Security is one of those areas that, if done properly, looks effortless and easy. If done poorly, however, like doing the minimum to tick a box, it gets in the way. Some organizations, on the face of it, have great security, but scratch the surface, and you’ll discover that they have left the key under the mat, digitally speaking. Security is a seductive force—the longer you go without any sort of incident, the more you can convince yourself into believing you run a secure environment, not unlike thinking your house is fireproof because it hasn’t suffered a fire.
There is no doubt that layering in security at the end creates a lot of work and takes a concentrated effort to get right, with much disruption. That said, you can do a lot to secure an existing platform even if you have made no real effort to build it in from the start. In this chapter, we will go over some of the steps you can take to make significant progress to create a secure environment.