Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Finding the right way to approach cybersecurity in a decentralized organization with several business units requires both business model optimization (i.e., reducing repetitive roles and tasks) and enabling independent business lines to innovate and stay
nimble. This piece explains how using a service-oriented architecture can enable a security operation to straddle the line between centralization and decentralization in an effective manner, while also retaining visibility and control over essential
elements of the program.
As organizations experiment with decentralization in an effort to drive more independent and agile business units, security remains a challenge. When security is segregated across business lines, it may increase the focus of each security team to the
business it supports. However, it also can lead to issues with consistency across businesses, as well as governance from a higher-level perspective. Additionally, it can cause inefficiencies because the same tasks/issues are duplicated, and institutional
On the other hand, a centralized security organization may face “political” distance from the business units, which may perceive it as overbearing, lacking context to the specific line of business needs or having issues with responsiveness.
Read: Tips for Building a Cybersecurity Service Catalog
To effectively deploy security in a decentralized organization, a combination of decentralization concepts and centralized oversight are required. The central security organization should operate on a services-oriented model—effectively offering
its services as if it were an MSSP. To do this:
The leadership of each of those functions operates closely with one another and with the CISO, so all service offerings are constantly tuned and measured through delivery to the businesses, and coordination with the technical functions in the businesses
Bearing in mind the central security function provides the “tone” for how security should be deployed and practiced across all business lines, security leadership should continuously evaluate whether a localized security function in some businesses
For larger or more complex businesses, having local security team representation—whether it’s just a security leader e.g., a BISO or a team under them (with security engineering, operations
or a combination of those)—provides an effective means of scaling the service-oriented approach to such business lines.
Larger/complex businesses will also tend to consume more attention and bandwidth from the centralized team, which can reduce efficiencies across the board. It’s the centralized security leader’s job to identify the tipping point at which a
localized security team would make sense, and then locate potential leaders in advance to promote them into that function.
Other caveats to watch out for are inefficiencies across similar functions in the centralized security organization. The delineation of services such as EDR, network security and incident response is going to be unique for each organization, and it must
be defined clearly.
In some cases, these would be offered under the same organizational unit, whereas in others they should be separated. It all depends on the specific organizational culture, the hierarchy and organizational structure of other technical teams, and sometimes
even the internal politics.
Centralizing security within a distributed organization can work well and promote efficiencies across the organization. To improve your chances of success:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
December 7, 2023
By IANS Research
Learn how to create an actionable CISO dashboard with meaningful security metrics using the three C’s principle that supports informed decision-making.
December 5, 2023
By Bryson Bort
As the year draws to a close, IANS Faculty provide their 2024 Cyber Predictions. Watch our video with Bryson Bort for tips on planning your 2024 IT/OT security strategy.
November 30, 2023
CISOs, find guidance on what to focus on within the first 30 days, 6 months and first year of your tenure to ensure a fast, successful start.