Originally published in Security Magazine, March 1, 2017.
By Dillon Twombly
Awareness is the watchword in global security operations centers (GSOCs). Core operations are dedicated to maintaining an accurate view of the company’s people, property, and interests. The one downside? It is difficult to devote the same attention to how your own GSOC is evolving.
The macro trends of the past five years are easy to identify. Funding has tightened, clarifying the need to measure ROI and clearly demonstrate enterprise value. For much the same reason, demand for integration is escalating as GSOCs strive to improve efficiency and add value to core business functions in fast-paced multinational corporations. And the acceptance of cloud-based technology has made it easier and less expensive to experiment with new platforms without adding IT infrastructure.
Changes are harder to generalize at the company level. This is where a third-party provider has an advantage. In Dataminr’s work with GSOCs, we talk to people at every level within the organization. Over the past six months, we’ve had informal conversations with approximately 30 GSOC clients, most of which are Fortune 200 multinationals in the financial services, technology, and industrial sectors.
Here are some quick insights extracted from these engagements, offered here to help GSOCs compare their own situation to that of their peers.
Starting to grow small
Companies often struggle to select the best approach to establishing, expanding, or reorganizing a GSOC. In our experience, mission outranks equipment. In short, security groups that develop clear processes and product/service offerings before staffing and outfitting a physical site tend to be more successful in terms of efficiency, utility, and in their ability to integrate with other corporate functions, such as corporate communications and cybersecurity.
Many used a “crawl-walk-run” strategy, focusing on fewer core functions and leveraging success in these areas both to determine top technology priorities and justify their costs. In some cases, the initial ramp-up took more than one year, underscoring the value of demonstrating the ROI by transitioning existing security processes into a GSOC.
Focusing on core duties
In the same way that GSOCs with fewer core duties experienced greater success, GSOCs that attempted to be “all things to all people” did not. Those that oversaw traveler security, intelligence functions and reporting, executive protection, and facility access control appeared to have more trouble establishing reliable processes and accommodating enterprise-wide changes.
To overcome this, several GSOCs initiated zero-based reviews to determine the organization’s top three process priorities, then build outward as time and budget allowed. These priorities vary, of course. But less than half of all the GSOCs Dataminr engaged with handled mass notification. And less than one-third said alarm monitoring was a core function. Not surprisingly, an increasing number outsourced this task to a monitoring service or a regional or on-site team.
Another point to recognize is that while the GSOC is global in scope, there is often very little standardization of processes, reporting, or responsibilities from location to location. This is not a new phenomenon; there is always back-and-forth about whether the GSOC or regional centers should establish local protocols. No matter where companies fall on this spectrum, more communication is better. Differences in process and technology are not ideal, but they can be overcome more easily when watch centers are open to global coordination and information sharing.
Integration of technology remains a long-term goal. Only 18% of the companies we spoke with had implemented any type of integrated solution. Most rely on multiple non-integrated platforms for situational awareness, workflow, and other tasks. Across the board, GSOC decision-makers are still pursuing integration, either with in-house or vendor-built platforms, to streamline workflow and enable secure remote access to systems. Again, the cloud is spurring opportunity here, because solutions do not carry the “rip and replace” risk they once did. A lack of dependence on hardware makes it easier to swap out technologies, which keeps vendors more accountable.
Using social media
The vast majority of GSOCs (more than 80%) now use a social media tool to enhance situational awareness. Many decision-makers noted they have become increasingly comfortable with these tools due to the benefits they deliver. Namely, they can provide a meaningful head start as incidents occur around the world, and they often deliver rich media content (images, video, audio) that adds greater context to events on the ground. During terror attacks in Nice and Brussels, for example, social media provided earlier notification of the inciting incident than traditional media sources as well as real-time updates as these chaotic events unfolded.
Empowering the team
Staffing cost and management are prevalent concerns. More than half of the companies we spoke with used contracted watch officers, but only 20% used contracted managers due to concerns about managing costs like overtime. Numerous senior security leaders observed that as teams get smaller, it becomes more important to empower watch officers at all levels to take on more responsibility and make decisions independently. Related to this, outsourcing was highest for high-volume services such as travel security support and alarm monitoring, except at corporate headquarters and other key locations.
Relocating to cut costs
One way tighter budgets are changing GSOCs is through relocation. Because so much of the GSOC’s work can be performed remotely, it only makes sense that companies are relocating facilities to less expensive areas of their home city—or to less expensive cities entirely. One notable exception is London, where many financial services firms retain a GSOC dedicated to EMEA.
Striving for efficiency
The evolution of the GSOC is not a straightforward story. Every company has its own unique priorities, risks, and asset portfolios, all of which affect the organization’s strategic course.
What seems clear, however, from the decision-makers Dataminr has talked to is that greater economic pressure is manifesting in a variety of ways. What remains to be seen is whether efforts to boost efficiency will produce better results. Cautious optimism seems warranted, given the potential impact new technologies can have on information gathering, analysis, reporting, and workflow.