Risks and benefits of Security Operations Center (SOC) in the Cloud

Gartner predicts: “By 2022, 50% of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence and threat hunting capabilities, up from less than 10% in 2015.”

This does not come without challenges such as scalability, human resources, acquisition overhead, integration of new technologies, availability, compliance, and cost optimization. Can the Cloud Computing be an answer to some of these challenges? I was honored to share personal experiences and thoughts on this topic at the annual CISO Europe Summit organized by MISTI in Montreux, Switzerland in September 2018.

Many organizations do not have one but several SOCs, perimeter SOC, end-point SOC, data center SOC. Coordinated risk management and incident response requires integration of data exchange among these SOCs. Large data volumes and near real-time incident response are ideal candidates for data streaming based architecture. Commercial security solutions are still struggling to provide sufficient scalability, interoperability and customizable data analytic platforms and flexible data visualization dashboards. Cloud based solutions for big data analytics have evolved into marketplaces of unified platforms combining highly scalable cloud infrastructure, optimized platforms and proprietary or open source software packages integrated into managed workspaces. Unified platforms are not only technical solutions but also offer unified management, security controls, accounting and contracting. Replacing on-premise hybrid platforms with such a unified solutions significantly reduces operational and management overhead. Monthly uptime Service Level Agreements for big data platforms (Microsoft Azure) are 99.95%. Spin up time for server clusters is less than 5 minutes which allows optimization of data processing resources that could be significant for big data analytics that benefits from large number of cores per CPU and requires large memory capacity for in-memory processing.

Cloud Security Alliance identified following Top Threats to Cloud Computing:

  • Data breaches
  • Insufficient identity, credential and access management
  • Insecure interfaces and APIs
  • System vulnerabilities
  • Account hijacking
  • Malicious insiders
  • Advanced Persistent Threats
  • Data loss
  • Insufficient due diligence
  • Abuse and nefarious use of Cloud Services
  • Denial of service
  • Shared technology vulnerabilities

Defense in Depth proposed by Databricks on Azure provide following controls within managed services to mitigate above risks:

  • Physical security
  • Access controls
  • Logging and monitoring
  • Host hardening
  • Patching
  • Vulnerability scanning
  • SDLC
  • Penetration testing
  • Risk modeling
  • SSO
  • RBAC
  • Audit logs
  • Data encryption
  • Data governance
  • Backups (data and systems)

Managed integration and optimization facilitates leveraging new technologies such as machine learning, advanced data analytics and visualization. Full time security staff can focus on security governance, risk intelligence, compliance, information assurance and incident response coordination.


Presentation slides could be downloaded here: VP CISO Europe 18 MISTI