Cloud: Modernizing Your Security Strategy
By Kazim Somji, Chief Technology Officer
March 16, 2021
In my last article I talked about how to define a security strategy for your organization. Microsoft published some interesting ideas recently on their Azure product pages and I had summarized some of their comments, with a particular focus on three areas of security that I feel are often overlooked when building a broader strategy.
In this article I want to focus on modernizing a security strategy. Over time, your organization will naturally need to adjust the architecture, technology, and security that is in place. Modernizing your security is aimed at embracing a cloud-focused view on security, rather than trying to integrate a cloud with legacy tool and systems.
This will involve a new approach to the processes and tools that are used, but may also involve a cultural and organizational change. Integrating a cloud into your organization will change how many legacy systems and processes are used, or it may mean that they are discontinued, so the approach to security will almost certainly need to change and modernize.
So let’s consider why you need to think about modernization first? Most legacy security and tools are quite burdensome when a cloud is introduced into the organizational architecture. They just don’t really work well in this environment. You might need to use them during a transition period, but a mixture of security approaches cannot be allowed to become a long-term solution by default.
Given the rapid pace of change and the ongoing risk of not defining and executing a security strategy that faces up to the challenges you are facing, what are the main issues?
Apart from managing attrition as your security team gradually leaves for better opportunities where their employer embraces security in 2021, the two main issues are:
- If your management team follow the legacy approach of arms-length security planning then they may not involve security at all in the design and management of a new cloud-based system. This comes from the traditional approach where security managers are usually seen as “always saying no” to the point where the business cannot function if they follow the rules applied by security. A modern security strategy needs to include the security function at the heart of business planning – you need to be in the room when decisions are made about the technology that the business team wants to use.
- You cannot effectively use on-premises tools to detect and defend against cloud attacks. Legacy tools simply don’t work in this new environment and are designed around the idea of a network perimeter – a simple way to think of it is like a wall. A legacy approach is to focus on maintaining a robust wall around your network, but with a cloud you need an automated network of intelligence that seeks out security risk – not just a big wall.
It’s clear that the change can be quite transformative, both in terms of how your network is designed, how you need to secure it, and how your overall security strategy needs to embrace a different paradigm.
I would always recommend an agile approach to this type of change. A ‘big bang’ overnight from legacy to cloud can be traumatic for your security team and the underlying business users. If anything doesn’t work then, once again, the security team will be blamed for preventing the organization functioning. An agile transformation will allow you to roll out your new modernized security strategy in stages with the option to quickly change and adapt as needed.
These are the key points. It’s possible to completely modernize your security strategy, but care and attention is required, particularly during the transition from legacy tools and processes.
In my next article focused on defining a security strategy, I am going to focus on security friction. All security processes create friction inside the organization, even the most simple, such as passwords. How do you balance the need to introduce and manage security and the need for your team to get their job done as easily as possible?
WatServ demonstrates best-in-class capability and market leadership through proven technology and customer commitment.
WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with 1000’s of users connecting from around the world, WatServ is always on. For more information, please visit www.watserv.com.
WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.