What Would the Perfect Global Security Operations Center (GSOC) Look Like?
By Robert Dodge
In my career in the private security field over the last 20 years, I have been on an unfulfilled quest to find the perfect Global Security Operations Center (GSOC). Working in the risk consultancy area over this period at each of the three largest global security firms, I have had the benefit to see, work with or consult with many of the Fortune 500 GSOCs as well as our own varied outsourced GSOC capabilities within the security firms.
Certainly, we have seen great advancements and investments over the last 20 years. And there’s a recognition of the importance and capability of GSOCs to support an organizations global security command and control needs, as well as to support the mitigation of business, operational and security risks for the organization.
All of that is fantastic and shows we are heading in the right direction, however we are still not there. More work is needed to really maximize the potential power of the GSOC to support the enterprise. This article will highlight the need, challenges, and some best practices to get us to a better future state.
Here are the main themes that are empowering the need for GSOCs in the 21st century:
- - Globalization: Corporations are engaged globally, so our supply chains, business partners, customers and threat actors are now global. This drives a clear need to monitor global activity and put a 24/7 protective risk umbrella over all company operations and assets. Hence the need for a GSOC — “G” stands for Global.
- - Virtualization and the change of pace of technology: Everything is becoming available online via constantly advancing technologies. This can now allow GSOCs to have incredible situational awareness about potential threat activity around the globe, be it for a facility, asset or supply chain, by monitoring and via geo-fencing. Incredible advances in artificial intelligence (AI) and the internet of things (IOT) are acting as a force multiplier and increasing the reach and focus of those harnessing them. This explosion of technologies is leading to rapid advancements in early detection. It is also assisting in correlation of potential risks by the GSOC, which can then ideally enable the right response to reduce risks. This is the nirvana of risk management.
- - Mobile and remote employees: During the COVID-19 pandemic, organizations have increased remote work. Additionally, business travel across the globe continues, creating emerging challenges and risks for corporate security departments. None of this is easy to manage. However, GSOCs are ideal for monitoring this fast-paced global landscape, helping ensure competent travel risk management as well as the adherence to remote or home worker safety and security protocols. This is done by leveraging traveler tracking tools, mobile phone apps, intelligence and situational awareness tools, and mass notification systems, all of which can be integrated in the GSOC in the form of a common operating picture dashboard. GSOCs can also assist and add value by supporting legal themes, such as duty of care and standard of care for corporate travelers.
GSOCs do face challenges. Here are some of the top ones that are hindering current GSOCs across the country from achieving the perfect GSOC status:
- - More escalating and emerging threats: Risk management will always be a cat and mouse game, and threats can quickly overwhelm or evade existing GSOC capabilities. Unfortunately, current commercial physical security countermeasures — which include people, processes and technology — are often misaligned for threat mitigation. When security measures become known, they trigger the evolution of threats as well. This challenges us in new ways and requires us to never be static — we must evolve constantly as well to be able to respond faster and more effectively. I know this is easier said than done, and a lot of work remains ahead of us in the commercial sector.
- - Data overload: The volume of data we are exposed to is increasing exponentially. The “noise” is becoming overwhelming, especially for those sitting in the GSOC. I have noticed that GSOCs often start strong, then get bogged down by tasks that have nothing to do with true risk mitigation but that are assigned by the business. We need to eliminate the “noise” in the GSOC and have the staff focus on key risk mitigation activities that support business continuity and that allow us to be proactive rather than reactive.
- - Misaligned technologies: Security and risk mitigation technologies that are poorly deployed, or are underutilized, are another consistent sin — video surveillance overload for the GSOC operator, video surveillance where the field of view does not match the target, high false alarm rates for operators to deal with… The list goes on!
- - Human factor: Having a qualified and professionally trained team at the GSOC is essential, yet this is the biggest gap I routinely see across the board. A GSOC has global responsibility and yet there are often people working in them that have no awareness or expertise in international and global affairs. Additionally, very few GSOCs conduct scenario-based or crisis management exercises and training. Investing in the development of talented individuals to staff your GSOC is critical and can reduce many of the challenges listed above.
