The role of the GSOC: what are the limitations and the opportunities?
Chair: Martin Gill
Panellists:
David Harris – Managing Director at Leidon Consulting (UK)
Jasbir Singh Solanki – Chief Executive Officer of Homeland & Cyber Security at Mahindra Defence System Limited (India)
Ian Glen – ISM UK
Key points
Ian Glen notes that GSOCs facilitate the opportunity to integrate, consolidate and add value to all stakeholders when done well. The barriers to developing a good GSOC include: dealing with legacy systems; managing regulatory/compliance requirements; and working within the bandwith available. The other challenge is securing the investment, and not least when operations need to be adjusted to meet changing threats. GSOCs are evolving to cover more than just security and thereby offering greater value to the business. Adding value is a key requirement of business, and you will hear Ian discuss the process by which GSOCs can be justified in financial terms.
Jasbir Solanki notes GSOCs are generally associated with the bigger companies, but smaller ones may have operations centres (which don’t need to be called GSOCS) which can evolve. They tend to be converged operations, and increasingly so, because they provide for a much stronger protection of assets including brand protection. Echoing Ian’s point he discusses the importance, and barrier, of budget (which is always easier to justify when there is a recognised security threat). This underlines the importance of the business case, this is crucial not least when it is not easy to measure effectiveness. He sees GSOCs becoming more common as they become recognised for being business enablers.
David Harris argues that GSOCs should be more than just security, rather to provide for a coming together of a range of business operations. That way it can detect gaps between different operations and procedures and crucially take a holistic look at threats (including those coming from inside). The work of GSOCs needs to be aligned to the business strategy. You will hear David discuss the requirements of a good GSOC, they include that it has good data in and out; that roles and responsibilities are clearly defined; and that it places an emphasis on being good at communicating with its stakeholders. Although GSOCs can be quite dynamic centres, they can start humbly, organisations need to make the most of what they have and improve. Covid-19 has shown why they matter. They have a big future as the centres of information management; we are overwhelmed with data, they key is to maximise the use of all that is relevant and available. Doing this well is the key challenge and opportunity to put GSOCs at the centre of business operations.
This was another webinar characterised by a lot of audience engagement, which generated a wide-ranging discussion (including about virtual GSOCs). The potential GSOCs offer has yet to be widely realised, but as technology emerges and as data streams multiply and become important to consider so they GSOCs become more omnipresent, perhaps becoming operations centres rather than security specific. We will return to this.
Martin Gill
4th February 2021