What would be the benefits and drawbacks of giving up my 24x7 Security Operations Center in favor of signing on with a SOCaaS vendor?

Security & GRCProcess Management
2.7k viewscircle icon1 Upvotecircle icon5 Comments
Sort by:
Chief Information Security Officer in Healthcare and Biotech2 years ago

Benefits:
1. No need manage the cyber Security talent and retention.
2. Cost is less for small set up.
3. Basic standards can be achieve quickly.

Disadvantage: 
1. Business fraud risk can't be managed by SOCaaS.
2. Customisation will be challenges always.
3. For BFSI regulatory issues can come up.   
 

CIO in Government2 years ago

As a local government, we have access to MS-ISAC’s SOC for free. Funded by DHS. Naturally, they have thousands of members, and overload is a concern, but it has worked for us so far. We could never staff one ourselves. 

CISO2 years ago

I've run both type of environments.  Before SOCaaS you didn't have any choice but build out a global, follow-the-sun organization.  I wouldn't even consider that today.  Managing a global team of SOC staff is very difficult.  It can be very mundane work that requires a highly skilled person that results in significant turnover.  

When you use an outsourced provider don't just wash your hands thinking they "have it".  It takes a lot of oversight.  Make sure you have your own ability to monitor their activities and output.  I've had instances when they reported everything was OK and when we looked under the hood it was anything but OK.  Keep in mind they are motivated to use minimal resources to increase profitability.  You need to stay diligent on your oversight that the service doesn't slip over time.

I'll typically use them for level 1 and 2 problem/alert handling and level three would be insourced on my staff.   It often takes internal knowledge on how the systems work and the criticality of the system to properly diagnose and eradicate the threat as needed.

Hope this helps.

Best Regards,
James

Lightbulb on3 circle icon1 Reply
no title2 years ago

Thanks for posting this. We are considering a SOCaaS as it would be impossible for us to be able to afford and find staff to do it on our own. We are healthcare and there is one SOCaaS that receives high marks from other health orgs that use them. Hoping we can pull the trigger on hiring them as this is a real blindspot for us.

Lightbulb on2
CISO in Software2 years ago

Many companies have found the ROI higher and the costs lower when switching to SOCaaS as the full time employee staffing costs and retention can be very difficulty in some businesses.  The one disadvantage is that some SOCaaS do not easily have the full environment context, knowledge or experience to provide a holisitc monitoring view of the business. 

Lightbulb on1

Content you might like

How is AI implementation impacting your organization’s cyber insurance premium or coverage so far?

Read More Comments

Do you believe that (RPA, Automation, and intelligent Automation), coupled with clear guidelines, robust process mapping, and effective monitoring and control capabilities, can serve as a key enabler for successfully integrating AI and GenAI into an organization's operations and strategies?

Strongly Agree25%

Agree61%

Disagree15%

Strongly Disagree1%

View Results

How vulnerable is the real estate industry to cyberattacks?

As vulnerable as tech sector39%

Less vulnerable than tech sector51%

Not vulnerable5%

Don't know3%

View Results

What adjustments are you planning to make to your org’s cyber budget for 2026 (if any)?

Read More Comments

Seeking advice on integrating embedded AI agents into Workday/SAP/etc. How do you handle integration across HRIS, ATS, and LMS? Do you rely on vendor-native tools or build your own in-house registries?