The SOC’s Unique Role in Creating Organizational Value
The role of a Security Operations Center (SOC) is to persistently aggregate, assess, manage and measure information around people performing roles in key processes that impact the business using technology to provide real-time situational awareness and response as possible. As well, it relies on accurate, intelligent, and actionable information to discover, detect, and respond to threats. So, at best, it provides operational business process intelligence and threat and risk intelligence.
To achieve that ideal state, organizations must adopt a process or methodology: A path to value
ASG, my company, created a methodology 15 years ago called the ASG Path to Value. It has been instrumental in creating value for our clients. It also has fueled corporate growth and influence in the risk, resilience and security market.
In this methodology, there are interlocking steps. Each step represents a professional discipline that is cultivated inside ASG. Each discipline is measured on their performance executing to their discipline as well as their collaborative partnership and communication with the other disciplines.
My role in the ASG Path to Value demands a thorough knowledge of each step. But everything starts with the business of security within the business. We call this the ‘Business Baseline’ and it provides the client assurance we know their business, their core operating processes, their all-hazards risk and their alignment of value with their organization. We spend a great deal of time getting to know the business, their challenges and risks before we even start to work on a strategy to migrate their risk.
Because of this, my team becomes intimately familiar with Security Operations Centers inside data centers; the velocity of change in their industry, the impact of emerging technology on how they organize their people within a process, and how they are impacting the competitive position of their organizations.
There are two distinct business models for data centers. One is the Managed and Owned facility. This is where the SOC is dealing with the security of their own people and assets.
The second model is focused on leasing space; sometimes just a cage. This model is experiencing rapid growth, in part, due to the new emphasis on big data and hosted and managed services.
The latter model is built to be modified and tailored for retail space. However, the model has matured, in many cases, beyond selling racks and rooms. Data is critical to the success of their client’s business model. The speed by which they can access the data, protect the data and create a force multiplier for the business are all value drivers for the model. Velocity, veracity, value.
For ASG to be successful we need to be able to help our clients quickly adapt to fast-changing market and dynamic risk conditions. Our clients are being measured on Time-to-Value in the onboarding of their clients. How quickly you respond to a client’s needs and how flexible you can be will help attract more clients. To help them we have created a minimum standard template which is our launch pad for innovation. Everything we learn through the ASG Path to Value within the market and with specific clients feeds the business and operational intelligence of our approach. But it always starts with knowing the business. And from there the business of risk and security.”
The template includes addressing such issues as:
- Controlling traffic and access. We have to set up a workflow for access. How will the right people get to the right location at the right time? Then we can integrate the risk mitigation strategy in the context of the business. This can be challenging. We need to ensure we comply with the regulatory environment as well as the internal control standards. And yet give clients and visitors a smooth pathway to their intended stop.
- The Perimeter. What kind of cameras will fit the workflow and the control standards? What kind of fencing is required to ensure a vehicle cannot blow through?
- The Cyber threat. In reality, most companies still have not converged the disciplines or the technology. It can be done, but it requires a better analysis of the productivity savings and the overall risk mitigation efforts to offer it to the business. There will be a day when we are asked to merge the risk picture and coordinate the analysis and the response. Today we have RFID on the credential, which allows access, tracks location and allows machine login to certain areas of the data halls and other secure areas.
We also are asked to construct a data model that represents the workflow and the key decisions that need to be made at any given point in time. Consider this an intelligence roadmap. In this approach, we are constructing how situational intelligence is gathered through different databases and how it rolls up to an actionable response. For example, environmental conditions can impact a data centers profit and elevate its risk profile. How is weather data integrated into an appropriate operational response? What advisory is needed for our duty of care for our employees and our partners? How does our SOC talk to our FOC (Facility Operations Center) to ensure business continuity? How are we building a roadmap for a truly intelligent building that merges all these views together?
Today the communications are mostly analog. The FOC notifies the SOC of an issue. It can automatically send that message through the system but for now, it is largely manual. But there will be a day when the Machine is aware and knows who to talk to at any given time and will give instructions.
Some of the most imposing challenges security/risk teams face when deploying a SOC include the perceived role of security by the culture and the community. We strive to make the security presence like electricity. Everyone knows it is there. It is omnipresent. If you need help, they are there. People see it as part of the fabric. It has been said that culture eats strategy for breakfast, so we are ensuring we have a practice within our eSRG group to meet the challenge.
The second challenge by far is the value of risk, resilience, and security. At the end of the day, there is a finite budget and more need than spend to allocate. Our most important role is helping the organization spend wisely on the risks and operational workflows that matter. We are there to articulate the value to business executives and their staff.
Functionality a Key to Aligning the Business Drivers
Unlike many SOCs that monitor for threats, a data center operates with strict controls. Controlled entry into the building. No ability to tail gate and strict permissions at each interlocking juncture. And persistent monitoring of each individual throughout the building.
But the Datacenter SOC still must be a functional office. Ultimately it will be measured on how the client can gain access when and if needed.
You must be aware that access is constant; video is constant. In many cases, it must be processed on two separate client servers. Manned security is there to interact with the visitor and to be available in the event there is a disruption in access. Today technology is moving rapidly to virtual guarding solutions. With facial recognition, biometrics, voice, and machine learning, we will be seeing a migration to real time business intelligence, access, and monitoring.
However, with today’s technology and a business process to anchor it, you can provide proactive intelligence to help mitigate risk. One example is the use of visitor management systems. The systems now allow online pre-registration and business processes encourage it. This allows the identification to be compared against criminal and sex offender databases. With the future provision of video and facial recognition, this can and will be done real time. This pre registering also speed up the access process and further identifies legitimate visitors.
To get to the point where you have a technology roadmap that supports your business processes, you must involve the stakeholders around their risks and operational constraints. This is called the business baseline. But where many service providers fail is not having a bridge from the data to the strategy to the planning and then to the execution.
A true consultant must be able to devise new approaches to existing processes and tools to collapse time-to-value windows and anticipate future risks. To do this requires a leading-edge approach that doesn’t risk the business or the budget on bleeding edge technology.
We have learned many lessons over the last 15 of our 50-plus years in business around SOCs. The most important lesson is to sell the client on the value of a methodology for the long term success of their program. They need to create a scorecard around that methodology and spend time really understanding the subject matter expertise and how it is deployed within the methodology.
As Deming said, “You cannot manage what you cannot measure.” Measure vendors for their ability to construct a 360-degree strategic view of the program that they will apply to a fiscally sound and justified budgetary spend. To do this, they will need to find a Security Risk Management Services (SRMS) partner, not a consultant or integrator.
About the Author: Andy Barclay, Program Manager for Aronson Security Group (ASG).