As cyber crime proliferates, it is becoming increasingly important for every organisation to have a security operations centre (SOC), but few can afford the investment. The growth of SOCs as a managed service addresses this need, serving as a form of cyber crime ‘insurance’.
This is according to Pedro Maia, MD of IntDev, which has expanded its managed security services portfolio to include a managed SOC service, to meet growing demand from customers. Maia says having a SOC has become a crucial ‘insurance’ or assurance in an environment in which cyber crime is a multibillion-dollar industry and even the smallest businesses are targeted.
“Nobody can afford to lose their data and systems due to a cyber attack, so they need a SOC to mitigate risk, monitor the environment and respond to breaches. Increasingly, organisations are also being asked by customers and investors whether they have a SOC. It has become a business imperative.”
However, few organisations other than large banks, telcos and multinationals have the resources to build and run a fully fledged SOC, he says. “It’s a huge, ongoing investment in areas like cloud infrastructure, solutions, staff and training. You need highly skilled analysts and engineers, all of whom are in short supply and are expensive resources. You’d also need to invest in ongoing training and certification to stay ahead of the changing environment. Only the biggest enterprises have the resources necessary to run an effective SOC, which is why shared infrastructure through an outsourcing model makes sense,” he says.
IntDev has invested heavily in building a cloud-based SOC environment manned by a team of eight highly qualified and certified analysts and engineers. The facility is ISO270001, ISO270017 and ISO270018 certified and currently working on its SOC 2 compliance. SOC 2 defines criteria for managing customer data based on five “trust service principles” – security, availability, processing integrity, confidentiality and privacy.
Assessing managed SOC services
Maia notes there is no one-size-fits-all when it comes to managed SOCs. “Each organisation has its own risk appetite, needs and budget. Your managed service provider should assess these and make recommendations on SLAs that are right for your business,” he says. For example, he explains that an SLA around response time might be minutes for a bank, but this comes at a premium. The response time might be as long as a day for a small business that concluded it would be able to continue trading with one day’s data backed up. This service, with a longer response time, would come at a reduced rate.
“The service provider should offer consulting first, to recommend the implications of a breach and the right service levels for the business’s needs and budget,” he says.
Any managed SOC should deliver 24/7/365 monitoring and support, and should be trustworthy, he notes. “Look for someone who can be trusted. Look at their reviews, expertise and credentials, since they will have access to your sensitive data. You can also call the OEM or vendor to check whether they back the managed service partner,” Maia advises.
Maia points out that cyber security – like insurance – can be a grudge purchase: “When you’re looking at your cyber security investments, you need to weigh them up against your potential losses. You might never be breached, but do you want to take that chance? And what would you lose if you were attacked? Whether you’re a one-man business or a major enterprise, the question is – is your data valuable? If it is, you need to invest in cyber security capabilities and you need a SOC.”
Share