We’ve already extolled the unique virtues of establishing an off-premises Security Operations Centre (SOC) for your operational technology (OT). And we’ve fervently argued that going off-prem should be your preferred solution because, not only is it a flexible and cost-effective option, it also means tapping your organisation into the level of highly specialised expertise that a 24/7 security lifeline for infrastructure demands.
However, what if taking your OT-SOC off-premises is not viable for your facility?
Why you may need to keep your OT-SOC on-prem
There are many reasons why organisations may prefer on-premises SOCs. Some could have already set up an on-prem SOC, which includes having made a sizeable investment in both the technology and the processes, or even just the technology alone. Others may want to keep their SOC on-site due to the sensitivity of their data or for mandated compliance reasons either from within the company or externally; for example, government regulation concerning data sovereignty.
Whatever the reason, there is one distinct aspect of an effective, off-premises OT-SOC that an on-premises OT-SOC can also take advantage of (with a little bit of assistance): the skilled people to run it properly.
As we discussed when looking at the pros of an off-premises OT-SOC, the concept of a ‘Security Operations Centre’ conjures thoughts of a physical workspace but, really, a SOC can be anywhere because it’s not a ‘centre’ in the literal sense of the word. The defining feature of successful OT-SOCs, whether on-site or not, is the human element – the people – and whether they have the necessary skills to detect and respond to security incidents in an OT, as opposed to IT, environment.
Even if those people come from outside your organisation to power the technology stack that lives inside your organisation, having the fully dedicated talent is more than likely the missing piece in your on-site OT-SOC puzzle. And this is not the fault of your organisation – it is simply because there are not that many people available with these highly specialised skills, which makes it difficult for any given organisation to secure the necessary industrial cyber security talent, especially on an around-the-clock basis, 365 days per year.
What the right people do for your on-site OT-SOC
So, you’ve got an on-prem OT-SOC ready and waiting, or you need to stay on-prem to fulfil your compliance obligations. How do you capitalise on what you’ve established, or need to establish, rather than throwing your investment to the wind and hoping for the best?
Finding a trusted partner that has built their business around excellence in OT cyber security, and who outsources these capabilities in the form of OT-SOC Managed Services, could be the best means to ensure your on-site OT-SOC performs optimally, consistently and continually.
Another way to think of it: your organisation supplies the equipment and premises, while your OT cyber security partner supplies the human intelligence specific to OT environments.
You’ve got the equipment, now get the people
We don’t have to tell you that protecting and securing your plant’s industrial assets is a priority that goes above all else, because the alternative equates to serious concerns and challenges. But even the most sophisticated technology stacks are worthless without the human intelligence, experience and processes to run them – and those humans can be few and far between.
If you’re going to stay on-site, don’t put it on the shoulders of your organisation to staff your OT-SOC. Make sure you find an OT security partner – one that can offer you the collective experiences of a team of professionals for a fraction of the in-house cost – with the focused capabilities to provide better security than if you were to handle it yourself.
Get the specialists to do it for you and do it properly.
Speak to SIS about all your on-premises OT-SOC requirements.