Does your organization need a security operations center (soc) or a global operations center (gsoc)?

Whether your business is global or local, at some point real-time security information and operations will be vital to the continuity of your business. Some larger companies have created a Global Security Operations Center (GSOC) that may also include regional centers. Other firms create a Security Operations Center (SOC) that helps manage security and resources within a single state or region. For this article we will use the term SOC for simplicity, as not all companies are global in footprint.

This article will provide some insight into some of the considerations our clients have wrestled with, the GSOC/SOC benefits they seek, and some steps we use to design a SOC.

The Security Operations Center (SOC) – A Good Business Practice

THE BRIEF HISTORY

For over 75 years government agencies and other entities learned the value to the organization provided by a central nerve center. A center that monitors various technology systems, live situations, or events, protects and directs personnel resources, and provides a hub for the organization’s quick response to a wide range of events that require immediate attention. Military organizations the world over utilize the principles of Command and Control.

While we were all impressed with NASA’s “Mission Control Center” during a space mission launch, crisis situations like the “Bay of Pigs” operation requiring a Global Security Operations Center (GSOC), and post-9/11 US Transportation Security Administration (TSA) new operations centers to communicate, collaborate, and coordinate, may not be so well known.

There are many types of operations centers, and today they include:

• Global Security Operations Center (GSOC)
• Security Operations Center (SOC)
• Mission Operations Center (MOC)
• Threat Operations Center (TOC)
• Emergency Operations Center (EOC)
• Network Operations Center (NOC)

THE PURPOSE OF THE SECURITY OPERATIONS CENTER (SOC)

More than any time in our history, business entities face an infinite number of internal and external threats and risks. We have deployed various security technologies to help protect our staff, visitors, and assets:

• Video Monitoring/CCTV
• Access Control Systems
• Intrusion Detection
• Duress Alarms
• Communications Systems
• Possible IT Network Security Integration
• Support to onsite Emergency Response Team (ERT)

Post-9/11 the proliferation of security technology created an array of challenges, such as:

1. Large amounts of data being stored, with data and systems being un-utilized or under-utilized
2. Disparate security systems, platforms, and applications
3. Failure to effectively monitor thousands of alerts and respond to events proactively
4. Increased regulatory compliance issues and consequences for failures
5. A disconnect between the people and the technology
6. Gaps in the integration of disparate systems
7. Timely communications failures
8. Reacting to data and information that is stale
9. Failure to protectively respond to alerts, before they become a crisis
10. High costs associated with “crisis response”, verses a Proactive Program

The Security Operations Center (SOC) provides the place for organizations to monitor developing situations, analyze the risks in real-time, and proactively respond before something becomes a crisis. As crisis response is extremely costly, the investment in a SOC helps conserves corporate resources, while clustering them to realize a savings.

CONTEMPORARY BUSINESS REQUIREMENTS

The mission control center is no longer something just for NASA or rocket scientists. Today’s SOC serves a set of vital functions that are common to many other business operations. Just as various business units will monitor a variety of business requirements and respond to them, the SOC helps apply the same business process to all matters related to security.

Just as the Finance Department monitors federal, state, and local regulations, taking appropriate proactive actions to keep the organization in compliance, the SOC monitors information in real-time, analyzes this data, and coordinates a measured response to protect people and assets proactively. Today’s business environment requires a high degree of internal and external situational awareness.

Building A SOC – Modern Cost and Risk Factors to Consider:

• A highly mobile workforce that requires greater protection
• Active threats, risks, and corporate responsibilities extending far beyond the buildings, campus and local area – Business is now global
• The ever-emerging “All Hazards” landscape requiring agencies to address weather, wild fires, traffic/travel, seismic disturbances, man-made and natural events, active threats, local radical/reactionary group protests, home-grown and international terrorism
• A heightened need for corporate intelligence and situational awareness
• Increasing distrust, threats, and violence again government and quasi-government agencies
• Significant legal action, court awards, penalties, and public outrage post-incident when response is slow or lacking
• Large investments in current security technology with resulting data going to waste (storage)
• Inefficient in deploying manned security resources and failing to maximize return on investment

DUTY OF CARE

The US Department of Labor’s Occupational Safety and Health Administration (OSHA) have enforced standards, rules, and regulations in the workplace since the Occupational Safety and Health Act of 1970 (OSH Act). Over the past few years, with workplace violence on the rise, OSHA and numerous court decisions have shined a spotlight on the OSH Act’s “General Duty” Clause (Section 5(a)(1).

It is now recognized that “Employers have a responsibility to provide a safe workplace”. This requirement is applicable to physical work spaces, as well as employees working off-site and traveling on company business.

From OSHA Guidance to Industry:

“Under the General Duty Clause, Section 5(a)(1) of the Occupational Safety and Health Act of 1970, employers are required to provide their employees with a place of employment that is “free from recognized hazards that are causing or are likely to cause death or serious harm.”

