The Security Operations Center (SOC) may be going the way of the dodo bird as security professionals outsource their protection to managed and cloud services. While many large organizations still have SOCs, smaller enterprises are finding that new technologies and better security architectures lessen the need to assemble large teams. This combination can make an IT team more proactive in protecting their infrastructure even without having a formal operations center.
Outsourcing the Security Operations Center
Many organizations are finding that they don’t really need a SOC, and instead have outsourced its function to cloud or hosting providers. Running these operations centers can be costly, both in terms of employing staff members with a high level of experience available 24/7 and with purchasing all the various tools that have to be maintained and monitored.
“Mostly, we still see them in very large organizations,” said John Joyner, director of product development at Arkansas-based managed services provider Clearpointe. “A large enterprise needs a big security analysis team that can actively engage in fighting incidents and security issues. But smaller organizations can avoid this if they have implemented a cloud-based architecture and liberally employ encryption and protection technologies.” Additionally, they should rely on their hosting partners as a first line of defense against attackers.
Changing the SOC Pyramid With the Times
Joyner feels the security pyramid made popular by the SANS Institute and others isn’t really relevant to as many companies anymore. “We shouldn’t have to worry about this if we have built our systems correctly. While it is true that a denial-of-service attack can bring down a public website, an organization doesn’t have to host that website internally. Instead, they should move it to a cloud provider and let them handle the necessary security,” he said. “It makes more sense to put [our customer-facing websites in the cloud] than to run them on our own networks.” They do this with many of their customers’ websites, and because they are a Microsoft partner, use Azure as their cloud provider.
Joyner feels that today’s enterprises should harden their security infrastructure, perhaps by using network access controls or application-based security, which would make them that much more difficult to penetrate. “Why should anyone waste resources when there are so many great alternatives available?” he asked. “Certainly, for backups and disaster recovery, the cloud offers some solid and very secure solutions. But you don’t need a SOC for these functions.”
He talks about using “thoughtful applications architecture” — now there is a term that I like — and making sure that you can compartmentalize your various apps so when you do get penetrated the threat can be better contained, or better yet, alter your infrastructure so it doesn’t matter if you are penetrated. “We can replace most of our sensitive data so its capture doesn’t reveal anything.”
Pingback: RSA blog: Considerations Towards Enabling A Virtual SOC Environment | Web Informant