Emerging Service: Global Security Operations Center as a Service

Nov. 12, 2021
Integrators can offer their own GSOC to enable customers to bring on new services quickly while relying on the expertise of those who do this for a living

This article originally appeared in the November 2021 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.


In today’s complex world, real-time situational awareness is critical for security professionals to make decisions regarding the security of assets and operational continuity on a minute-by-minute basis. Converting a Global Security Operations Center into a managed service is a business model that is rapidly growing since coming into its own over the last few years, and could prove a reliable avenue for integrator RMR.

GSOC as a Service (GSOCaaS) merges technology solutions to meet physical and operational security risks and needs and can be delivered as a managed service. Why should an end-user subscribe to GSOC as a service when they can build your own? While certainly not an easy task, the easiest part about a SOC is building it. Once it is built, keeping everything up-to-date and continually showing the return on investment is the true challenge.

End-user companies that take on the task of building and manning their SOC are generally pulled and pushed in many directions with changing business requirements – including the demands of staffing and sourcing, maintaining the right tools, making sure the technology is integrated to produce desired outcomes for handling many types of events, identifying and reducing risks, and providing comprehensive, relevant reporting.

Rather than facing this formidable challenge, more companies – including a large percentage of the Fortune 500 – are turning to GSOC as a Service, which provides 24/7 services with reliable, redundant capacity, dedicated specialists, and flexible platforms. GSOC services include the latest in threat intelligence capabilities and response tools, web and social media monitoring, mass notification communications and workplace management platforms to provide companies with additional layers of situational awareness and responsiveness in their security operations.

These companies have learned – in many cases, the hard way – that preparation must occur in advance of the emergency. By tapping into GSOC as a Service, companies have the ability to bring on new services quickly while relying on the expertise of those who do this for a living. They benefit from economy of scale, have the peace of mind of back up and redundancy and bring real expertise to the table in ways they cannot easily get on their own. Technology, such as what is delivered with GSOC as a Service, will likely play an increasingly prevalent role in threat awareness, emergency response and trackable security metrics.

Technology Services: One Size Does Not Fit All

The timeline to onboard with GSOC as a Service varies widely, with start-up times ranging from a few weeks to several months, depending on the complexity of the platform, the number of locations being supported, and the operational procedures needed to be put into place at launch.

GSOC as a Service is a customized solution built around how an individual company operates, and its components vary widely from customer to customer. Offerings range from the complex – such as forward-looking threat analysis and situational awareness reporting and resulting recommendations – to more routine such as video monitoring and analytics. Here’s a closer look at some of the most popular offerings:

Threat Intelligence: An organization’s human assets and resources are as critical to enhancing situational awareness as the tools and technology in a GSOC. Threat intelligence is made actionable through human analysis, reporting and communication of critical events and management of all physical and operational information workflow.

GSOC as a Service threat intelligence tools sort through thousands of open-source data channels to efficiently identify situational intelligence that is critical during a crisis, allowing security professionals to make faster, better-informed decisions with highly relevant, real-time alerts and a comprehensive common operating picture of intel from around the world or down the street. Cloud-based platforms enable highly secure and targeted delivery of critical information to identify and manage the most relevant emerging risks and threats.

Social Media Monitoring: Companies receive insight into social media and online chatter for a wide variety of business assets – from executives and locations to events and products. These technologies monitor, analyze and notify businesses of any potential online threats. The 24/7 system scours the Web, dark web and social media. Analysts categorize and communicate possible danger in real time when a risk is detected.

Response Tools: Companies are able to prevent incidents before they occur by assessing mobile safety communications platform as part of their GSOC offerings. They receive actionable, crowdsourced safety and security intelligence information that increases both workforce engagement and situational awareness for security personnel, facilities staff, and others in an organization through a secure, easy-to-use smartphone app.

GSOC as a Service enables companies to integrate security intelligence and analytics with technology tools that improve situational awareness and human response and deliver asset protection and risk mitigation. Security professionals are able to do their jobs more effectively with advanced situational awareness, risk intelligence and technology platforms that help the security team predict, prepare for, prevent and respond to risk.

Setting it Up

Through a Monitoring & Response Center (MaRC) set up by the integrator, customers have access to a focused recruiting operation that provides specialized sourcing of GSOC operators and analysts. These resources are critical to the analysis, reporting, and communication of critical events, as well as to managing all physical and operational information workflow.

Businesses are seeking the best practices and technology to prepare and prevent threats, minimize risk and keep their employees and assets safe. Through integrated GSOC offerings, companies have access to a single sourcing capability with the latest platforms and tools to accomplish this in an ever-evolving and complex world.

With flexible and scalable configurations, GSOC technology can be integrated into a security program as a component of a proprietary security operating center gradually or as a full-capacity GSOC ecosystem – reducing spend on design, engineering and operations, while providing the expertise and actionable risk intelligence needed to make critical business decisions. 

It is not uncommon for a large company to turn to GSOC as a Service for after-hours video monitoring, for example, and later decide to use the service for 24/7 monitoring. They may add threat analysis or additional gate and door control modules.

During times like a global pandemic, a shortage of employees could cause disruption and risk. When it comes to reducing risk and managing the “new normal,” many companies sought to customize their GSOC as a Service security solution to include a variety of technologies ranging from situational awareness and threat intelligence platforms, to remote video and alarm monitoring, to integrated commercial security systems, to web and GPS-based patrol route management.

Case in point: One transportation company started with access control of doors and gates at one campus, which quickly moved to multiple campuses with a video analytics platform. There’s even an internal ‘911’ which enables employees to connect with their GSOC for emergencies ranging from an unauthorized vehicle driving through the gate to a healthcare emergency. GSOC personnel may deploy a security professional on the ground, connect with the local police or EMTs, etc.

GSOC Training & Hiring

GSOC centers are manned 24/7, 365 days a year. Ensuring that the right people are hired is of paramount importance. The employees who staff the MaRC should be highly trained and experienced personnel who undergo continual training. These specialized operators act as an extension of the company they are monitoring. There is ongoing security operational training to help personnel improve their operational security capabilities and vulnerability management and security information event management platforms.

GSOC personnel need to be critical thinkers who have sound judgment with an analytical background. These operators are very process-oriented, meticulous with following every necessary step, take initiative, and are able to deal with high-pressure situations. Certifications on Incident Command Structure (ICS) is important, as well as other certifications including the ASIS Certified Protection Professional (CPP). There is also vendor-specific training to certify personnel on the systems being used.

James K. Lantrip ([email protected]) is SVP of Operations at Allied Universal Technology Services. Learn more at www.aus.com