Should the Security Operations Centre or SOC be in-house, outsourced or hybrid?
One of the most pertinent questions for any CISO or IT head today is this – Should the Security Operations Centre (SOC) be run in-house, should it be outsourced or is a hybrid approach the way to go?
There is no one-size-fits-all answer in this case and it’s really a case of what works best for your organisation and the specific nature of your business.
At the bi-annual Dubai Wisdom of Crowds event, some of the Middle East’s top security and IT heads got together to shed more light on the subject. Here’s what they had to say:
- Haider Pasha, Senior Director & CSO, Palo Alto Networks, “The thing about the SOC is that it’s not just one service that it offers. It starts with incident monitoring, then there’s incident management and incident response. Ideally, if you have a small organisation, outsourcing makes a lot of sense. But even for larger organisations, that may have some SOC functions may want to think about outsourcing some of the more difficult jobs like incident response, threat hunting, that typically require a lot of data, a lot of people and sometimes a lot of complicated tools. I would say probably a hybrid is the right approach.”
- Pradeep Venkatasubramaniam, Head of IT, Ominto Inc, “I would think hybrid and the reason I say that is because I would like the command and control for the decision-making to always be retained in-house as the in-house team can make the best decisions that are in the best interest of your business while you benefit from the outsourced vendor who specializes in this and is in the position to handle the situation effectively. So, I think a hybrid model works the best in my personal perspective.”
- Moussa Arab, Senior Broadcast & IT Network Security, Government of Dubai, “I think it depends on the kind of business you are driving. In my case, in the government, we cannot outsource these kinds of services and systems because it’s critical for the government to control what’s happening and to control the information and where the information is shared. So, for my case, it’s fully in-house. We still outsource a few services for say vulnerability testing or tests around our environment. But globally it’s become very important for everyone to think about outsourcing because the SOC services are lacking resources and we don’t have specialists. It’s difficult to get security analysts dedicated to your environment.”
- Solayman Refae, Group CIO, Webcor, “My recommendation would be to keep it hybrid in the Middle East, especially in the UAE. But it also depends on the budget of the company and how much is the operations. I’ve had a completely in-house SOC but it depends on the team that you have in-house.”
- Barakat Alkindi, Director, Digital Transformation, Abu Dhabi Police, “Definitely in-house . Your people have to be involved as they know the environment the best and they can solve the problem very quickly.”
- Mohammed Shahid Ahmed, Director of Information Technology, Hapag Llyod AG, “I would go for the outsourcing option. The reason being that in today’s world it’s very difficult to get highly-qualified people to manage your IT security risk. It’s not that easy to basically troubleshoot IT incidents. You have to build expertise and get the right skilled people in the company. So, I feel outsourcing to big companies makes sense as they have world-class talent and they know what’s happening around the globe, what are the emerging threats so they can be very well planned for responding to any such incidents.”
- Mina Gerguis, Manager, IT, Automech Group, “It’s hybrid, partly through a cloud-solution and partly managed through our IT team.”
Subscribe to the Cyber Management Alliance YouTube channel for more insights and interviews from leading cybersecurity executives across the world: https://www.youtube.com/channel/UCm-r7aanAKPc8bu-FqaTVyw