Security as a Service – a Paradigm Shift

Dr. Wendy Ng
Cloud Security
June 17, 2020

In an era of ‘as-a-Service’, could security be the next candidate for the treatment? Having came from a client-facing consulting background, my first in-house role has been somewhat of a cultural shock, but also a fantastic learning experience. It’s the first time that I’m within a function which actively consumes resources rather than generates revenue. Statements of Work (SoW) have been replaced with business cases for investments. For many organisations, security is a centralised function designed to protect the organisation and its customers; this makes sense on a number of levels: i) better visibility of the toolsets; ii) centralised location for specialised skillsets; iii) bigger community of users for whom experience can be shared; iv) lower operational and administrative overheads for the organisation as a whole; v) specialised contractual negotiations, leveraging an organisation’s scale.

All appear to be working nicely, so why reinvent the wheel? But my consulting mindset is niggling away at me; does a security function have to be a net consumer of resources? The part of my role which provides the biggest benefit to the organisation and its business units, is that of being an advisor, to teams across the business for which security per se is not their main job function. It feels akin to teaching the teams how to fish, with guidance on which nets and other angling equipment is best for their circumstances, rather than the more reactive approach of trying to give them the fish, the latter of which is also less scalable. The internal security function is in fact providing consultancy services, albeit on an unfavourable cost model!

Cross-charging between different departments is common practice, especially for large organisations which are made up of multiple business units. Having a centralised security function with specialist skills made available through a service-based model makes sense due to efficiencies gained from economies of scale and cross-functional knowledge sharing. Given the importance of security for every part of an organisation, a service-based model and funding structure should provide a more sustainable cost model. Directly or indirectly, every department or business unit will have their own P&L (Profit and Loss). Could moving to a more direct funding structure based on service rendered be a better way forward?

Dr. Wendy Ng

Wendy is Experian’s DevSecOps Security Managing Advisor, where she is an SME for the company’s global DevSecOps transformation initiative. She has honed her technical consulting skills through a number of industries, including aerospace, healthcare, financial services, telecommunications, transport logistics, and critical national infrastructure. Having started her career as a technical consultant at Cisco, she also worked at PwC and Deloitte. Wendy completed her doctoral studies at the University of Oxford and has contributed to the scientific community through peer-reviewed publications. She has been sharing her experience and expertise, addressing key challenges, in her blogs since 2016.

Keep Reading

Cloud Security
GermanyClouds Event - Foundation of cloud native security: from building security to effective auditing
In this webinar we talked with Dirk Herrmann, Systems Engineering @ Palo Alto Networks, who provided examples of how to embed a variety of security and compliance practices into a fully automated pipeline, from the perspective of development and security teams. and Peter van Eijk, Certificate of Cloud Security Knowledge (CCSK) trainers, who discussed the major topics in cloud security and cloud audit and gives some pointers for additional resources.
GermanyClouds Event - Foundation of cloud native security: from building security to effective auditing
MarkeTech Group
5/31/2021
Cloud Security
The Future of Data Security Lies in the Cloud
We have recently read a lot of posts about the SolarWinds hack, a vulnerability in a popular monitoring software used by many organizations around the world. Should organizations, who already invested a lot of resources in cloud migration move back workloads to on-premises? I don't think so.
The Future of Data Security Lies in the Cloud
Eyal Estrin
1/11/2021
Cloud Security
Impostor Syndrome in Cyber Security
How We Can Turn This Into Our Secret Weapon To Become Technological Leaders
Impostor Syndrome in Cyber Security
Eli Migdal
7/26/2020
Cloud Security
Virtual Cloud Summit: Security & Data Privacy in the Cloud
Security & Data Privacy in the Cloud - Risk Based Approach
Virtual Cloud Summit: Security & Data Privacy in the Cloud
MarkeTech Group
7/6/2020
Cloud Security
Cyber Security: What's right for your organisation?
A strategy is the foundation of a cybersecurity programmer; however, the implementation is key.
Cyber Security: What's right for your organisation?
Dr. Wendy Ng
6/23/2020
Cloud Security
Scaling Security Through Automation
The ease with which we can access information and services, is causing headaches for those who act as data guardians
Scaling Security Through Automation
Dr. Wendy Ng
6/4/2020
Cloud Security
GDPR, Cloud and the Shared Responsibility Model
Let's talk a little bit about the cloud shared responsibility model
GDPR, Cloud and the Shared Responsibility Model
Eyal Estrin
6/2/2020
Cloud Security
Virtual Network NAT
Virtual Network NAT
Virtual Network NAT
Paco Sepulveda
4/20/2020

Newsletter EuropeClouds.com

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

Homearticlesprivacy policyOur groupCLOUD STARTUPSAboutContact