This holistic view of the organizations security state provides a great starting point for mitigating security risk in the enterprise. Then, once the security risk assessment is complete, companies can architect, design and implement a solution that fits the needs of their specific business.
Dont Rely on Retrofitting - Retrofitting security is rarely possible without having to redesign substantial parts of the system and, in almost all cases, retrofitting will be very expensive. Security must be an integral part of the system design from the start, not an afterthought.
Really, one statement says it all, Security is not something you buy, its something you do. It's a process used to maintain quality for a businesss IT systems, like scalability or availability. With the right process in mind and the right technologies to support these qualities, companies can maintain a holistic view of overall goals, security's role within those goals, and develop a coherent execution plan.
Ace Swerling is the security director for Avanade, a global IT consultancy, focusing on Avanade's Identity and Access Management business along with Core Security. He invented an architectural concept called Enterpresence to join identity, security, and SOA applications. This is a core tenet of Avanade's application development methodologies. Ace worked in Microsoft Consulting Services prior to joining Avanade six years ago. While there, he was considered a SME on Windows and AD. He is also an Exchange Ranger.