Redefining The Modern GSOC
The security industry, when framed as the concept of a select group of people responsible for the safety and security of a community, is one of the oldest in the world.
For good reason too; because in order for any organization or society to truly thrive, it needs to ensure that the people powering it feel safe and secure.
Having spent the last decade working on projects around the globe to secure places and keep people safe, I can confidently say that the security industry is an absolutely fascinating one; the industry never ceases to find ways to surprise those of us fortunate enough to work in it.
Over the years, I have had the pleasure of working with some outstanding technologies, helping to create solutions to seemingly simple and very complex challenges; all of which centered around keeping people safe and organizations running, regardless of the types of threats they encountered.
As a lifelong technologist though, I have also experienced moments where I witnessed the industry fail to truly capitalize on the technological advancements that should have delivered a safer, easier, more inclusive environment, often doing so through no fault of technology itself.
As with many industries, security underwent a significant transformation in the mid-to-late 20th century as technology started to provide incontrovertible benefits to security practitioners. Until very recently (relatively speaking), the security industry was predominantly related to the physical protection of people and assets, typically invoking images of big men in dark suits and sunglasses demanding that you present your identification or people sat watching banks of monitors with a notepad and telephone.
Only in the last decade or so has it been usurped by the digital tidal wave that has caused many industries to primarily think of security as their shield from computerized threats, and stereotypes now include academic cyber professionals scrambling to protect their organizations from rogue cyber attackers.
Good reasons exist here too; because most lives now blend the digital and physical realms and organizations have recognized the need to ensure their people feel safe and secure in their new hybrid environment.
This situation is probably the most fundamental problem of Security Operating Centers (SOCs) and Global Security Operating Centers (GSOCs) today; we now find ourselves in a world which is undeniably singular in its nature, yet is being secured by disparate teams that often bear very little responsibility to each other. Few people can today question the relevance of cyber security or the value of actionable risk intelligence to an organization’s overall security posture, and yet we still see the teams responsible for these areas operating in silos.
Enterprise Security Risk Management (ESRM) practitioners have long championed for a holistic approach to managing security risks, with closer engagement across the numerous stakeholders involved, but one thing the security industry has been historically great at, is shrouding itself in a veil of ‘inner circle’ and insisting that it is a domain solely for those ‘in the know’ with the experience to demonstrate why things must be done a certain way and why change is invariably too high a risk to take.
This is not in any way a criticism of the security industry, but simply a call-out that for all the good work we have done over the last decade by adopting technology and embracing the changes required to effectively serve the world we all live in today, we still have a lot of work left to do to bring it home. Security is as singular as the world that we all live in, and we should all have done much better at recognizing this fact 20 years ago when it was evident that global risks and digital transformation were not going away any time soon.
As we witnessed the trend towards building even bigger and more impressive GSOCs, often with even bigger video walls and even more operator positions, centralization was often viewed as the ultimate goal, attempting to realize the many long-term commercial benefits that this can deliver over and above the general improvement of the overall security posture.
SOCs and GSOCs reached an inflection point in the last few years however when organizations realized that these physical spaces were not the be-all and end-all for effective security operations. Most of the time centralization solely meant bringing multiple physical SOCs into fewer more capable ones. While this is still today a perfectly sensible goal, perhaps just as important is establishing holistic protection of our organizations from the multiple prevailing threat vectors.
Centralization is still the goal, it is simply centralization beyond the pure physical definition, as we strive for the singular protection of converged digital-physical risks and threats. GSOCs with unified operating platforms that can deliver the organizational and personal resilience required to thrive in today’s world and generate commercial value across the organization will emerge as the blueprint for security operations of the future.
To learn more read our latest whitepaper 7 Principles of Leading Security Operations Centres
Written by Daniel Bloodworth