce the expertise required to manage them,” Burn says.

For IT leaders, the takeaway is straightforward: Security decisions shouldn’t be evaluated solely on technical capabilities. The real measure of success is broader, including reduced complexity, stronger protection and a better experience for the people who rely on these systems every day.

Zuora’s transformation shows what that looks like in practice: fewer tools, less friction and a security strategy that actively supports the business instead of slowing it down.

Siva Vadakandra, Zuora

 

Linebarger Protects Against Insider Threats

The law firm Linebarger Goggan Blair & Sampson operates in a high-stakes environment. Based in Austin, Texas, the firm specializes in collecting government receivables, work that requires handling large volumes of sensitive financial and legal data on behalf of public sector clients.

That responsibility, combined with a distributed workforce and growing reliance on cloud collaboration and email, has significantly expanded the firm’s risk profile.

“Whether it’s intentional or accidental, sophisticated phishing or email-based attacks, insider threats are a primary concern,” says Linebarger CTO LeWayne Ballard. “Another major risk is data leakage. Our increased use of cloud services introduces new vectors of data exposure. We have to assume that threats can originate both inside and outside of the organization.”

In other words, the firm wasn’t just defending against external attackers; it also needed better visibility into how data moved internally and how users interacted with it.

EXPLORE: Find out how security has changed and why it should matter to your organization.

To address those challenges, Linebarger deployed a Proofpoint platform focused on insider threat management, email data loss prevention and advanced threat protection. The goal wasn’t simply to add tools, but to gain context — understanding not just what happened, but why.

That shift has paid off in tangible ways.

“Proofpoint has strengthened our security posture in a very measurable way, providing greater visibility,” Ballard says. “The combination of email data loss prevention and insider threat management allows us to correlate actions with intent. This significantly improves our investigation accuracy.”

The firm has also reduced phishing incidents and accelerated response times, thanks to more actionable, context-rich alerts. For a lean security team, that kind of efficiency gain matters as much as raw protection.

Just as critical is the platform’s role in compliance. Linebarger must meet stringent requirements that demand not only strong controls but clear evidence that those controls are working.

“Compliance is a big driver for us. We try to turn compliance into a requirement and something actionable,” Ballard says. “Proofpoint helps us enforce policies around data handling, transmission and retention. It also provides detailed audit trails and reporting, which are essential for demonstrating compliance during assessments.”

6.5 million

The number of policy violations that Zuora’s Zscaler solution prevented over a three-month period

Source: Zuora

How NAXION Maintains Client Trust

For NAXION, trust is also central to the business, but the risk calculus looks different.

The Philadelphia-based market research and consulting firm works with clients across finance, healthcare and technology, often handling highly sensitive data sets that include personally identifiable information and protected health information. That makes data exposure — whether through user error, compromised accounts or unsecured endpoints — a constant concern.

Rather than relying on perimeter-based controls, NAXION shifted toward a more distributed, platform-based security model built around Check Point’s Harmony suite.

“I had long been frustrated that a cybersecurity solution can only protect you from what it can see,” says Joe Stern, vice president of information security at NAXION. “Because more than 90% of traffic is encrypted, the only acceptable choice was to break and reseal encryption at the firewall, which blows up a lot of websites, irritating users and burdening IT.”

EXPLORE: The anatomy of a phishing attack and how to navigate this security scenario. 

That trade-off — security versus usability — is a familiar one. NAXION’s approach was to eliminate it.

By extending protection directly to user devices and browsers, the firm moved security controls closer to where work happens. Instead of forcing traffic through a centralized inspection point, endpoints themselves enforce policy and detect threats.

“With Harmony Browse, I am pushing the protection from the centralized firewall back out to the edge where it belongs, on the laptops,” Stern says. “Now, they are all tethered to the same immune system.”

That shift has improved both security and user experience, a combination that’s often difficult to achieve. Employees encounter fewer disruptions, while IT gains broader visibility across encrypted traffic and Software as a Service usage.

The platform also helps NAXION manage a growing ecosystem of cloud applications. By monitoring authentication tokens and flagging risky conditions, the firm can identify abandoned connections, stale accounts and other overlooked vulnerabilities that frequently lead to breaches.

Recently, NAXION added zero-trust network access capabilities to ensure that every connection to its environment is verified and tightly controlled.

“My goal was to make every connection accountable for who is connecting and the trustworthiness of their identity,” Stern says. “I only want connections for approved devices and only allow the necessary ports.”

Taken together, these capabilities are delivering a quieter — and safer — operating environment.

“The users I support receive very little spam, not even the bogus QR code variety,” Stern says. “We don’t have business email compromise attacks leak through. You don’t realize how much the din can disrupt your workflow until you experience real quiet.”

That “quiet” is more than a convenience. It’s a signal that security is working as intended, protecting sensitive data without getting in the way of business.

Illustration by Aldo Crusher
Close

New Research from CDW on Workplace Friction

Learn how IT leaders are working to build a frictionless enterprise.