So, what would a perfect GSOC look like? Here are the key attributes:
- - Proactive rather than reactive: Ideally, GSOC staff are being proactive and spending their downtime on fine-tuning and enhancing the risk posture of the organization. This could include a better understanding of global threat existence, capability, and potential intent. It should also include ongoing refinement of skillsets and toolsets that provide early indications of threat actions as well as training and exercises on critical event management. Another important aspect to focus on is the understanding by GSOC staff of key corporate supply chain nodes that support business resiliency. Bottom line, it is necessary to practice better preparedness, and focus less on risk possibility and more on actual risk probability.
- - Fully converged GSOC: This means having a GSOC with cyber and physical security processes that are integrated. It is way past time to implement this — the bad guys are coming at us with converged threat capabilities, so it is only logical to defend our organizations with converged defenses. This approach will provide us with better alignment of enterprise security strategy between cyber and physical aspects, as well as enhancing the communication between physical and cyber security teams. Fully converged risk management is true 21st century risk management — we need to eliminate the silos for the collective good of the enterprise.
- - Intelligence-led risk management: Many organizations are trying to develop better intelligence capabilities, whether it be for security or general business intelligence streams. It just makes sense — it is cost-effective and supports the heart of business continuity and resiliency for the enterprise. However, the intelligence portion of the GSOC model is often neglected or underdeveloped. Being intelligence-led will help you become more than a day-to-day security operation and will help you with having proactive and data-based decision making. For example, situational awareness tools aggregate open-source data of global risk information. These tools are incredibly powerful because they absorb vast amounts of data and can filter it in any way you wish. For example, you may want to know about bomb threats within a one-mile radius of your facility in New York City, on the third Friday of the year. These systems will comb through enormous amounts of data to find only what is pertinent to you and your organization, getting you what you need to know when you need to know it.
- - More focus on unstructured data: This is the gold nugget of intelligence. Unstructured data is not always organized in a pre-defined way. One example is social media, which can inform of pending protests, political uprisings, natural disasters, and much more, but not always in a very organized manner. The dark web, where illicit data and content often reside, can be another important resource for security professionals seeking to understand emerging threats. The key to making sense of unstructured data is, of course, having highly qualified intelligence analysts. Having just access to data without having someone who can quickly and accurately provide actionable interpretations of it is far from ideal.
- - Human intelligence: Leveraging human intelligence networks is yet another best practice for GSOCs. For example, having embassy contacts across the globe, or law enforcement and military contacts, or leveraging your own security staff based in foreign countries, can help tremendously with understanding developing situations more quickly. Using a geospatial visualization tool to store this information so you know who to call rapidly in a crisis, is another best practice.
- - Efficient critical event management: Simply stated, a GSOC’s effectiveness and efficiency is measured by how well an organization’s GSOC can identify risks, correlate them to company assets, communicate them in a timely manner, and perform incident management over the lifecycle of the event. Perfect GSOCs manage both critical incidents as well as everyday transactions. They have mastered their domain, have active leadership, know what the risks are, and their preparedness is regularly tested and honed.
Risks will continue to become increasingly complex, and organizations will continue to grapple with the risk-vs-reward trade-offs. One thing is for sure — the GSOC is at the core of 21st century risk management. Organizations should continue to invest in them, whether internally or by outsourcing the function to trusted providers. And if you implement some of the recommendations in this article, please let me know — I look forward to coming closer to finding my perfect GSOC.
* * *
Robert Dodge is the Chief Executive Officer, Global Risk Services at Prosegur USA.
Robert is a recognized global security expert with over 25 years of experience in security, investigations and consulting. He has worked on security and investigative projects in more than 90 countries around the world.
Robert currently serves as CEO of Prosegur Global Risk, a key business unit of the world’s third largest security company, where he leads the team that advises some of the largest organizations around the world on risk mitigation and security strategies. Prior to joining Prosegur, he was Global President of the Corporate Risk Services Division at G4S. He also spent 14 years with Pinkerton, one of the world’s largest risk management firms as the International Senior Vice President, responsible for managing all of Pinkerton’s international offices and operations. Early in his career Robert served honorably in the U.S. Navy.
Robert regularly speaks and writes on the matters of security and risk both domestically and internationally.