image Experts Blog: Gap Analysis: 5 Key Questions to Ensure Success image Press Release: Delta Dental of AZ Selects cStor to Advance Strategic Cybersecurity Plan

Security Operations Center (SOC): To Build or Outsource?

By Larry Gentry, President and CEO, cStor


The acceleration of today’s cyber-attacks, along with the sophistication of the attackers, is causing every organization to be more vigilant in the face of these global and seemingly around-the-clock threats. Therefore, it’s not surprising that many organizations are looking at standing up their own 24×7 Security Operations Center (SOC), or the possibility of utilizing a so-called SOC-as-a-Service solution to accomplish that goal.

The Necessity of a Security Operations Center (SOC)

This uncertain environment means organizations are facing monumental challenges in protecting their data and their data centers. Not only are data centers being attacked more often and in more sophisticated ways, other factors such as the expansion of remote sites, mobile devices, mobile workforces, cloud deployments and the ever increasing IoT (Internet of Things), is adding unprecedented levels of complexity to the organization.

One clear trend we see in the marketplace is the ongoing need for organizations to establish and maintain a coordinated, strategic approach to security rather than a piecemeal plan. That means creating a broader, all-encompassing security strategy that incorporates intelligence gathering, threat assessments, policy setting, awareness training and many other aspects of security.

A strategy and rollout plan create a more durable, long-term security program that, when well executed, combines to produce a robust and sustainable security posture for the organization. Companies of all shapes and sizes should incorporate a centralized hub, including all the tools necessary to run a 24×7 SOC, into their plan to monitor their security posture. This is the new baseline to run and protect a company – it’s no longer a luxury reserved for only the largest organizations.

Beyond creating a comprehensive SOC strategy, finding and retaining talent that can effectively and continuously monitor your environment is also now a necessity. Those resources need to have the skills to analyze and manage threat intelligence as it happens and conduct incident analysis in real time.

Unfortunately, there is a current skill shortage that is not likely to improve anytime soon. If you have a child going off college who’s not sure what they want to do, I would direct them to consider this field. There are hundreds of thousands of unfilled cybersecurity positions in the U.S. alone.

Even if organizations can find and retain the right talent, the sheer cost and complexity of setting up a 24×7 SOC can be staggering. Here’s just a partial list of what you’ll need to do:

  • Create your strategic security plan
  • Buy an SIEM, Security Information Event Management system
  • Hire at least five highly skilled people
  • Ensure you have the right tools at hand
  • Have at least one person available every hour of the day (most organizations will need double that)
  • Plan the appropriate budget (costs can easily exceed $500,000 a year)

It is critical for organizations to maintain a coordinated approach to protecting their data and their data center(s) 24×7 as attacks now happen every hour of every day.

Given the high cost and extreme complexity of doing it on your own, not to mention the challenges around finding and keeping the right skilled talent, many companies are looking at outsourcing the entire program, a SOC-as-a-Service function. This is often a smart path to advance a broader security program quickly, as you’ll benefit from the expertise of the provider and often accelerate the plan execution compared to doing it all in house.

The SOC-as-a-Service Alternative

SOC-as-a-Service (SOCaaS) has now evolved into a type of a managed service, whereby an organization can outsource the management of their security posture and threat awareness to a managed service provider (MSP). The MSP in the SOCaaS scenarios will usually take responsibility for some or all items such as: firewalls, intrusion detection, response services, cloud and endpoint security, attack monitoring, log management, threat intelligence analysis and in some cases even compliance monitoring.

That said, it’s critical to recognize that your organization is still ultimately responsible for the protection of your data, no matter where it resides, or who’s running the security plan.

Why consider outsourcing? The total cost of these services is significantly lower than the cost of purchasing, installing and maintaining the equivalent resources in-house, and eliminates the required upfront capital expenditures as well as the cost of hiring, managing and retaining these highly sought-after employees.

Despite possible opinions that you might lose control of your overall security plan, we often see just the opposite happen. With an expert guide helping to plan and manage your strategy, you’re likely to feel far more in control than ever before.

Some other good news? SOCaaS has a wide range of services that can be tailored specifically to any organization’s needs. With fixed price contracts that have a monthly or annual fee, along with service level agreements (SLAs) governing the terms of the contract, these managed service offerings can provide organizations an efficient and cost-effective alternative to an in-house SOC.

Along with lower initial cost and overall cost benefits, a managed service SOC, can help address potential skill gap challenges in the security department, and ultimately free up existing IT staff to focus on other business-critical issues.

Hybrid Solutions

Along with the choice of a completely in-house 24×7 SOC or an outsourced SOCaaS, organizations can opt for a hybrid solution. In some cases, cStor clients elect to in-source these functions during normal business hours, and then utilize a managed service model after hours and weekend. This helps ensure a cohesive plan is operational around the clock.

Other organizations are utilizing SOCaaS to do the logging for compliance purposes. The information is then shared with internal security teams to provide a comprehensive set of analyzed reports and alerts to the organization for ongoing analysis and remediation.

While the market and landscape for SOCaaS continues to evolve, this emerging approach provides an alternative to doing it on your own. It is proving to deliver the protection organizations need more efficiently and affordably. This is precisely why cStor has partnered with several different industry leading companies to offer a comprehensive SOCaaS solution to help ensure our clients get the 24×7 managed SOC they need to protect their business-critical data and infrastructure.

Larry Gentry
About Larry Gentry
Larry Gentry is responsible for ensuring cStor provides its customers with innovative data center and cloud solutions for the healthcare, manufacturing, government, education, retail, insurance, utility and other industries. His business acumen and management expertise stem from years of senior level leadership and high-tech management experience with companies such as Kroger, Kohl’s department stores and Shopko. Larry attended Lewis and Clark College along with Mt. Hood Community College prior to beginning his management career and holds multiple industry certifications. Larry has been a member of the board of directors for the Desert Southwest Chapter of the Alzheimer’s Association since 2009, where he currently serves as Vice-Chairman.

Comments are closed.