Why most companies use a partner for their security operations?

Jeroen Niesen
Jan 7 · 4 min read

Security is quite a complex and important topic. The complexity is in the technology and organisation of security. Security is complex as it requires your organisation to have a skilled set of people, decent processes and good technology in place. The importance of cyber security has its origin in the increasing amount of cyber security attacks that are executed and the increasing amount of vulnerabilities that are found.

The following graph shows the amount of CVEs per day that have been reported to the NVD (https://nvd.nist.gov/). The graph is generated by using the following Jupyter runbook: https://github.com/jgamblin/CVEStats

CVE’s per day that have been reported to the NVD (National Vulnerability Database of the U.S.)

As the above graph showed, the number of reported CVEs per day has been increased drastically since the year 2016. The is one of the reasons why security is so important at this moment. Every company needs to have a running security operation; by themselves or by a partner.

Is it hard to run security operations in-house?

As stated earlier, security is complex as it requires your organisation to have a skilled team, decent processes and good technology. Let’s discuss the people component of security operations in this blogpost.

A good skilled set of people drives a Security Operations Center (SOC). Having a non-skilled team, means you cannot respond (well) on security incidents. This could result for example in attackers that are still persistent in your organisations IT environment, which is a big risk. The following skills are required in a Security Operations Center:

Attackers are active 24–7. Unless an organisation shuts down the whole IT environment by night and in weekends, the organisation needs to have a 24–7 availability of at least the Security Analyst (Junior) and Security Analyst (Senior) roles. The other roles (except from the Security Developer role) need to be stand by so they can become active when a cyber attack is happening.

If you do a quick calculation, a minimum of around 10–12 people is required to run a security operations center 24–7. If you calculate in the fact that people also go on vacation, even more people are required. For small and medium sized businesses it is most likely that they don’t have the budgets to hire such a team. Aside from the number of people that is required, skilled people aren’t cheap.

How about organisations that have the budget to hire a security team? Well, finding people with the right security minded skills is hard. This even becomes harder if your organisation is not an organisation that has security as its core business or has something really valuable that needs to be protected (e.g. a bank).

Conclusion

Setting up a security operations center is requires a skilled team. As security consists of various roles that need to be available 24–7, a minimum of around 10–12 people in the security operations team is required.

For most small to medium sized companies, it becomes quite expensive to run their own security operations center. These companies most like use a partner to help them with security operations.

For enterprise businesses, the story depends. If an enterprise has security as one of its key values, they most likely run the security operations by themselves. Most of these enterprises that run their own security operations are companies that have something valuable that needs to be protected and already have a decent IT environment. (e.g. a bank).

If security is not a key value of an enterprise, they most likely will let a partner run their security operations so they can focus on their key values.

Wortell

Microsoft Cloud & Enterprise Security