Issue link: https://securitytechnologyexecutive.epubxp.com/i/870734
42 SECURIT Y TECHNOLOGY E XECUTIVE • September/October 2017 • www. SecurityInfoWatch.com RISK MITIGATION profit and elevate its risk profile. How is weather data integrated into an appropriate operational response? What advisory is needed for our duty of care for our employees and our partners? How does our SOC talk to our FOC (Facility Operations Center) to ensure business continuity? How are we building a roadmap for a truly intelligent building that merges all these views together? Today the communications are mostly analog. The FOC notifies the SOC of an issue. It can auto- matically send that message through the system but for now, it is largely manual. But there will be a day when the Machine is aware and knows who to talk to at any given time and will give instructions. Some of the most imposing challenges security/ risk teams face when deploying a SOC include the perceived role of security by the culture and the community. We strive to make the security pres- ence like electricity. Everyone knows it is there. It is omnipresent. If you need help, they are there. People see it as part of the fabric. It has been said that culture eats strategy for breakfast, so we are ensuring we have a practice within our eSRG group to meet the challenge. The second challenge by far is the value of risk, resilience, and security. At the end of the day, there is a finite budget and more need than spend to allo- cate. Our most important role is helping the orga- nization spend wisely on the risks and operational workflows that matter. We are there to articulate the value to business executives and their staff. Functionality a Key to Aligning the Business Drivers Unlike many SOCs that monitor for threats, a data center operates with strict controls. Controlled entry into the building. No ability to tail gate and strict permissions at each interlocking juncture. About the Author: Andy Barclay, Program Manager for A ronson Securit y Group (ASG). Some of the most imposing challenges security/risk teams face when deploying a SOC include the perceived role of security by the culture and the community. And persistent monitoring of each individual throughout the building. But the Datacenter SOC still must be a functional office. Ultimately it will be measured on how the client can gain access when and if needed. You must be aware that access is constant; video is constant. In many cases, it must be processed on two separate client servers. Manned security is there to interact with the visitor and to be available in the event there is a disruption in access. Today technology is moving rapidly to virtual guarding solutions. With facial recognition, biometrics, voice, and machine learning , we will be seeing a migra- tion to real time business intelligence, access, and monitoring. However, with today 's technology and a business process to anchor it, you can provide proactive intel- ligence to help mitigate risk. One example is the use of visitor management systems. The systems now allow online pre-registration and business pro- cesses encourage it. This allows the identification to be compared against criminal and sex offender databases. With the future provision of video and facial recognition, this can and will be done real time. This pre registering also speed up the access process and further identifies legitimate visitors. To get to the point where you have a technology roadmap that supports your business processes, you must involve the stakeholders around their risks and operational constraints. This is called the business baseline. But where many service provid- ers fail is not having a bridge from the data to the strategy to the planning and then to the execution. A true consultant must be able to devise new approaches to existing processes and tools to col- lapse time-to-value windows and anticipate future risks. To do this requires a leading-edge approach that doesn't risk the business or the budget on bleeding edge technology. We have learned many lessons over the last 15 of our 50-plus years in business around SOCs. The most important lesson is to sell the client on the value of a methodology for the long term success of their program. They need to create a scorecard around that methodology and spend time really understanding the subject matter expertise and how it is deployed within the methodology. As Deming said, " You cannot manage what you cannot measure." Measure vendors for their abil- ity to construct a 360-degree strategic view of the program that they will apply to a fiscally sound and justified budgetary spend. To do this, they will need to find a Security Risk Management Services (SRMS) partner, not a consultant or integrator.