Open in app

Sign in

Write

Sign in

How to do Security (or anything) Right …

Awanthika Senarath
5 min readAug 6, 2022

There are many ways to do security, and to be honest none of them are wrong, or at least you can justify doing it in many ways, but doing it right will help you an your organisation in the long run.

I have met many people in my career who wants to get things done, things unblocked and cleared to get on with their other work. But sometimes what we don’t realise is when we get things done, rather than doing it right, we end up creating so many other issues, other unnecessary workloads and a false sense of doing something when the problem would still be there, perhaps in some other form, at some other place, not visible to us at that moment.

So, what does it mean to do something right?

When you do something right, it should essentially get it done, and not make you do the same thing over and over again slightly differently at many places, or many times at the same place. When you do something right, it should sort it on its own with most of the issues that comes with it.

When you do something right, it should be apparent why you did it that way, and most of the time should save you the time that is spent explaining it to a hundred people to prove why you did it that way, at least if the place you work is a place that does things right that is.

and most importantly when you do something right, you know you did it right and you have that feeling of accomplishment, happiness and completeness in you, not the anxiety of what if this happens .. what if that happens… because when you have done it right 95% of the predictable ifs and buts are usually taken care of.

So how do you do something right?

You do something right by not fixing a single thing, or getting the problem solved by implementing something fast and quick.

You don’t fix things when you do something right, rather you build things. You build a process, a method that would evolve on its own, a process that could live on its own and has its own branches and paths that can shape it so that it can fix the thing you wanted to fix and the many other things that is involved with it. Am I making sense?

Okay, lets talk more with an example. Lets say you have a problem at your organisation where you have a system in which, people who have already left your organisation have user accounts.

What would be a quick fix for this?

Yes, you can go into the system, do a quick audit. Check the accounts of those who are no longer with you and remove them.

What’s the issue with that approach? Well, you will have to do it again in a few weeks or few months because more people are going to leave the organisation in the future.

To fix that you can create a regular audit, but still you end up doing the same thing over and over again.

This is not fixing an issue, this is fixing something the wrong way. Your fix is not sustainable, it is not going to evolve with the issue and also it does not look at the root cause of the issue, which is your organisation not having a proper identity and access management process. You can bet a good fortune on the existence of many other systems that has the same issue in your organisation.

So how do you fix this right? You have to go by fundamentals, you have to implement and access management system that is going to provide access to all the systems that exist in your organisation.

You need to first talk with the senior management and see how you are going to purchase a suitable identity and access management system, unless you already have one that you are not utilising properly. Then you have to source people to manage this. You have to conduct an audit and identify the systems that need to integrate with this access management system and evaluate the compatibility. This will involve a lot of steps and a lot of legwork, but that is what doing something right is all about.

You also need to make sure you implement the standards and processes around it, do the documentation and make sure everyone knows this is coming. Do the change implementation right. Communicate the change at the right time to the right audience in the right way. Set up the guidelines and help processes for users, identify the places that may cause you trouble…

and that my friend is a lot of work.. phew!

Why do I have to go through all this trouble?

Because once you do this right, you can be sure that the new system will make sure that when someone leave your organisation, it will terminate that person’s access to the said system and all the other systems that you identified in your audit. You can be sure that you don’t have to do the same process over and over again. You can be sure that your process would evolve with the other identity and access management issues that comes later.

Doing something right will always take more time and people in the first place. But a strategic workplace will always identify the importance of doing it right in the first place to avoid wasting the time and people many times over and over again in the future. However, one thing to keep in mind is when you look for a strategic solution and try to do something right, it is always important to take some tactical steps to mitigate the immediate risks and implement some short term controls until your strategic solution comes into place. Because, depending on the size of your organisation, strategic solutions could take years to implement and function as expected. But you need to start somewhere..

So the take away is,

always try to do it right the first time and if it looks like it is going to take a long time, do some smaller tactical things for the interim to ensure the security of your organisation. Don’t just get things done, but try to get things done right.

--

--

Awanthika Senarath

Written by Awanthika Senarath

4 Followers

I am a cloud governance enthusiast. I believe in clearly defined practical and realistic governance policies that helps businesses to grow!

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams