Security is a high priority for most organizations. A string of high priority breaches has highlighted the threat that all organizations face in the modern digital world. As a result, a growing number of companies are considering how best to protect themselves and reduce the impact of such breaches. It is generally considered best practice to assume that some or the other breach is imminent. It is no more about ‘if’ it happens; but all about ‘when’ – and its wake.

While a good assessment can go a long way towards preventing an incident, advanced technology and tools are constantly improving. Use of advanced malware shows that not all incidents can be predicted ahead of time. Therefore, companies are turning towards proactive capabilities that can be provided by Security Operation Centers (SOCs).

An SOC is the collective term for the people, process and technologies responsible for monitoring, analysing and maintaining an organization’s information security. One key attribute of an SOC is that it operates continuously, providing 24/7 monitoring, detection and response capabilities.

The SOC serves as an intelligence hub for the company, gathering data in real time from across the organization’s networks, servers, endpoints and other digital assets and uses intelligent automation to identify, prioritize and respond to potential threats.

According to industry experts, enterprises are twice as more likely to be hacked if they perceive mobile security as a roadblock to achieving their revenue, growth, or profit goals. A significant number of enterprises prefer to sacrifice security, resulting in their organization being compromised. Almost 43% of the global companies sacrifice security, perceiving it to impede productivity, sales and profits, and 39% of companies suffer a security compromise as a result.

Building an SOC

Building or creating an SOC is a strategic corporate decision that has to be taken at the senior most executive and board level. It is a decision that will have a long term, all pervasive, impact. It also requires constant attention and commitment. Setting up an operations center supported by multiple security monitoring technologies and real-time threat updates may not be all that DIY. In fact, while building such a center, most companies face constant doubts on their own sufficiency towards their full-time and skilled team members to implement and manage these different tools on an ongoing basis. That is why it is essential to look for ways to simplify and unify security monitoring to optimize the SOC processes and team. To isolate unknow threats it is best to create sandbox environments. A sandbox is a safe environment that replicates an end user operating environment where one can run code, observe it and rate it based on activities rather than attributes. One can run executable files, allow restricted network traffic and can contain possible hidden malware.

Prior to building an SOC, organizations need to take some time to plan. All too often this planning focuses only on the people, process, and technology components of the project and ignores outlining the fundamental drivers of why the SOC is needed and what business problems the SOC will solve. Some of the possible starting questions could well be:

Based on the above findings, the organization can then plan to build their SOC.

An SOC can possibly have a wide range of responsibilities to deliver. It is important to establish the basic responsibilities of the SOC upfront. Some of them could be:

Running an SOC

A Security Operations Center is a strategic asset of the organization. It needs to be deployed universally, but with caution. All employees, processes and technologies should be covered in its domain. Some of the salient features of such a center are:

Zero Trust

Zero Trust has become one of cybersecurity’s latest buzzwords. It is a strategic initiative that helps prevent successful data breaches. Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, increasing threat prevention, and simplifying granular user-access control. Zero Trust was created by John Kindervag during his tenure as a vice president and principal analyst for Forrester Research, based on the realization that traditional security models operate on the outdated assumption that everything inside an organization’s network should be trusted. Under this broken trust model, it is assumed that a user’s identity is not compromised and that all users act responsibly and can be trusted. The Zero Trust model recognizes that trust is a vulnerability and can never be taken for granted.

Zero Trust is quite simple to deploy, implement and maintain using a simple five-step methodology. This guided process helps identify where one is and where to go next:

Making user experiences seamless and secure across an “Everywhere Enterprise” starts with a zero-trust policy. The reality is that organizations’ data is accessible from everywhere. Companies urgently need to bolster their security posture without impacting end user productivity.

We are living and working in a very highly distributed cloud world, which means traditional perimeter-based security, password security, and multi-factor authentication is no longer suitable for the new world and new normal.

Conclusion

A foundational element of the Everywhere Enterprise is the recognition that corporate data flows freely across devices and servers in the cloud, empowering workers to be productive anywhere. As we move towards a more complex world with more complicated network and devices, keeping a strict tab on innovative methodologies for breach control is paramount. In case organizations need to remain competitive and secure, they need to constantly re-evaluate and improve their cybersecurity strategies. From SMEs to large enterprises, corporates are realizing that legacy perimeter-based security is ineffective. Making user experiences seamless and secure across environment starts with a zero-trust approach that relies on a “never trust, always verify” model. Organizations can best overcome the four challenges of ensuring enterprise data is secure on the device, providing remote help for end-users, ensuring secure connectivity to the cloud or on-premise resources, and onboarding users with a mobile-centric, zero-trust security platform that puts the user experience front and center.

ABOUT THE AUTHOR

Niranjan Vinchure

Niranjan brings in a rare business acumen and a record of achievements developed in nearly 30 years of professional career in various multinationals. He is a dynamic, results-oriented leader with a strong track record of performance in turnaround and high-paced organizations. He utilizes his keen skills of analysis, insights and team-based approach to drive organizational improvements and implementation of best practices.

He has successfully demonstrated his capabilities in several organizations, such as IBM, where he led and managed a US$ 1Bn contract for a major telecom service provider; and Avaya (Nortel), where he spearheaded Avaya (Nortel) Managed Services (Network Management Center) operations for a 200+ global customer and service delivery for many Fortune 500 customers. He spearheaded the first transformation program in Africa for the flagship Bharti/ Airtel account to generate US$ 7.3 Mn revenue, where he has transitioned and transformed all legacy applications and integrated them with latest technologies including SAP, MFGPRO, SFDC and CRM for the acquired company expertise in stakeholder management across all geographies. He has pioneered and lead the new site setup for IT, Finance, Contact Center and HR operations at multiple offshore locations.

He believes that customers and people are two important pillars. Recognized as a ‘Thought Leader’ in BPM, Niranjan is passionate about creating a ‘Global India’. His vision is to enable organizations and people ‘realize business value’.