Security in a Box - a blueprint for Cloud Security Architecture

29 January 2018


Imagine what security could be if not constrained by a large technology debt accumulated over the years of running legacy systems and applications. What if security capabilities can be procured as a black box service when you need it, as soon as you need it?

I’m Anton Tkachov - Chief Security Architect in PwC’s Financial Services Cyber Security team and I believe that by embracing the technology and adopting Cloud computing principles, security organisations can provide better, faster and much more agile services that will match the expectations of a modern business.

In today’s technology-driven world, a number of emerging macro trends are redefining the way organisations consume technology. These trends include:

  • The adoption of digital services to improve customer engagement and service;
  • The execution of “cloud first” strategies to improve the total cost of ownership of Information Technology;
  • The promotion of a “sharing economy”, through principles such as PSD2 and Open Banking regulations.

These trends are also shifting the technology architecture thinking from an arms-length, closed off position to an open and collaborative one and driving:

  • the use of APIs to facilitate sharing of information or various other digital transactions between organisations;
  • the migration of business critical systems into third party managed cloud environments;
  • the adoption of agile development methodologies (i.e. DevOps) to improve the speed of innovation and time to market.

To adapt to these changes, Security leaders need to re-evaluate the way they design and build their cyber security capabilities. Reliance on traditional waterfall-based delivery of data-centre focused controls won’t be sufficient to secure the fast-paced collaborative business.

We have been working with Symantec to create a white paper helping to advise security professionals to adapt new security delivery models to support these trends and ensure businesses can protect their assets, through deploying ‘a box’ of security capabilities. The solution is a set of scalable, flexible, automated, cloud-based security utility services, which can easily be commissioned and decommissioned at will, based on the specific needs of an organisation, creating a “box of security capabilities” that can be customised and customised at will. In other words, “security in a box”.

If you are interested in finding out more, please download the whitepaper here.