What would be the benefits and drawbacks of giving up my 24x7 Security Operations Center in favor of signing on with a SOCaaS vendor?

2.4k views1 Upvote5 Comments

CISO in Software, 10,001+ employees
Many companies have found the ROI higher and the costs lower when switching to SOCaaS as the full time employee staffing costs and retention can be very difficulty in some businesses.  The one disadvantage is that some SOCaaS do not easily have the full environment context, knowledge or experience to provide a holisitc monitoring view of the business. 
CISO, Self-employed
I've run both type of environments.  Before SOCaaS you didn't have any choice but build out a global, follow-the-sun organization.  I wouldn't even consider that today.  Managing a global team of SOC staff is very difficult.  It can be very mundane work that requires a highly skilled person that results in significant turnover.  

When you use an outsourced provider don't just wash your hands thinking they "have it".  It takes a lot of oversight.  Make sure you have your own ability to monitor their activities and output.  I've had instances when they reported everything was OK and when we looked under the hood it was anything but OK.  Keep in mind they are motivated to use minimal resources to increase profitability.  You need to stay diligent on your oversight that the service doesn't slip over time.

I'll typically use them for level 1 and 2 problem/alert handling and level three would be insourced on my staff.   It often takes internal knowledge on how the systems work and the criticality of the system to properly diagnose and eradicate the threat as needed.

Hope this helps.

Best Regards,
3 1 Reply
Chief Information Security Officer in Healthcare and Biotech, 10,001+ employees

Thanks for posting this. We are considering a SOCaaS as it would be impossible for us to be able to afford and find staff to do it on our own. We are healthcare and there is one SOCaaS that receives high marks from other health orgs that use them. Hoping we can pull the trigger on hiring them as this is a real blindspot for us.

CIO in Government, 201 - 500 employees
As a local government, we have access to MS-ISAC’s SOC for free. Funded by DHS. Naturally, they have thousands of members, and overload is a concern, but it has worked for us so far. We could never staff one ourselves. 
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
1. No need manage the cyber Security talent and retention.
2. Cost is less for small set up.
3. Basic standards can be achieve quickly.

1. Business fraud risk can't be managed by SOCaaS.
2. Customisation will be challenges always.
3. For BFSI regulatory issues can come up.   

Content you might like

Cyber Security37%

Cloud Computing/Cloud Migration48%

Artificial Intelligence (AI) and Machine Learning (ML)67%

IoT (Internet of Things)31%

Digital Transformation:31%

WFH/Remote Work15%

Legacy Systems Modernization12%

Data Management11%



Built using our internal staff35%

Outsourced to a regional S.I. or professional services firm41%

Built using a hybrid team (own staff and outside expertise)24%



Senior Vice President - Advanced Engineering & Data Analytics in Manufacturing, 10,001+ employees
We can help here for prompt engineering from Zensar. This is Rajat. You can reach me at rajat.sharma@zensar.com
Read More Comments
1.6k views4 Comments

Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
Read More Comments
9.7k views26 Upvotes62 Comments