Today, everyone can develop their own app, design the newest micro service architecture or even build their own internal IT system.
Somewhere, way down at the bottom of the list of these new trends, behind cloud, the digital revolution, IoT and BYOD, is “security”, which is consistently seen as one of the hardest, but most important aspects of technology and has a huge impact on any business.
Cyber attackers show increasing levels of energy and ambition. 2017 is a year marked by extraordinary attacks, including thousands of ransomware and cloud attacks daily, and large distributed denial of service (DDoS) attacks on servers.
The number of attacks on cloud-based accounts has increased in recent years. Of course, large-scale attacks aren’t new and for sure new cyberattacks, even more complicated, will come in the future. That’s why the future belongs to comprehensive cyber security strategies, which can no longer be seen as “nice to have” options and must be understood as business necessities in a world where hacking is the new normal.
>See also: Security operations: does automation have to mean automatic?
Efficient and successful IT services require a strong, proven approach to maintaining security and data privacy issues. Without the right security strategy, even the best in class technology and most advanced services can leave your business open to risk.
In so complicated an IT world every organisation is going to need a security operations centre (SOC). It is important to have significant visibility and manageability to ensure highly effective and proactive control over security-related threats and events. In considering building or outsourcing an SOC, the first and most important question is why do I need one?
The answer is that, in today’s changing world, a firewall or intrusion detection system (IDS) alone is no longer sufficient to protect your business. There is so much information that can be exposed, accessed and utilised in so many changing ways, and so many places to store that information that it becomes highly improbable that a single security engineer will be able to analyse, interpret and identify the need for protection and security.
Having a specialised security operations centre (SOC) that takes care of securing your IT systems and infrastructure ensures that trained professionals work constantly to keep your business data and processes safe.
You can have all the newest tools and security professionals with high knowledge and experience, but still won’t be able to answer a simple question: am I safe? A professional SOC will accompany your business on a continuous journey towards constantly improvements in quality of protection and improved accuracy in decision-making. An SOC will also help you with response capabilities against threats, remotely exploitable vulnerabilities and real-time incidents on your networks.
>See also: Evolving security operations strategy to fit the cloud
There are two paths you can take – build your own in-house SOC or outsource to a company that offers an SOC solution. Each of these options has its own benefits and lot of challenges.
On the one hand, employing an external security service provider can help you to adopt best security practices and build efficient service designs and a delivery model based on solid security practices and standards. A third-party provider can also support you in managing specific security initiatives, or in some cases, outsourcing their entire security services.
Such an approach could be especially beneficial for companies with limited internal IT resources that need to control operating costs, lack security expertise or simply need to implement a new security technology faster. On the other hand, an external security service provider will deal with a company’s most sensitive and valuable data. Privacy, security, ethical, and legal considerations should influence the decision about choosing a partner for your business.
In SOC, the possibility of cooperation with an external third-party provider is one of the most important criteria to consider. Selecting the right model for SOC is a tough decision, and CIOs must keep in mind their organisation’s specific requirements. Building an internal SOC offers a number of advantages such as:
• Investment in developing internal skills and technology.
• Greater control over security and compliance solutions.
• Complete responsibility for the IT security environment, which you will get to know and understand intimately.
However, building your own in-house SOC can prove cost-prohibitive, not only in terms of the resources it requires, but also in connection with the needs for skilled professionals and up to date complementary technology.
>See also: Cyber security employee shortage ‘barrier to effective threat detection’
In that case, nearshoring could be the best strategy for a successful security operations centre. Due to economies of scale, external SOC providers can optimise costs by sharing staff, processes, technology and facilities across multiple clients. Additionally, a nearshored SOC helps your organisation stay in-line with existing regulations and meet specific compliance requirements, if you have any.
If you consider working with a security service provider from Europe to protect your company (rather than a partner from, for example, India or China), Poland could be one of the best places to locate your SOC services.
It is in the same time zone, meaning no overtime or night shifts to synchronise meetings, and presents fewer cultural and business differences. Regardless of whether your organisation builds its own SOC or uses a nearshore provider, you should be aware of the continuous increase of threats and avoid any delay in making the decision.
Sourced by Malgorzata Zabieglinska-Lupa, ICT Product Manager, Comarch
