Companies today need their security systems to do more for them. The threat landscape is such that they require both intelligence forecasting and real-time situational awareness to mitigate risks to their brand, employees, assets and customers. Many large companies are turning to a Global Security Operations Center (GSOC) to help them accomplish intelligence goals and ensure business continuity.
GSOCs can do anything from monitoring the performance of cameras, access control and security personnel to emergency response or tactical and strategic intelligence. A useful GSOC is one that understands the problem a company wants to solve, so that the data collection requirements and analytics are relevant and staff with the right expertise are in place. GSOCs should never take a collect everything approach. This leads to wasted resources and delays sifting through data to reach actionable intelligence.
Building a GSOC is no small feat. It requires a substantial investment. On average, it costs $500,000 or more upfront plus thousands of dollars in year-over-year costs to staff and maintain. For larger companies with three thousand or more employees, a GSOC is a necessity as it is another form of insurance. Some companies have the budget to build and run one internally. However, a company that runs lean and is experiencing growth may want to consider outsourcing its GSOC to avoid the initial build investment and allow the team to scale as the company grows.
If you think that establishing a GSOC is the next step for your company, three key elements will determine its success — whether built internally or outsourced as a service.
For a GSOC to benefit your enterprise, it must collaborate with both internal and external intelligence sources. The more relevant sources you include in your GSOC monitoring and analysis, the more complete the picture you build.
Internal sources might include access control systems, cameras, security officers, supply chains, and HR. For example, the GSOC must have visibility into employee travel plans to appropriately alert travelers to potential dangers and monitor their route in case of an emergency that requires protection or extraction.
External sources should include traditional and non-traditional sources. Traditional sources would be federal and local law enforcement, social media, news feeds, governmental alerts, public data and the dark web. Non-traditional sources include data specific to an area of need. For instance, the pandemic has necessitated that companies stay in the loop with the CDC, the WHO, FEMA and the medical establishment.
Beyond this, your GSOC staff must have a spirit of collaboration. When office politics or silos begin, your GSOC is in trouble.
Whether your GSOC is housed in one central location or composed of a network of locations, your success depends upon standardizing technology and operating procedures. Each component, from monitoring to intelligence, must use technologies that communicate with each other. Without this, your data points become siloed and you may miss an emerging threat. Resist the urge to implement new technologies if they do not integrate with your existing systems.
Your GSOC locations should also follow the same operating procedures. While there may be language differences from country to country, your scope of work and threat response procedures should be standardized to ensure the same level of service across locations.
The benefit of having regional SOCs is that you can staff them with subject matter experts in that region or country who know the language and the geopolitical landscape. However, regional SOCs can silo operations and staff without a centralized GSOC overseeing them. This leads to dysfunction.
A central GSOC with branches that communicate with and follow the same standards as the central GSOC is by far the most effective model. Technology and operating procedures are driven by the central GSOC, and all data inputs are synthesized into one system for more actionable intelligence.
Without a GSOC, your company is likely operating in a vacuum. But, as you can see, implementing a GSOC is a big undertaking. Take the time to evaluate building one internally versus outsourcing in light of the three key elements needed to make it successful. If the cost of developing the right intel sources and staff, standardizing your procedures across the globe or centralizing your technology is too daunting, then an outsourced approach may be right for your organization. A GSOC-as-a-service can allow you to tap into very specialized skillsets, seasoned personnel and cutting-edge technology for a fraction of the cost. No matter which way you decide to go, a GSOC is a strategic investment in the future of your business.