The courts have interpreted OSHA’s general duty clause to mean that an employer has a legal obligation to provide a workplace free of conditions or activities that either the employer or industry recognizes as hazardous and that cause, or are likely to cause, death or serious physical harm to employees when there is a feasible method to abate the hazard.”

“An employer that has experienced acts of workplace violence, or becomes aware of threats, intimidation, or other indicators showing that the potential for violence in the workplace exists, would be on notice of the risk of workplace violence and should implement a workplace violence prevention program combined with engineering controls, administrative controls, and training.”

While a SOC will greatly assist the organization to address Duty of Care in a professional and responsive manner, this comprehensive business approach will clearly show proof of the organization’s commitment to protect people, assets, data, and places.

WHAT THE SOC PROVIDES TO THE ORGANIZATION

1. Unified Command – The basic principle of incident response is to provide a single command that directs the response to any incident or event. The SOC serves this purpose in real-time, with systems enhanced with artificial intelligence and analytics.
2. Monitoring of Real-time Security Video Feeds
3. Active Maintenance, Monitoring, and Response Perimeter
4. Gatekeeper for All Campus Access and Visitor Management
5. Real-time Monitoring and Analysis of Data – Speed & Actionability
   • Live Security Incident Reporting & Management
   • Live Area Incident
   • Weather / Wild Fire / Environmental / Seismic
   • Traffic
   • Staff Travel
   • IT Network Monitoring (optional)
6. Mass Notification – A Proactive Response Mechanism for Two-Way Communications Capabilities 24/7/365
7. Inclusion of New or Next Version Artificial Intelligence (AI), Plate and Facial Recognition, and Analytics Tools
8. The Concept of Continuous Prevention – In Real-time Operational Risk Management
9. Supportive of Basic Security Principles: Delay – Detect – Respond
10. Ability to Recover More Quickly from a Breach
11. Enhanced Protection of Staff Working Remotely or in Isolation
12. Far Less Costs Being Proactive vs. Reactive or Funding a Crisis Response Effort

Resources – The SOC is a place where all the resources of the organization are known and can be deployed quickly. From alerts of temperature issues in IT server rooms, to a broken pipe causing flooding within a building, the timely awareness and hailing of repair resources can salvage vital business assets. Whatever the problem or event, the SOC operator will have a ready list of response resources to call always to mitigate any active threat. While it is not advisable to flood SOC staff with numerous non-security responsibilities, business unit functions that are directly related to security and life safety, can be supported by the SOC.

Readiness – An organization that commits to a SOC is affirming its dedication to readiness. While other organizations may switch to “panic mode” and fumble to respond appropriately, the design, data feeds, SOC Operator training, and testing will ensure organizational readiness 24/7/365. The introduction of smart security tools such as recognition, AI, analytics, and other new or next version technologies allow the SOC to work smarter, with an additional level of readiness. Continuous Prevention is the organizational and SOC objective.

Proactiveness – The very nature of the SOC is to be the organization’s alert apparatus always and provide the proactive response mechanism that provides a steady and knowledgeable operation of trust. Apart from responding to any developing crisis, the SOC can provide helpful and sometimes lifesaving information to staff. This information and communications could be related to pending severe weather, the sudden shift of a wildfire, or a traffic incident with a mass warning to impacted staff, allowing for a detour or avoidance, for safe passage to work.

COST BENEFIT TO THE ORGANIZATION

A Security Operations Center will be a valuable tool to the organization through the provision of Continuous Prevention. In addition to the many functions the SOC actively delivers to keep people, data, and assets safe and secure, the SOC presents opportunities for cost savings.

• Remote Assessment
• False Alarm Reduction
• Duress Technology – Life Safety
• Working Alone /Remote Staff Monitoring
• Monitoring and Mass Notification Warnings – Severe Weather/Terror Strikes/Disasters

An example of cost savings would include a strategy to deploy Remote Assessment. As the SOC is built out, strategically placed cameras with audio capabilities can be integrated with remote controllable hardware, and possible mobile devices that allow a single security officer in the SOC to preform Remote Assessment of many doors and locations around the entire campus. The technology becomes a force multiplier, thereby reducing the costs associated with manned security, while providing an enhanced level of protection to the organization.

Monitoring and analysis of data is a real-time function of the SOC. Some of the data being scrutinized are intrusion detection/alarm system. A SOC operating 24/7/365 can assess these alarms and determine legitimate from false alarm, thereby reducing the costs associated with false alarm response.

In support of a workplace violence / active threat prevention program, inexpensive duress technology can be incorporated into the current prevention plan to raise the bar in providing proactive actionable intelligence prior to a full-blown event. This is a very important life safety benefit that can be delivered by the SOC systems and staff.

Whether staff are working remotely or in an isolated area of the main campus, the SOC can provide an immediate link to remote or isolated working staff through many voice and signal technologies. The SOC increases compliance with General Duty of Care provisions, while providing a potential lifeline and peace of mind to isolated or remote working staff.

