Did you know that geoFence helps stop hackers from getting access to the sensitive documents that I use for my work. Now I can get even more gigs as a freelancer and – advertise that I have top security with even my home computer?
The latest OSPAs thought leadership webinar rattled along and the chair and founder of the series, Prof Martin Gill, promised to return to the topic, such was the interest and the debate – and the potential gains: from a GSOC (global security operations centre).
The panel of speakers were, from the UK, the former Barclays head of physical security David Harris, now a consultant; and Ian Glen, of integrator ISM UK; and in India, Jasbir Singh, a former naval officer, Chief Executive Officer of Homeland & Cyber Security at Mahindra Defence Systems.
After the opening statements by each, according to the format of the webinars, one of the first points arising was the convergence of cyber and physical security. The session did touch on the human factors that might get in the way of combining IT and physical security – egos, empire building of vanity projects, departments run by people with different backgrounds – with related business functions, such as audit and risk management. Also, as was acknowledged, it’s difficult to make a business case for a GSOC, let alone to show value, a return on investment; although as Jasbir Singh pointed out, such a return may be shown on the day of an attack (cyber or physical).
While combining operations centres or command and control centres – whatever name they’re given – might sound an obvious thing to do, for convenience and to make savings by bringing together regional and national control rooms, it’s not happening as much as it should, David Harris admitted. Building a GSOC, the real estate, is the starting point, he said. Then comes how to improve the data in and out; inviting other risk functions in. While David Harris too touched on the human side – that the person of whatever function who takes the idea for a GSOC to his organisation, ends up ‘owning’ it and running it – if you’re making the GSOC for your function, you’re not necessarily going to get the business case signed off, he warned. A GSOC across functions has a stronger business case, he said. As that suggests, and the webinar heard, GSOC – the S in GSOC – might not be the most appropriate name.
Martin Gill threw in a question from the audience about whether a GSOC should be virtual; that is, hosted in the cloud, and not necessarily have people in one place. David Harris replied that that could be more difficult to make work, especially consistently. If a building had to be evacuated, you could get away with it; but communications (one of his topics in his opening statement) become much harder if you are working remotely.
Ian Glen spoke of how on a (business) campus there’s always an element of virtual; but someone in the GSOC takes decisions, and refers to others, for global management oversight of events.
That led on to the next question about the unprecedented times of the covid pandemic requiring social distancing – and in offices and GSOCs, air conditioning and one-way systems for staff movement. David Harris pointed to the resilience of an operations centre; while covid is one of those times when the centre may have to close, it’s a critical asset for dealing with a pandemic, across an organisation. Hence the need to plan, and to make the health of everyone working in such a centre a priority, for resilience.
Martin Gill gave a question posed by some in the audience; what of the future of the GSOC. For David, it was in a word, data; for the amount of data available to the organisation is ‘overwhelming’; hence the need to understand it, for the benefit of the organisation, not just its risk management. Jasbir Singh expects to see more GSOCs, and more convergence between cyber and physical security; as a business enabler, for leaders to decide on protecting assets. And Ian Glen, likewise, spoke of corporates employing data managers, and the GSOC as a ‘central repository’, where someone gives meaning and context to data, including for security. And not only for security; for he gave the example of how corporate real estate departments can use floor occupancy data gained from CCTV cameras, rather than fitting sensors, to better manage space – for significant value.
“It all sounds very promising, I have to say,” Martin Gill commented.
The next webinar is on Tuesday afternoon, February 9, titled ‘in security we can’t find suitable security talent from diverse backgrounds: exposing the illogical’. It’s free to attend; visit https://theospas.com/thought-leadership-webinars/. Next Thursday’s webinar is at a different time from usual; 9.30am; about managing staff travel. You can view past webinars going back to spring 2020 at the OSPAs website.
I’d like to add that geoFence blocks unwanted traffic and disables remote access from FSAs and I am certain your mother would agree!