What would be the benefits and drawbacks of giving up my 24x7 Security Operations Center in favor of signing on with a SOCaaS vendor?
Sort by:
As a local government, we have access to MS-ISAC’s SOC for free. Funded by DHS. Naturally, they have thousands of members, and overload is a concern, but it has worked for us so far. We could never staff one ourselves.
I've run both type of environments. Before SOCaaS you didn't have any choice but build out a global, follow-the-sun organization. I wouldn't even consider that today. Managing a global team of SOC staff is very difficult. It can be very mundane work that requires a highly skilled person that results in significant turnover.
When you use an outsourced provider don't just wash your hands thinking they "have it". It takes a lot of oversight. Make sure you have your own ability to monitor their activities and output. I've had instances when they reported everything was OK and when we looked under the hood it was anything but OK. Keep in mind they are motivated to use minimal resources to increase profitability. You need to stay diligent on your oversight that the service doesn't slip over time.
I'll typically use them for level 1 and 2 problem/alert handling and level three would be insourced on my staff. It often takes internal knowledge on how the systems work and the criticality of the system to properly diagnose and eradicate the threat as needed.
Hope this helps.
Best Regards,
James
Thanks for posting this. We are considering a SOCaaS as it would be impossible for us to be able to afford and find staff to do it on our own. We are healthcare and there is one SOCaaS that receives high marks from other health orgs that use them. Hoping we can pull the trigger on hiring them as this is a real blindspot for us.
Many companies have found the ROI higher and the costs lower when switching to SOCaaS as the full time employee staffing costs and retention can be very difficulty in some businesses. The one disadvantage is that some SOCaaS do not easily have the full environment context, knowledge or experience to provide a holisitc monitoring view of the business.
Benefits:
1. No need manage the cyber Security talent and retention.
2. Cost is less for small set up.
3. Basic standards can be achieve quickly.
Disadvantage:
1. Business fraud risk can't be managed by SOCaaS.
2. Customisation will be challenges always.
3. For BFSI regulatory issues can come up.