Cloud: Modernizing Your Security Strategy
By Kazim Somji, Chief Technology Officer
March 16, 2021
In my last article I talked about how to define a security strategy for your organization. Microsoft published some interesting ideas recently on their Azure product pages and I had summarized some of their comments, with a particular focus on three areas of security that I feel are often overlooked when building a broader strategy.
In this article I want to focus on a cloud modernization security strategy. Over time, your organization will naturally need to adjust the architecture, technology, and security that is in place. Modernizing your security is aimed at embracing a cloud-focused view on security, rather than trying to integrate a cloud with legacy tool and systems.
This will involve a new approach to the processes and tools that are used, but may also involve a cultural and organizational change. Integrating a cloud modernization strategy into your organization will change how many legacy systems and processes are used, or it may mean that they are discontinued, so the approach to security will almost certainly need to change and modernize.
So let’s consider why you need to think about modernization first? Most legacy security and tools are quite burdensome when a cloud is introduced into the organizational architecture. They just don’t really work well in this environment. You might need to use them during a transition period, but a mixture of security approaches cannot be allowed to become a long-term solution by default.
Given the rapid pace of change and the ongoing risk of not defining and executing a security strategy that faces up to the challenges you are facing, what are the main issues?
Apart from managing attrition as your security team gradually leaves for better opportunities where their employer embraces security in 2021, the two main issues are:
- If your management team follow the legacy approach of arms-length security planning then they may not involve security at all in the design and management of a new cloud-based system. This comes from the traditional approach where security managers are usually seen as “always saying no” to the point where the business cannot function if they follow the rules applied by security. A modern security strategy needs to include the security function at the heart of business planning – you need to be in the room when decisions are made about the technology that the business team wants to use.
- You cannot effectively use on-premises tools to detect and defend against cloud attacks. Legacy tools simply don’t work in this new environment and are designed around the idea of a network perimeter – a simple way to think of it is like a wall. A legacy approach is to focus on maintaining a robust wall around your network, but with a cloud you need an automated network of intelligence that seeks out security risk – not just a big wall.
It’s clear that the change can be quite transformative, both in terms of how your network is designed, how you need to secure it, and how your overall security strategy needs to embrace a different paradigm.
I would always recommend an agile approach to this type of change. A ‘big bang’ overnight from legacy to cloud can be traumatic for your security team and the underlying business users. If anything doesn’t work then, once again, the security team will be blamed for preventing the organization functioning. An agile transformation will allow you to roll out your new modernized security strategy in stages with the option to quickly change and adapt as needed.
These are the key points. It’s possible to completely modernize your security strategy, but care and attention is required, particularly during the transition from legacy tools and processes.
In my next article focused on defining a security strategy, I am going to focus on security friction. All security processes create friction inside the organization, even the most simple, such as passwords. How do you balance the need to introduce and manage security and the need for your team to get their job done as easily as possible?
Follow the WatServ company page on LinkedIn to ensure you never miss our articles and commentary.
Sagen is Digital Ready for the Future with WatServ Providing Cloud & Cybersecurity
WatServ demonstrates best-in-class capability and market leadership through proven technology and customer commitment.
WatServ is an IT solutions provider that helps organizations digitally transform through cloud technologies and managed services.
Serving clients as a trusted advisor since 2006, WatServ provides experience-tested, strategic solutions across all stages of the digital transformation journey. Clients choose WatServ to migrate infrastructure and applications to the cloud, secure critical data, implement disaster recovery, deploy virtual desktop, enable data-readiness for productivity solutions and manage IT environments.
Our clients span a broad range of industries, and we’re a global supplier of IT services for many Brookfield Portfolio Companies. To help our mid-size clients, we provide scalable offerings that simplify cloud adoption and drive business optimization. For enterprise clients, we co-create cloud solutions that enable stability and efficiency for complex IT tools and processes.
With more than 15 years of experience, WatServ has a track record of delivering quantifiable business results and a superior client experience. Ranked as one of Canada’s Top 100 Solution Providers for the last three years in a row, WatServ is always on.