Security policy defines what the business believes is the best way to secure itself. It defines access to resources, user behavior, etc.

Security services are technical implementation of security policies

The idea is that people in technology should also be the same people doing security https://searchcio.techtarget.com/feature/Why-a-CISO-CIO-reporting-structure-undermines-security

https://www.reddit.com/r/Futurology/comments/v5rpj9/apple_google_and_microsoft_agree_to_adopt_the_new/

UTM (Unified Threat Management)

passwordless