When V3 revealed how the Met Office is transforming its business with big data and plans for helping third parties to run their algorithms against its weather information, it also revealed a changing approach to security.
Indeed, such digitalisation programmes across the public and private sectors will invariably demand a change in strategy that puts security at the heart of the business.
Tim Moorey became acting chief information security officer at the Met Office last year, and has wasted no time in transforming the organisation's security posture.
"Before I joined the Met Office we had a fairly 'singleton' security team that was fire-fighting a lot of the issues that arose. [They were] multi-hatted individuals who had a broad understanding of security, but weren't necessarily able to drive the strategic stuff through," he explained.
In response, Moorey restructured the team and shifted the way in which the Met Office approaches and handles IT security.
"The team has evolved, broken down into the core streams of delivering the information assurance and cyber resilience across the organisation. It has also expanded, taking on security staff with a wider variety of skills to handle some of the new core tasks," he said.
"Originally, the security team depended entirely on, for example, the networks team so that people looking after the networking infrastructure would have monitoring capabilities for service monitoring. We'd have infrastructural desktop people that would do monitoring of desktop infrastructure. There was no real central coordination."
Moorey was originally brought in to help establish the Met Office's Security Operations Centre as the organisation seeks to make its data and know-how more widely and easily available.
CIO Charles Ewen explained to V3 earlier this year that the Met Office is considering ways of, for example, running algorithms from commercial and other organisations against its own datasets, or subsets of its data.
But this will require a very different approach to IT security at the Met Office, focusing on protection of information assets, rather than maintaining a highly secure perimeter fortified by firewalls.
The trouble with the old approach, according to Moorey, is that "each team was looking at it from a service monitoring or service availability perspective, specifically from a security or cyber threat perspective".
Drawing these functions into the Security Operations Centre hasn't necessarily driven a concomitant reduction in network monitoring and systems management, he argued.
"They are still monitoring for service availability and so on, but [also] looking at the feed from all of the monitoring systems we've got, plus specific security controls, and looking at those in a cyber context and then providing packages of work out to the business as necessary to remediate or react to," said Moorey.
The Centre has also taken on a number of other tasks as it becomes more embedded in the business, one of which is accreditation - certifying systems and applications deployed in-house for security.
"The accreditation assurance side helps information asset owners to understand where the risks to their information lie so that they can take those risk management decisions," Moorey explained.
"We have gone through a programme of doing legacy accreditation on all of our core systems. That's about going through them, looking at them in a way broadly similar to ISO 27001, and doing a risk assessment against all of our core systems, and providing a risk assurance level that the business can then decide whether that meets its risk appetite.
"If not, we need to instigate a programme of work to remediate, patch or replace. That work has been really useful to help the business understand where its risks lie."
The Centre has also helped demonstrate the importance of IT security to the business and, indeed, elevated its role to one of business partner, not just a function of IT that surfaces only when something appears to have gone wrong.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches