Successful cybersecurity posture in an organization requires effective cyber protection of its cyber assets.
There is a broad interpretation on cyber protection. In certain extreme cases, people put focus on technical controls and how are these controls implemented sometimes down to specific technology brand name or even model per personal preference.
This doesn’t hurt as long as
- Providing transparency on the rationale of the chosen technology vendor
- Publishing the standard for reference rather than hiding inside one’s mind
- Facilitating end users to procure those specific brands
- Communicating with Teams involved to raise awareness of the requirement
That said, it falls into one of the organization governance roles as cybersecurity standarization. The merits are reducing learning curve to manage the control, partnership with vendor for better support and purchase discount, technology roadmap and life cycle management.
Like any other tools, it is subject to misuse and then resulting into internal politics.