What would be the benefits and drawbacks of giving up my 24x7 Security Operations Center in favor of signing on with a SOCaaS vendor?

2.7k viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
Chief Information Security Officer in Healthcare and Biotech2 years ago

Benefits:
1. No need manage the cyber Security talent and retention.
2. Cost is less for small set up.
3. Basic standards can be achieve quickly.

Disadvantage: 
1. Business fraud risk can't be managed by SOCaaS.
2. Customisation will be challenges always.
3. For BFSI regulatory issues can come up.   
 

CIO in Government2 years ago

As a local government, we have access to MS-ISAC’s SOC for free. Funded by DHS. Naturally, they have thousands of members, and overload is a concern, but it has worked for us so far. We could never staff one ourselves. 

CISO2 years ago

I've run both type of environments.  Before SOCaaS you didn't have any choice but build out a global, follow-the-sun organization.  I wouldn't even consider that today.  Managing a global team of SOC staff is very difficult.  It can be very mundane work that requires a highly skilled person that results in significant turnover.  

When you use an outsourced provider don't just wash your hands thinking they "have it".  It takes a lot of oversight.  Make sure you have your own ability to monitor their activities and output.  I've had instances when they reported everything was OK and when we looked under the hood it was anything but OK.  Keep in mind they are motivated to use minimal resources to increase profitability.  You need to stay diligent on your oversight that the service doesn't slip over time.

I'll typically use them for level 1 and 2 problem/alert handling and level three would be insourced on my staff.   It often takes internal knowledge on how the systems work and the criticality of the system to properly diagnose and eradicate the threat as needed.

Hope this helps.

Best Regards,
James

Lightbulb on3 circle icon1 Reply
no title2 years ago

Thanks for posting this. We are considering a SOCaaS as it would be impossible for us to be able to afford and find staff to do it on our own. We are healthcare and there is one SOCaaS that receives high marks from other health orgs that use them. Hoping we can pull the trigger on hiring them as this is a real blindspot for us.

Lightbulb on2
CISO in Software2 years ago

Many companies have found the ROI higher and the costs lower when switching to SOCaaS as the full time employee staffing costs and retention can be very difficulty in some businesses.  The one disadvantage is that some SOCaaS do not easily have the full environment context, knowledge or experience to provide a holisitc monitoring view of the business. 

Lightbulb on1

Content you might like

It’s still too early in our cloud journey for our own brokerage30%

We lack the budget to set up our own brokerage48%

We lack the cloud expertise to manage our own brokerage13%

We have a cloud services brokerage in place7%

View Results

Communicating with the board12%

Influencing business decisions43%

Collaborating with cross-functional teams26%

Motivating and aligning my own organization4%

Educating end users11%

Other1%

View Results