CISOs are increasingly decoupling security log data from their SIEMs by implementing separate data lakes and pipelines, often using cloud storage, to gain greater control over data schema, retention, and analytics while reducing costs and vendor lock-in. Although this approach offers flexibility and improved data management, it also requires significant investment in designing, building, and operating secure and scalable infrastructure without disrupting existing security processes.
