Are Virtual Security Operations Centers in Your Future?
The next wave of campus physical security may be VSOCs, which leverage the cloud to deliver efficiencies, cost savings and improved security.
I had a lot of smart, talented security professionals on my team and even with this talent, we realized it was crucial to get advice from subject matter experts that specialized in security master planning. Instead of going in-house as many organizations do, I hired a security consulting firm to help us rewrite our business case that would ultimately be used to fund the buildout of three global security operations centers (GSOCs). The consulting firm had institutional knowledge that helped with our decision making and validated, but also discounted, many of our strategies. It was a great sanity check to ensure we didn’t fall prey to our own “smartest guys/gals in the room” group-think.
We reduced our 15 life safety control centers to three GSOCs strategically located around the world in Redmond (Americas), Hyderabad, India (Asia), and Reading, England (Europe, Middle East and Africa). Our master plan for technology called for commercial-off-the-shelf (COTS) solutions to avoid the pitfalls of customized technology solutions. We worked really hard to use COTS for the entire security operations and associated organizational lines of business. The GSOCs we built and operated became the gold standard. We had over 2,000 visits to our center for benchmarking, and many security organizations modeled their GSOCs after Microsoft’s.
However, a common theme I heard during benchmarking visits were, “Yeah, you guys are Microsoft, and we’re just a small organization and don’t have the money or resources to do what you do.”
The Cloud Has Changed Everything
That statement was very true for many years until now. The cloud has changed everything. If you haven’t embraced the cloud already and still love hugging the computer racks in your security operations centers (SOCs), get ready for a rude awakening because the cloud is here to stay.
Many security professionals are apprehensive of using the cloud as it sounds mysterious and risky. They are leery of leveraging the cloud for campus security, but those same security professionals bank online, do their taxes online, use social media, online health services, download apps, etc., and they trust their personal information on those sites. Where do you think all of their personal data is stored? It’s in the cloud.
Not all cloud providers are created equal though. You should do your own research on the cloud. Find out what it means, and if you use a service that’s in the cloud, check out where it’s physically located and hosted.
Many security professionals have asked me, “what is the cloud really, and can you explain it in simple terms?” The cloud is “utility-computing” where your computer resources are managed as services. The cloud is always on. There are multiple redundancies and backups in different geographical locations. It’s dynamic and scalable with very strong security, privacy and compliance requirements.
Unless you’re a doomsday prepper or live in the sticks, most of us pay for our utility services. Think of the cloud as your utility company for computer services. You’re not going to dig a well for water or use a windmill turbine for electricity. When you get home and turn on the light switch, you expect the lights to turn on. When you turn on your tap for water, you expect water to flow, and if it doesn’t you’re making a call to the utility company.