Culture is the set of tendons that connect People with Policy (& Process) and those with Technology.
Our failure to make progress these past 20-30-odd years is in great part a failure of culture.
"... today’s users are more tech savvy and have a lower tolerance on security as an obstacle to productivity...' <--- that's a cultural problem. it is ignorance, arrogance, and knowing just enough to be dangerous but not enough to have discretion.
Having done just that over the last 18 months and grown a security team from zero to over 60 people, your choices are sound.
I’d add that in order to extract signal and enable actionable intelligence you also need:
1) A SEIM/SOAR/whatever you want to call it
2) Some manner of vulnerability management / patching platform for endpoints and tie to cloud
3) some form of SASE capability for app visibility/control and threat mitigation including ZTNA capabilities for secure access from endpoints
4) some form of Identity management/IGA/entitlement management - likely tied to your IdP that enables conditional access and policy enforcement connected to MDM and hopefully tied to enabling Privileged Access Management
Add that to yours and I think you’re cooking with gas…
Hands down agree on the others - even SASE can be up there in my 'top 5' depending on the org. I took an approach of balancing - ease of implementation with fidelity / assurance of the tools for an ops team.
You show me an organization with a strong IGA and I expect everything else to be a walk in the park for that org :)
Culture.
Culture is the set of tendons that connect People with Policy (& Process) and those with Technology.
Our failure to make progress these past 20-30-odd years is in great part a failure of culture.
"... today’s users are more tech savvy and have a lower tolerance on security as an obstacle to productivity...' <--- that's a cultural problem. it is ignorance, arrogance, and knowing just enough to be dangerous but not enough to have discretion.
Having done just that over the last 18 months and grown a security team from zero to over 60 people, your choices are sound.
I’d add that in order to extract signal and enable actionable intelligence you also need:
1) A SEIM/SOAR/whatever you want to call it
2) Some manner of vulnerability management / patching platform for endpoints and tie to cloud
3) some form of SASE capability for app visibility/control and threat mitigation including ZTNA capabilities for secure access from endpoints
4) some form of Identity management/IGA/entitlement management - likely tied to your IdP that enables conditional access and policy enforcement connected to MDM and hopefully tied to enabling Privileged Access Management
Add that to yours and I think you’re cooking with gas…
Hands down agree on the others - even SASE can be up there in my 'top 5' depending on the org. I took an approach of balancing - ease of implementation with fidelity / assurance of the tools for an ops team.
You show me an organization with a strong IGA and I expect everything else to be a walk in the park for that org :)