When Is Security Standalone And When Should It Be Integrated?
By Kazim Somji, CTO
April 13, 2021
This is the final article in my series on defining a modern security strategy that includes both cloud and legacy technology systems. In my last article I talked about the push and pull between stronger or weaker security and how it can impact on business operations. In this article I want to explore how to create an integrated security strategy and compare this to security as a standalone function.
This is not really an either/or question. In some cases your security team and broader strategy has to remain independent of the business team – it supports their processes. In others, you will need to integrate your security operations closely with theirs to ensure that security is baked into all processes. Your security strategy needs to consider both unique security functions and integrated functions:
- Unique security functions: these are the tasks that your security team can perform independent of other operations or processes within the business. This will include dedicated security operations, managing vulnerability, and other functions that can be managed independently.
- Integrating security into other functions: this is where your security team needs to act as subject matter experts, training other business teams in how security impacts the function of their part of the organization. This might include risk assessments, new business initiatives, application design, and new IT systems. Microsoft advises: “Security teams advise these teams with expertise and context on attackers, attack methods and trends, vulnerabilities that could allow unauthorized access, and options for mitigation steps or workarounds and their potential benefits or pitfalls. This function of security resembles that of a quality function as it will be woven into many places large and small in support of a single outcome.”
As I have outlined throughout this series of four articles, there are many areas of security design that are often overlooked. Partly this is because some security managers are unfamiliar with both legacy and cloud security. A modern security strategy differs quite substantially from the legacy approach of a secure perimeter to the organization.
I believe the key throughout the entire process is partnership. As I detailed in the article focused on managing friction, it can be easy to lose the support of your organization by making it impossible to do their job productively. Any new strategy should involve business partners so they can be integrated into this new era of security using training and methods they support – rather than them feeling coerced in new and painful security that affects their job.
This concludes my four-part series on designing a modern security strategy that includes legacy systems and cloud. Naturally my comments are based on my own experience, but I did use this Microsoft cloud adoption framework as a basis. It’s a great resource and well worth your time.
Follow the WatServ company page on LinkedIn to ensure you never miss our articles and commentary.
1. Defining a modern cloud security strategy for your organization
2. Cloud: Modernizing your security strategy
3. Managing security ‘friction’ inside your organization
4. When is security standalone and when should it be integrated?
WatServ demonstrates best-in-class capability and market leadership through proven technology and customer commitment.
WatServ is an IT solutions provider that helps organizations digitally transform through cloud technologies and managed services.
Serving clients as a trusted advisor since 2006, WatServ provides experience-tested, strategic solutions across all stages of the digital transformation journey. Clients choose WatServ to migrate infrastructure and applications to the cloud, secure critical data, implement disaster recovery, deploy virtual desktop, enable data-readiness for productivity solutions and manage IT environments.
Our clients span a broad range of industries, and we’re a global supplier of IT services for many Brookfield Portfolio Companies. To help our mid-size clients, we provide scalable offerings that simplify cloud adoption and drive business optimization. For enterprise clients, we co-create cloud solutions that enable stability and efficiency for complex IT tools and processes.
With more than 15 years of experience, WatServ has a track record of delivering quantifiable business results and a superior client experience. Ranked as one of Canada’s Top 100 Solution Providers for the last three years in a row, WatServ is always on.