When Is Security Standalone And When Should It Be Integrated?
By Kazim Somji, CTO
April 13, 2021
This is the final article in my series on defining a modern security strategy that includes both cloud and legacy technology systems. In my last article I talked about the push and pull between stronger or weaker security and how it can impact on business operations. In this article I want to explore how to create an integrated security strategy and compare this to security as a standalone function.
This is not really an either/or question. In some cases your security team and broader strategy has to remain independent of the business team – it supports their processes. In others, you will need to integrate your security operations closely with theirs to ensure that security is baked into all processes. Your security strategy needs to consider both unique security functions and integrated functions:
- Unique security functions: these are the tasks that your security team can perform independent of other operations or processes within the business. This will include dedicated security operations, managing vulnerability, and other functions that can be managed independently.
- Integrating security into other functions: this is where your security team needs to act as subject matter experts, training other business teams in how security impacts the function of their part of the organization. This might include risk assessments, new business initiatives, application design, and new IT systems. Microsoft advises: “Security teams advise these teams with expertise and context on attackers, attack methods and trends, vulnerabilities that could allow unauthorized access, and options for mitigation steps or workarounds and their potential benefits or pitfalls. This function of security resembles that of a quality function as it will be woven into many places large and small in support of a single outcome.”
As I have outlined throughout this series of four articles, there are many areas of security design that are often overlooked. Partly this is because some security managers are unfamiliar with both legacy and cloud security. A modern security strategy differs quite substantially from the legacy approach of a secure perimeter to the organization.
I believe the key throughout the entire process is partnership. As I detailed in the article focused on managing friction, it can be easy to lose the support of your organization by making it impossible to do their job productively. Any new strategy should involve business partners so they can be integrated into this new era of security using training and methods they support – rather than them feeling coerced in new and painful security that affects their job.
This concludes my four-part series on designing a modern security strategy that includes legacy systems and cloud. Naturally my comments are based on my own experience, but I did use this Microsoft cloud adoption framework as a basis. It’s a great resource and well worth your time.
Let me know what you think about this final article or the entire series of 4 by getting in touch directly via my LinkedIn profile. Follow the WatServ company page on LinkedIn to ensure you never miss our articles and commentary.
WatServ demonstrates best-in-class capability and market leadership through proven technology and customer commitment.
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with 1000’s of users connecting from around the world, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.