What is a Security Center of Excellence SOC
 |
| how to build a cyber security center of excellence |
What is a Security Center of Excellence (COE)?
The basis for a Center of Excellence is usually a central Security Operations Center (SOC) or a Computer Emergency Response Team (CERT), which detects attacks and supports concrete IT security incidents. International companies usually require 24/7 operation. Due to the effort, this service is partly also purchased externally via corresponding service providers.
However, a Center of Excellence goes even further and as a coordinating function ensures that security services and solutions are consistently provided by standardized processes and dedicated, highly competent specialists for all corporate units worldwide.
These include, for example:
- Infrastructure and security operations services. such as identity and access management solutions, central authentication services, privileged account management (PAM), data leakage prevention, endpoint security, vulnerability management or SIEM;
- Strategic organizational services such as assurance (such as the certifications according to ISO 27001, TISAX, SOC1/2, PCI or HIPAA), third party management (such as cyber due diligence for new service providers, monitoring of existing service providers), security architecture support in strategic projects and architecture specifications / blueprints (such as secure network blueprints for production sites), but also topics such as cyber risk management, training and awareness;
- Additional security services such as the cybersecurity of digital products, service continuity / disaster recovery (including business impact analysis, recovery plans and procedures), secure information lifecycle management (such as data handling, anonymisation / pseudonymisation and encryption), forensics or code security.
In the decentralized units and locations, there are often only IT specialists who are responsible for cybersecurity as an additional task. The Coe enables the local managers to access the central pool of specialists, services and solutions to meet their local security requirements.
What problems does a Security Center of Excellence solve?
A Security Center of Excellence is the solution to problems at very different levels. On the one hand, it meets the challenge of personnel resource bottlenecks in the area of cybersecurity and offers the necessary know-how. Security specialists are in great demand on the market and therefore difficult to get for companies. Because the Center of Excellence pools the expertise of the specialists, decentralized units and locations do not have to train and hold dedicated specialists of their own.
Furthermore, security tools and services can be set up, operated and further developed more professionally and cost-effectively. Instead of running different tools, such as managing administrative users multiple times, a uniform service is offered. This complies with the Group security requirements and, in addition to the pure tool, also brings with it implementation and process best practices as well as economies of scale, which are used, for example, in license purchasing.
For whom is a Security Center of Excellence suitable?
Particularly internationally operating and larger companies should have such a center on the screen. They are often confronted with a conflict area consisting of many different national data security requirements and local industry-specific security standards. However, the basic security objectives - confidentiality, integrity and availability of data - are always identical. The same applies to many security measures, such as authorization management, the hardening of systems or the execution and testing of backups to restore systems.
The experts of a Security Center of Excellence can develop and harmonize comprehensive measures for these security goals. This also leads to greater cost efficiency. Based on these standardized security measures and services, the decentralized units and locations can focus on individual additional measures that are additionally necessary.
What needs to be considered in the setup and what pitfalls are there here?
Basically, the rules must be clear. This includes in companies, for example, the question of whether the Coe services are mandatory to use or are only an offer. The mandatory obligation to use may only apply from certain security levels.
Quality and service orientation are crucial for a Coe, because tools and operations can also be purchased from third-party service providers on the respective market. However, the specialists of their own Coe speak the "language of the group" and should know the company specifics, pitfalls, internal and external requirements as well as dependencies considerably better. The decentralized units must feel that they are being helped quickly and efficiently in the Coe. Only then is it also accepted that the price of these services may be higher than the cheapest offer in the own, local market.
It is therefore important that, in addition to the central unit, the essential decentralised divisions of a company are included in the establishment of a Security Center of Excellence. It must be clear to all parties involved which security aspects will be centralized and which points will usefully continue to be resolved decentrally - even if persuasion is sometimes necessary here. Those responsible in the decentralized units must be picked up and convinced that the Coe services offer better added value than local ones.
how to build a cyber security center of excellence?
In addition, a Security Center of Excellence must be set up precisely for the company and its requirements. The exact needs must be defined and mapped accordingly in the resources, competencies and tools. Focusing is essential here, because the biggest stumbling block is complexity.
Standardisation and simplification should always be a top priority for companies when setting up and operating a Security Center of Excellence. Complex corporate structures with a lack of standardization must not be transferred to the Center of Excellence. For this purpose, it is necessary to adapt the processes and tools in the decentralized units and not to map every process, every tool and every special feature in the Coe. Otherwise, the cost and number of security tools to support will explode.
It is equally important that the interplay between central and decentralised agencies is right. The recipe for success is communication - regular coordination between the two bodies is indispensable.
View Future
Technologies such as cloud and mobile, digital Iot products or Industry 4.0 and faster, agile development cycles also demand ever faster interaction in the security sector. With a view to the future, it is already important that the Security Center of Excellence continues to develop in the future in the direction of Security as a Service. The main focus here should be on how security still remains capable of action in agile cloud-based projects and is not perceived as a brake block or even an obstacle.
A new cloud service should therefore be able to rely on standardized security services that are available automatically and quickly configurable for example in case of source code or vulnerability scanning, authentication or micro-segmentation. This is the only way "product owners" can still be helped in cloud-based environments that think in agile projects and work in 14-day sprints. This aspect must already be considered in the construction.
full-width
- Shero King
Thanks Visit Channel Guide Officially Web Portal.
