Weighing the Options: In-House Vs. Virtual GSOC
One of the biggest security program decisions that many companies make is whether it is necessary to establish a physical global security operations center (GSOC) to manage day-to-day operations.
For security teams, this is usually an easy “yes.” However, building a GSOC within the facility is not always the best option. It comes down to determining whether it makes sense for your organization to undertake establishing an in-house center or working with a third-party virtual GSOC provider.
Each Has Something to Offer
An internal GSOC is housed within an organization’s facility to monitor multiple locations across a geographic region or a larger campus, depending on the size and scope of the location.
An in-house GSOC:
- Can (but doesn’t necessarily) provide greater customization for security teams when it comes to protocols and best practices, data handling, and incident response procedures.
- Is often on-site, benefiting from the staff’s familiarity with facilities, layout, and key players.
- Has the ability to better control and mesh with the organization’s culture because GSOC staff will be interacting more regularly with other organization employees.
- Has the ability for security managers to be on-site with the GSOC team during critical events or incidents, which can streamline decision-making and communications.
A virtual GSOC (vGSOC) is usually an external service provided by a third-party team with its own off-site facility and staff that manage and respond to incoming alerts and incidents. A vGSOC:
- Might provide more specialized expertise in a specific vertical market that might not be achievable in an in-house GSOC.
- Features outsourced security operations, which can be more cost-effective for smaller organizations that might not have the budget for a full-scale GSOC with continuous operations. There is also less investment on the organization’s end when it comes to hiring and training personnel—the vendor takes on this obligation.
- Can scale as the organization grows based on customer needs.
- Frees up an organization’s in-house security leaders to focus on other core business activities that can help the business move forward.
- Can cover multiple geographic locations, which can be an advantage for organizations with multiple global locations.
Considerations to Make
While both types of GSOC have their advantages and disadvantages, choosing one over the other comes down to several factors, including time, cost, risk, and scalability.
Time. Ask any security consultant or operations leader, and they will tell you that a lengthy amount of time is required to set up a security program, establish a risk assessment and profile for the organization—which expand with each new location—and hire and train personnel. The same is true when it comes to setting up an in-house GSOC.
Cost. The initial set-up of an in-house GSOC requires a significant investment upfront in terms of technology, infrastructure, and personnel—plus, the costs of security managers’ time and attention. Ongoing costs, such as training, upgrades, new technology, and new locations, can also add to the bottom line as an organization’s needs change. And when you answer to a board, the consideration of cost might be the most important one.
Risk. Security leaders are tasked with assessing the internal and external risks to the organization, which can dictate whether an in-house GSOC makes the most sense. Using an external GSOC involves sharing sensitive information with a third party, which raises concerns about data security and confidentiality. It might also be risky for the organization to give up complete control over how incidents are managed and reported.
Scalability. As an organization grows, so does its footprint, which requires additional security investments and expansion to security programs. While an in-house GSOC may be more familiar with what new facilities will require specific to the organization, a vGSOC might be better able to absorb the burden of growth and cost as an organization grows.
Making the decision to build a GSOC or use an external provider depends on so many factors, including the organization’s size, budget, industry, regulatory requirements, and specific security needs. And, to provide the typical consultant’s answer, what’s best for your organization depends on the approach you want to take with your security program and what you want it to look like in the future.
Greg Newman is the vice president of operations for HiveWatch, a technology company focused on how companies can keep their people and assets safe. Newman oversees the company’s vGSOC, ensuring optimized incident response and communications for clients.