image cStor Awarded State of Arizona Network and Telephony Equipment and Services Contract image Best Practices for Simplifying Data Security & Encryption Key Management

Security Operations Center (SOC): To Build or Outsource?

By Larry Gentry, President and CEO, cStor

SOC to Build or Outsource

The acceleration of today’s cyber-attacks, along with the sophistication of the attackers, is causing every organization to be more vigilant in the face of these global and seemingly around-the-clock threats. Therefore, it’s not surprising that many organizations have or are looking at standing up their own 24×7 Security Operations Center (SOC), or the possibility of utilizing a so-called SOC-as-a-Service solution to accomplish that goal.

The Necessity of a Security Operations Center (SOC)

This uncertain environment means organizations face monumental challenges in protecting their data and data centers. Not only are data centers being attacked more often and in more sophisticated ways, other factors such as the expansion of remote sites, mobile devices, mobile workforces, cloud deployments and the ever-increasing IoT (Internet of Things) are adding unprecedented levels of complexity to the organization.

One clear trend in the marketplace is the ongoing need for organizations to establish and maintain a coordinated, strategic approach to security rather than a piecemeal plan. That means creating a broader, all-encompassing security strategy that incorporates intelligence gathering, threat assessments, policy setting, awareness training and many other aspects of security.

A complete strategy and rollout plan create a more durable, long-term security program that, when well executed, combines to produce a robust and sustainable security posture for the organization. Companies of all shapes and sizes should incorporate a centralized hub, including all the tools necessary to run a 24×7 SOC, into their plan to monitor their security posture. This is the new baseline to run and protect a company – it’s no longer a luxury reserved for only the largest organizations.

Beyond creating a comprehensive SOC strategy, finding and retaining talent that can effectively and continuously monitor your environment is also now a necessity. Those resources need to have the skills to analyze and manage threat intelligence as it happens and conduct incident analysis in real time.

Unfortunately, there is a current skill shortage that is not likely to improve anytime soon. If you have a child going off college who’s not sure what they want to do, I would recommend you ask them to consider this field. There are hundreds of thousands of unfilled cybersecurity positions in the U.S. alone.

Even if organizations can find and retain the right talent, the sheer cost and complexity of setting up a 24×7 SOC can be staggering. Here’s just a partial list of what you’ll need to do:

  • Create your strategic security plan
  • Buy a SIEM, a Security Information Event Management system
  • Hire at least five highly skilled people
  • Ensure you have the right tools at hand
  • Have at least one person available every hour of the day (most organizations will need double that)
  • Plan the appropriate budget (costs can easily exceed $500,000 a year)

It is critical for organizations to maintain a coordinated approach to protecting their data and their data center(s) 24×7 as attacks now happen every hour of every day.

Given the high cost and extreme complexity of doing it on your own, not to mention the challenges around finding and keeping the right skilled talent, many companies are looking at outsourcing the entire program, a SOC-as-a-Service function. This is often a smart path to advance a broader security program quickly, as you’ll benefit from the provider’s expertise and often accelerate the plan execution compared to doing it all in-house.

The SOC-as-a-Service Alternative

SOC-as-a-Service (SOCaaS) has now evolved into a type of managed service, whereby an organization can outsource the management of its security posture and threat awareness to a managed service provider (MSP). The MSP in the SOCaaS scenarios will usually take responsibility for some or all items such as firewalls, intrusion detection, response services, cloud and endpoint security, attack monitoring, log management, threat intelligence analysis and in some cases even compliance monitoring.

That said, it’s critical to recognize that your organization is still ultimately responsible for protecting your data, no matter where it resides, or who’s running the security plan.

Why should you consider outsourcing this function? The total cost of these services is significantly lower than the cost of purchasing, installing, and maintaining the equivalent resources in-house, and eliminates the required upfront capital expenditures as well as the cost of hiring, managing and retaining these highly sought-after employees.

Despite possible opinions that you might lose control of your overall security plan, we often see just the opposite happen. With an expert guide helping to plan and manage your strategy, you’re likely to feel far more in control than ever before.

Some other good news? SOCaaS has a wide range of services that can be tailored specifically to any organization’s needs. With fixed-price contracts that have a monthly or annual fee, along with service level agreements (SLAs) governing the terms of the contract, these managed service offerings can provide organizations with an efficient and cost-effective alternative to an in-house SOC.

Along with lower initial cost and overall cost benefits, a managed service SOC, can help address potential skill gap challenges in the security department, and ultimately free up existing IT staff to focus on other business-critical issues.

Hybrid Solutions

Along with the choice of a completely in-house 24×7 SOC or an outsourced SOCaaS, organizations can opt for a hybrid solution. In some cases, cStor clients elect to in-source these functions during normal business hours, and then utilize a managed service model after hours and on weekends. This helps ensure a cohesive plan is operational around the clock.

Other organizations are utilizing SOCaaS to do the logging for compliance purposes. The information is then shared with internal security teams to provide a comprehensive set of analyzed reports and alerts to the organization for ongoing analysis and remediation.

While the market and landscape for SOCaaS continue to evolve, this emerging approach provides an alternative to doing it on your own. It is proving to deliver the protection organizations need more efficiently and affordably. This is precisely why cStor has partnered with several different industry-leading companies and uses one of them to provide SOCaaS to cStor internal employees, to offer a comprehensive SOCaaS solution to help ensure our clients get the 24×7 managed SOC they need to protect their business-critical data and infrastructure.

About Larry Gentry
Larry Gentry is responsible for providing clients with innovative cybersecurity, infrastructure and cloud solutions for the healthcare, manufacturing, government, education, retail, insurance and utility industries. His business acumen and management expertise stem from years of senior level leadership and high-tech management experience with companies such as Kroger, Kohl’s department stores and Shopko. Larry attended Lewis and Clark College along with Mt. Hood Community College prior to beginning his management career and holds multiple industry certifications. Larry has been involved with the Desert Southwest Chapter of the Alzheimer’s Association since 2008, holding past roles of Board Chair, Walk Chair and currently leads their efforts for corporate engagement and sponsorship.
window.lintrk('track', { conversion_id: 6786290 });