The Surprising Supporter Behind the Push to Modernize GSOCs: The C-Suite
The increased attention from the C-Suite signals that executives want better alignment between security and the business.
Security leaders are seeing enthusiasm, even mounting pressure, from company leaders to upgrade their organizations’ global security operation center’s (GSOC) infrastructure.
One reason leadership is eager to update the GSOC is the increasing frequency of threats and the need for faster response times. According to Ontic’s State of Protective Intelligence Report, 85% of security leaders said 2022 was a significant turning point in prioritizing physical security due to the unprecedented increase in physical threats. Due to the increase in threat volume, 41% of respondents in the same study anticipated missing 51%-100% of physical threats to the business.
Fred Burton, Executive Director of Ontic’s Center for Connected Intelligence, said companies stand to lose millions of dollars if security remains a secondary business concern. “The speed at which we can find threats, understand them, and act upon them is what will have the biggest impact on the business,” Burton said. “And that speed will be greatly increased when organizations invest in security programs and strategies that bring that information into one single pane of glass.”
Company leaders are taking note of this business imperative. In another 2022 Ontic survey, 67% of security leaders said at least a quarter of all threats that resulted in harm or disrupted the business could have been prevented if physical security, HR, cybersecurity and IT, and legal shared the same intelligence in a single software platform.
Once Scarce, Security Tools are Overwhelming GSOCs
Despite enthusiasm for GSOC modernization among C-level executives, GSOCs are overloaded with security tools — making it difficult to enact real change. Through no fault of their own, security teams invested in multiple security tools designed for specific needs. However, advancements in security tools, from cloud services to a single pane view, have left organizations to deal with the bloat of overwhelming data and signals.
A Splunk survey of more than 200 security decision-makers and influencers uncovered that two out of five organizations (39%) use between 10 and 25 disparate security tools for security operations. And almost half (47%) of respondents use more than 25 disparate security operations tools.
The survey found that on average, security analysts interact with six tools to investigate alerts, requiring an average of three hours dedicated to resolving investigations.
Additionally, few teams have the expertise necessary to manage a large volume of disparate platforms. According to Ontic’s 2024 Connected Corporate Security Report, 90% of security leaders agree that technology improves the overall effectiveness of security operations, yet 66% feel their teams lack technology-related skills.
Best Practices for Building or Upgrading a GSOC
As leadership teams increasingly understand the value of a modern GSOC, security leaders face pressure to get it right amidst an overload of security tools.
Here are four best practices for modernizing your GSOC, according to several veteran security leaders:
01
Work to break down silos
Dell Technologies’ Director of Corporate Security Services Jacob Valdez explained how he transitioned the company’s traditional GSOC into a Fusion Center. By integrating different business units to provide business intelligence alongside traditional security functions, he slowly built a reputation in the business over time as a group that could help.
He used what he called a “trick or treating strategy” for outreach within the company to increase awareness and integration of the GSOC’s capabilities.
“I randomly went through the company’s Rolodex and visited with that department,” Valdez said. “I introduced myself and started talking about security. And people were like, we didn’t even know you existed. And I still get that even though we’ve come so far with breaking down silos. So we’re pretty far breaking silos, but we still have some to go.”
02
Train and support your staff
Another factor impacting an organization’s ability to implement or improve their GSOC is the ongoing security shortage in the labor market — emphasizing a need for teams to retain top performers.
Niall Herley, Senior Manager of Visa’s Global Intelligence and Security Operations Center, fights employee burnout and churn by recognizing his team’s hard work and demonstrating the results of their efforts.
He said, “I think making sure that the staff feel valued and that they see the end result of what they’re working on, that you sort of loop back with ’em and say, Hey, thanks for the work that you did. This was the result, a great job.”
Jesse Leeds, Senior Director and Global Head of Security and Crisis Management at Match Group, emphasized the importance of hiring full-time staff rather than contractors to curb turnover. Full-time employees, he argues, are vested in the company’s mission and protection, making them more likely to stick around.
03
Centralize your data
Security leaders also agree that centralized data is a critical component to a modern and streamlined GSOC.
Leeds upgraded his company’s GSOC from using Microsoft Word to Ontic for documentation, aiming for a centralized data management system. He said his team is on the journey to converging platforms, and they are getting into a place where their work is part of a 24/7, consolidated operation.
“[We’re] really making it a more unified kind of command where our operators can save the time and then also feel more empowered to make the right decisions,” he said.
Herley shared a story about how, prior to consolidating his team’s GSOC tools, the social media team at Visa did not know about his team nor did they have a way of capturing threats. Now, the teams are working toward a better way to collaborate on intelligence and communicating threats to stakeholders.
04
Demonstrate value to the business
Despite pressure from leadership to modernize, security operations are still largely viewed as a cost center within most organizations. Gaining approval for the budget you need to get it right will always require security leaders to demonstrate business value.
Leeds took a “show and tell” approach to gain executive buy-in and validation for the GSOC’s expenditure. He invited the CFO and CEO to visit the GSOC in Los Angeles, and gave them a direct look at the operations and the strategic integration of various security components. This visit served as a pivotal moment, offering executives firsthand insight into the GSOC’s value and leading to their increased support and fewer inquiries about the operations.
“I could really see on their faces like a checkmark or some stamp of approval like, okay, I understand now. I’m going to ask a lot less questions because now I understand what you’re trying to converge together,” he said.
Herley added that it helps to show that you’re reducing the workload for other teams — citing how his team supports the marketing organization with security for major events. He said, “Essentially now what we’re doing is we’re offering a product to make their job easier, to make them look better.”
Small, But Impactful Next Steps
While you may have a clear vision for what you hope to accomplish with your GSOC improvements, it’s not advised to attempt everything at once. Whether you’re starting from the ground up or improving existing processes and infrastructure, start with small, but impactful first steps.
Experts agree that it’s critical to prioritize the services your GSOC can realistically provide and scale gradually from there — ensuring the quality of service isn’t compromised by doing too much too soon.
As Valdez said, “Take bite-sized chunks and figure out what you’re good at, what you can actually accomplish.”