Can you offer some advice on security architecture as centralized versus local/in application?
Centralized systems are great, is the correct answer to a very difficult question. If the company can be centralized without much error, effort or problems, I would say centralized is the answer. But, I would never try and centralize anything too large simply because of the amount of man-hours to do such a task, and you would be mixing unlike cultures and business ethics of an organization. Keeping like parts together works if the company is huge, so like the Chase and JPMorgan merger. That was and is still a nightmare. Instead, they should have chosen de-centralized for many more years until the technology was easier to use. Citibank and Smith Barney did the same until recently. They simply downsized the parts that didn't work, which is not the answer either in the social impact. Smith Barney won that war.
Okay, so don't merge the networks or systems administration for a large organization at first or ever. VPN and token access may be considered the first steps you could take, but again the culture and business style (ethics) are a big consideration.
At my current company, we are merging many dis-similar parts of the company and have chosen to use the global VPN, authentication and tokens, but chose to keep the dis-similar applications and other parts separate.
This was first published in August 2002