The global Security Information and Event Management (SIEM) market is big business. In 2022, it was valued at $5.2 billion, with analysts projecting that it will reach $8.5 billion dollars within five years.
It’s a highly consolidated market dominated by a few major players in the information security field. They want your business, and they don’t want to lose it.
As companies ship more and more data to their respective solutions and make use of more and more features, they become specialized and dependent on a vendor. If this sounds familiar, then you may have fallen prey to vendor lock-in.
What is vendor lock-in?
Vendor lock-in is a situation where a customer becomes dependent on a particular product from a particular vendor, regardless of how well the product fits. You are essentially locked into using a product because of the high (or even unknown) cost associated with switching to a new vendor.
Imagine an office with printing services brought in by a third-party vendor, bringing in printers with their servicing, and so on. However, these machines require software sold by this particular third-party company only. Now imagine a steep decline in the quality of the printing that this vendor delivers (printed pages are of poor quality).
Switching to a new printing vendor would mean the old machines you purchased become useless, as the switch likely requires the purchase of new printing equipment, including a new software solution. Given the hassle and added expense of replacing every piece of the existing system, you are effectively locked into the old printing solution agreement with the old vendor and forced to get on with the low-quality printing.
Why is vendor lock-in a concern?
Oftentimes, companies don’t know that they’re locked into a particular product or solution until disaster strikes. Let’s think ahead and list some of the most prominent concerns.
-
Perhaps your vendor goes out of business or stops trading.
-
Your vendor might stop maintaining the product that you are dependent on.
-
A vendor may change its offerings which will be unsuitable for your business needs.
-
License costs could increase beyond your budget - knowing that clients are locked-in.
-
An expert employee leaves your company without a proper handover.
There are a number of ways for companies to get locked into a certain solution. Ultimately, when you’ve decided that your current solution isn’t working and subsequently realize there isn’t an easy or cheap way to change, you’ve fallen victim to vendor lock-in.
Mitigating vendor lock-in
Once you have an understanding of how vendor lock-in can cause headaches for, and even damage to, your company, you’re ready to start mitigating the risk.
First things first, determine whether and how much you are at risk. How heavily do you rely on a particular vendor’s solution? Is the vendor a reliable partner? For example, do you receive timely notifications of service contract updates? Are bug fixes provided promptly? These are the types of questions that should be asked and answered to quantify the vendor lock-in risk.
Ask yourself, are you happy to live with the risk? Companies make risk-based decisions constantly; many of these are decisions to bear the potential cost of the risk if it ever develops.
If retaining this risk is not possible or undesirable, start taking back control of your data.
Microsoft’s early fight against vendor lock-in
In the early 1990s, Lotus123 was the premier spreadsheet program. It held a near-monopolistic grasp on the spreadsheet market. An upstart competitor, eager to break into the domain, developed a program of their own. The company was Microsoft, and the software was Excel. What followed was something of a David vs Goliath tale, with Microsoft incredibly playing the role of David.
We all know who won the 'spreadsheet wars', but it was never a foregone conclusion. Microsoft’s fundamental challenge against its entrenched competitor was that potential customers had already made substantial investments in Lotus123 spreadsheets, and couldn’t easily switch. In other words, these companies were locked into Lotus123.
So how did Microsoft solve this problem? They programmed Excel to read and write Lotus123 spreadsheet files. This allowed them to sell into Lotus123-powered companies without resistance. It also allowed the companies to focus on their data and analysis, without worrying about the file format they were using.
Locked into a SIEM? NXLog can help
SIEMs are especially complex software products, processing near-incomprehensible amounts of data across an entire organization. Most often, their capricious pricing models are based on throughput, rather than a consistent monthly or annual cost. The deeply-entwined relationship between an organization’s log data and a monolithic, all-knowing SIEM proves inordinately difficult to untangle once implemented.
If you’ve found yourself locked into a SIEM solution with no easy escape, NXLog can help. NXLog Enterprise Edition sits upstream from your log management solutions—whether they be SIEMs or data lakes—and provides a vendor-agnostic solution to collecting and centralizing your logs. This allows flexibility in the log management products used downstream.
NXLog seamlessly integrates with literally any solutions out of the box. Our agent accepts every type of common log format and can transform this data to the required output format.
If you want to switch SIEMs, you can—easily. By using NXLog Enterprise Edition, you can declare SIEM independence.
