Guest Post: The Challenges of the GSOC

global security operations center

HiveWatch’s Ryan Schonfeld discusses some of the biggest challenges global security operations centers face and tech-driven approaches to addressing them.

Ryan Schonfeld headshot
Ryan Schonfeld is the founder and CEO of HiveWatch, a security technology company reimagining how companies keep their people and assets safe.

I get asked a lot about the future of the industry as I talk at conferences and to peers and educate those outside of security. When it comes to global security operations centers (GSOCs), change is constantly happening, which makes it difficult to predict what it will be like three, five or 10 years down the road. Therise in intelligence-driven technology, a focus on streamlining response and the challenge of high-turnover positions, however, can give us an idea of what’s to come in this critical area of physical security.

Here are some of the biggest challenges GSOCs face today:

High Turnover

There are some shockingly high rates of turnover for guarding resources (80% to 100% annually), and a GSOC doesn’t fare much better, particularly when it’s staffed by third-party field officers. Part of the blame for this can be attributed to pay, burnout, lack of training, recruitment or minimal growth opportunities.

GSOC operators and field resources (guards) can also have large amounts of boring, sometimes redundant work, which can lead to burnout and attrition for better, more interesting opportunities or the slightest pay increase elsewhere. For a security leader, understanding this challenge is the key to addressing it. Communicating with operators about opportunities for growth– like the ability to move into more analytical or supervisory roles in the future – can go a long way. These roles often have little to no career path outlined, which can also result in lower satisfaction and higher turnover.

As security leaders look to address some of these concerns for long-term gain, there’s a new discussion to be had: Can technology bridge the gap between worker shortages and monotonous, lower-value tasks?

Overwhelming Noise

One of the main complaints heard in a GSOC is the overwhelming number of – mostly false – alarms that are coming in from a variety of sources at any given time. At times, there can be so much noise that operators miss an actual critical event, which can be dangerous and diminishes the value of the program and the organization’s significant investment.

One glaring cause for this is multiple security systems continually pushing streams of data for analysis – often across multiple platforms to manage. The majority of these systems don’t “talk” to each other, which results in a level of difficulty for operators in a centralized SOC in achieving a streamlined workflow.

The “noise” from these disparate systems can become problematic and limit appropriate response, as well as increase the amount of time it takes to respond to and resolve incoming alerts.

Here’s an example: A GSOC operator gets a “Door Forced” alert from an access control system. When an operator receives an alert of this happening, in many cases, that operator has to go in to look at the time stamp of the door forced within the access control solution, then access the video system and search for the door that a specific camera is fixed on (this assumes that the disparate systems are properly time synced). Then they have to pull up the video manually in many cases to see who forced open the door and gather all the details of the incident.

In many organizations, different facilities are on different video platforms, which adds to the complexity and time in finding the right video clip. While there are some systems that integrate these two functions together, in the case of a centralized SOC with numerous locations and various solutions installed, there is a broader need for alignment between systems.

The good news is we’re entering a period of time where technologies can address this noise and process through false alarms quickly, cutting down on the noise and increasing the ability for operators to respond effectively.

Lack of Visibility

Security leaders need to understand how their programs are performing to not only secure additional resources to make capital investments, but also justify ongoing operational expenditures that keep an organization safe; however, there are so many instances where security leaders don’t have the incoming data necessary or the technology that’s able to make sense of it all and paint a compelling picture for the C-suite. This piece of the puzzle can be a challenge.

Dashboards that highlight specific areas of GSOC functionality – such as time to resolve an incident, alarm notifications and more – can call attention to areas that may require more resources and improvements, leading to better response at a high level. 

Tech-Driven Approaches

At the core, combining incoming video data, access control alerts and system health monitoring can change the way organizations approach risk. Add in additional oversight functionality, such as traveler awareness, weather data, cyber monitoring, social media monitoring, building Internet of Things sensors and global intelligence, and security leaders have a way to truly address the overall safety of an organization from a centralized location. Technology that’s better able to meld the various pieces of the puzzle together will ultimately be successful at meeting the needs of the organization.

Security leaders must look at their roles in two ways: tactical in addressing incoming incidents effectively and strategic in positioning themselves as a tool for better business operations. As more organizations become metrics-driven – even in the realm of security – reducing the noise of an SOC and streamlining workflows will go a long way in making the case for proving the efficacy of the chief security officer’s department.

The views and opinions expressed in guest posts and/or profiles are those of the authors or sources and do not necessarily reflect the official policy or position of the Security Industry Association.