Alternatives to the Security Operations Centre (SOC)
Setting up a SOC can be a demanding and daunting exercise.
Indeed it is arguable whether it is actually needed in very small companies, where they might be better solutions. Two common alternatives are the use of a virtual SOC or the use of a Managed Security Service Provider (MSSP).
With a virtual SOC, you have a part-time team where members of the SOC have other substantive roles in the organisation and only come together as a SOC for specific reasons. Those reasons might be in response to a security incident, to deal with a compromise, or to create or implement some aspect of security procedures. This can be a very cost-effective way of introducing a SOC into a small company, but it is done at the loss of the proactive activities of a more conventional SOC.
The other approach of using an MSSP, is simply to employ somebody to look after your security for you. This is becoming an increasingly common approach as it allows small organisations to have a level of sophisticated protection that they might not otherwise be able to resource. Indeed there are many large companies and organisations that will outsource aspects of their security to other organisations, with email security being a commonly outsourced service. There are risks to this approach, though, as you are leaving somebody else to be responsible for the security of your systems and if the MSSP ever gets compromised, the risks to your organisation are severe.
As a halfway house between a virtual SOC and an MSSP, some organisations are creating a joint SOC that is shared by multiple organisations. This is a potential security risk, as you are trusting employees who are not wholly employed by your organisation, but this can be mitigated by sharing the SOC with organisations which are strongly related (eg all organisations belong to a parent company) or are very different so there is no issue of competition.
© Coventry University. CC BY-NC 4.0