This phenomenon has likely existed for some time; it is just that I have probably failed to notice it. However, platformisation is becoming increasingly prevalent, especially in the cybersecurity space.
What is Platformisation?
Platformisation refers to the strategic approach of developing and utilizing a unified platform to integrate various applications, services and processes. The “platform” serves as a central hub, helping (in theory) seamless integration between the different components of the platform.
For example, Microsoft Defender Suite provides telemetry to Microsoft Sentinel for alerting, management (i.e. SIEM/SOAR functionality), and other purposes. By consolidating these services into one cohesive platform, organisations achieve greater interoperability, flexibility, scalability and ROI.
Benefits of Platformisation
There are several benefits organisations can achieve when adopting a platformisation approach, including the following.
Enhanced Interoperability / Integration
One of the primary advantages (if not the primary) is the benefits that can be achieved by having all (or at least most) of your tooling being provided by one service provider, and that is that as they are all produced by the same company, you would expect them to provide a level of integration which could not be achieved when using tools from several providers to meet the same requirements, this is especially true in the cybersecurity space, where organisations traditionally have adopted a “best of breed” approach to security tooling, meaning that an average organisation can have upwards of 701 different security tools deployed in the organisation.
Microsoft and others provide tools and services that cover a good percentage of the functionality offered by these tools. As a result, it does make strategic sense, both from a management, integration, and cost perspective, to adopt a platformisation approach if the platform you are looking at provides the “must-have” features that your business requires. This can be especially relevant if your organisation is already paying for the tools as part of another core service, e.g., M365 E3 or E5 licensing.
Streamlined Management & Maintenance
Related to the above point, platformisation can help simplify and reduce the effort required to manage multiple services, as the platform typically provides a single-pane-of-glass approach to managing the various features and services the platform offers, allowing administrators and analysts to access the systems they need from a single interface.
Cost Efficiency / ROI
I have mentioned the benefits to ROI from employing a single platform-based service, but it is worth re-iterating that, depending on your organisation’s strategy, focusing on a platform solution can be a very cost-effective way to provide the capabilities your organisation needs. However, in my experience, consideration must be given to understanding the full scope of features available to you as part of the platform services. It is not uncommon to find that services which try to encompass an end-to-end solution sometimes do not provide the specific feature set that a “best-of-breed” solution may do.
At this point (more later), a decision needs to be made about whether the feature is a must-have, whether the benefits of a platform approach outweigh the business requirement, or whether a suitable mitigation approach can be deployed to support the business requirement.
Scalability
Finally, quickly scaling and deploying the solution across your business becomes more manageable when using tools from the same vendor. This is especially relevant in the cloud and cybersecurity space, as tools, services, and features can change rapidly to meet new threats or add new features.
The ease of delivering these new capabilities to existing users or scaling them to new users is a critical consideration.
Considerations
There are several areas in which organisations have to carefully consider whether platformisation is the correct strategic decision for them.
These include the following.
Integration Challenges
Organisations will likely have to integrate the new “platform” with existing third-party tools, services and legacy systems. As a result, careful consideration, planning and execution is required to ensure successful deployment without compromising functionality or organisational security.
Data Privacy & Compliance
Data privacy and compliance are critical considerations when adopting a platformisation strategy. Organisations need to assess and verify whether the data and privacy controls that the provider’s service offers are sufficient for the business’s or the regulatory (if relevant) requirements.
Vendor Lock-In
One of the risks of a platformisation approach is related to vendor Lock-In, where organisations become heavily reliant (perhaps too reliant) on a single vendor’s ecosystem. This can lead to several potential issues, such as increased costs of switching/replacing the service (or one component of the Service), complexity, and limited future flexibility; there may also be regulatory concerns around concentration risk, for example.
Security Risks
Whilst enhancing overall security, platformisation, if not implemented correctly, can introduce new security risks, such as a single point of failure. Organisations should assess these risks and have mitigation plans to remedy such incidents.
In Conclusion
There are several scenarios where a platformisation strategy can pay dividends, such as tooling consolidation/optimisation, streamlining operational processes, improving ROI in terms of licensing and operational efficiency, and the ability to relatively quickly scale the solution as the landscape changes or the business evolves.
Platformisation requires considerable thought and planning around integration, data security/compliance and any regulatory considerations the organisation may have. However, by addressing these concerns, organisations may be able to maximise the advantages of platformisation whilst mitigating the drawbacks.
1: https://www.infosecurity-magazine.com/news/organizations-76-security-tools/
The Microsoft Cloud Blog 
Leave a comment