SAMPLE IMPLEMENTATION PROCESS AND CONSIDERATIONS

Depending on the client and their needs and desires, PRS follows this flexible process. It is provided here to give you an idea of the planning process. If you have not yet selected a site for your GSOC/SOC, then one of your first missions will be to conduct an All Hazards Assessment of the possible sites, in order to narrow the choice. If your SOC operations are critical to your business and you require 99.999% reliability and up-time, then careful site selection will be even more critical. The Public Safety Access Point (PSAP) / 911 Center is generally a post-disaster facility with redundant utility runs from two or more compass directions.  If 99.000% (or 5 nines) is necessary, then you need to soberly consider your site, threats, risks, and vulnerabilities, as well as the ease of running redundant utilities and systems.

Sample Phased Implementation

Phase 1 – SOC Conceptional Design Process

The Security Operations Center project would take a conservative phased approach. Initially, a SOC Conceptional Design Process will seek to quantify technical needs with rough order of magnitude budget, functional requirements, as well as to document SOC operational expectations will. This initial phase will flow as follows:

1. Fact-Finding – In addition to engaging stakeholders, the nature of the SOC requires sober information and data analysis. By examining information through the lens of several internal and external sources, we can determine the features and design principles we need to accommodate. This phase of research and analysis is accomplished off-site.
2. Stakeholder Engagement – Our experience has shown that early engagement of the client’s stakeholder group is imperative to the success of the SOC. As State Fund will be making a significant investment in this center, we need to confirm what services and expectations the stakeholders will be anticipating, and how they can best be delivered by the SOC now and in the future. If this vital engagement does not happen, costly retrofits may be required going forward. This work is best accomplished on-site.
3. On-Site Study – Following an off-site research and analysis phase, PRS will launch into the stakeholder engagement and on-site study portion of the work to that conserves client resources. By examining the physical plant with any constraints, limitations, and requirements, PRS takes our collective data analysis and applies this knowledge to site reality.

Numerous important design considerations will be assessed and research, with deliverables to include a Security Operations Center Conceptual Design Document that answers:

1. What design elements are required externally to support an SOC – materials and infrastructure
2. What should be housed in the SOC and what features will support long-term monitoring needs
3. The essential services are expected by the organization and to be services by the SOC
4. Based on emerging trends – What technologies should be included in the SOC (phased in)
5. Details of SOC manpower requirements, proposed selection process, and training needs
6. A Rough Order of Magnitude (RoM) projection of costs and suggested phase in plan, so that the decision makers have an informed implementation path to match with budget processes and timelines
7. Next Steps Plan

Phase 2 – First Layer Build-out and Integration

During this phase, the initial build-out of the physical space for the SOC will take shape and integrate perimeter video and intrusion detection system. As the organization benefits from this initial layer of situational awareness and continual prevention, the systems will be incorporated and expanded to other locations and terminated into the SOC, as costly manual or manned processes are eliminated.

As project phases and budgets are approved, the holistic SOC will seek to incorporate:

• Multi-Campus Access and Visitor Management
• Multi-Campus Video with Artificial Intelligence (AI) and Analytics
• Enterprise-wide Security Incident Reporting & Management
• Live Area Incident Feed
• Weather / Wild Fire / Environmental / Seismic Feeds
• Traffic Conditions and Other Required Data Feeds
• Staff Travel Monitoring
• Mass Notification – Two-Way Communications Capabilities 24/7/365
• Continuous Prevention / Real-time Operational Risk Management
• Enhanced Protection Systems – Staff Working Remotely or in Isolation

This process sample should help you with your planning and building of a business case. If done properly, the GSOC/SOC can be the crown jewel of your security organization. Proving its value and active vigilance that will prove vital to your business. By directly connecting the business with security, you will be well on your way to building a a contemporary corporate security organization that will stand the test of time.

Trusted Global Private Security Services

Serving US: Seattle, Bellevue, San Francisco, San Jose, Sunnyvale, Cupertino, Fremont, Milpitas, San Mateo, Palo Alto, Sacramento, Los Angeles, Orange County, San Diego, Las Vegas, Reno, Portland, Vancouver WA, Honolulu, Denver, Salt Lake City, Dallas, Houston, San Antonio, Austin, Chicago, Columbus, Atlanta, Tampa, Orlando, Miami, Charlotte, Washington DC, New York City, Boston

Serving International: Vancouver Canada, Mexico, Guatemala, Panama, Brazil, Argentina, Chile, Peru, Ireland, United Kingdom, France,  Spain, Italy, Switzerland, Germany, Czech Republic, Netherlands, Poland, Hungary, Turkey, Ukraine, Russia, Saudi Arabia, United Arab Emirates, South Africa, Kenya, Nigeria, Algeria, Egypt, India, Bangladesh, China, Thailand, Cambodia, Vietnam, Philippines, Indonesia, Japan, South Korea