Next-generation security operations centres (SOCs), although a much more machine learning-driven way of ensuring your data is protected, raise some interesting questions.
Chief among these is who is responsible should there be a data breach, and whether to insource or outsource your IT requirements in the current environment, which is increasingly regulated.
On hand to debate these issues was a panel of local experts, who joined the latest TechCentral Micro Focus panel to discuss next-gen SOCs.
Ian Keller, customer security director at Ericsson, explains that next-gen SOCs are simply the evolution of units that deal with security issues on an organisational and technical level. As Keller says, “next gen” is more about harnessing artificial intelligence as there’s more machine learning involved. “You’re trying to reduce the reliance on the human factor as much as possible. It’s the automation of it,” he says.
Your SOC is next gen if it offers these features:
- Threat visibility;
- New and unknown attacks;
- Active defence;
- Hunt and respond;
- Cybersecurity teams using AI and machine learning; and
- Robotics
As soon as you start adding machine learning into the equation, you run into the skills issue, however. Machine learning is a relatively new discipline, and skills are in short supply and high demand. Additionally, machines coming into the organisation often mean that humans are replaced as a greater set of skills is required to integrate the more intelligent technology with the business.
“I think all companies, including us, are struggling with this. It’s a human machine symbiosis, to marry the two,” says RCL Foods group IT governance manager Prien Pillai.
RCL is 100% outsourced when it comes to technology. “We are reliant on best-of-breed key IT service providers to manage our security layers.”
However, what this means, Pillai says, is that you have a “third party managing your security, but you don’t have internal resources that understand it or the learnings to challenge them, as to whether we’re heading towards the right direction”. This requires that there is always a balance between internal and external, depending on who manages your security.
That also opens up the question as to who is responsible for data breaches, if and when they happen.
As Janine West, Investec’s data privacy officer, says, this depends on where the data breach occurs and whether it was a system issue that caused the data breach, or people. “People are our weakest link.”
West adds that often it’s not even a training issue, it’s just a force of habit. “In my mind, privacy needs to be covered across the organisation. And we all need to do what’s required to make sure that we look after our own domains, but we all work together.”
Adams & Adams’ data protection officer Russell Opland argues that the question of who is responsible for breaches becomes slightly different when IT security is outsourced.
Opland points out that the Information Regulator, appointed in terms of the Protection of Personal Information Act, is leaning towards holding the designated official charged with ensuring compliance responsible for breaches. This is in contrast with international application over the past 20 years. “I think the regulator’s going to want to be making some examples right out the gate.”
When it comes to state security, however, the situation demands that a tight hold is kept on IT and its security components. CIO at the Special Investigating Unit Tumelo Zwane says the agency is strict on what happens to its data from in terms of its internal users. It also filters almost anything and everything. “Any e-mail that comes through is filtered, and when we send information out, it’s password protected. We try and regulate the data coming in or out as much as possible.”
At the same time, the agency is moving from a mostly manual system to one in which several elements are automated so they can get into the comfortable position of “saying we’ve got all our guards all around”.
Themba Maminze, deputy director of operational security at the department of international relations & cooperation (Dirco), says costs are an issue when it comes to deciding whether to go with automated or manual systems. Currently, Dirco’s systems are 60% manual and 40% automated. Although Dirco doesn’t have an SOC, it is moving to a situation in which all its security systems are interconnected; a centre that will answer all its needs, Maminze adds. “Balancing your manpower with your technology in this age of unemployment is always a juggling act.”
Keller adds that one of the biggest arguments against an SOC is the cost of training and retaining staff, who get bored and take their skills elsewhere.
The Land Bank’s head of IT governance, risk and compliance, Wilma Nel, points out that another issue is that staff are becoming lax during the Covid era. A simple example she cites is securing a home network, which people may not know how to do, and they may not reach out to IT to ask for help.
The Gautrain’s information security officer, Henry Denner, references a recent study that found that most of the senses we use to communicate during a face-to-face meeting are absent during virtual meetings.
“Most of the time, we also don’t even have our cameras on, which means you have to just rely on your sense of hearing to pick up on people’s tones.” This, he says, means that people lose concentration, which leads to mistakes being made.
PSG senior security architect Thamsanqa Dlamini says that when security was being designed for PSG, they ensured that people could work from anywhere in the world. “We need to make sure that the PC itself is secure.”
Nedbank has found that, because of a lack of human interaction and lockdown, people who tend to trust easily are more gullible, and need more guidance, said its lead architect of information security and blockchain, Adele Jones.
The Public Investment Corp’s head of information security and risk management, Sithembile Songo, takes it a step further: “I believe, with all of us working from home now, we need to have visibility into everything that is happening. That’s the only way we can be able to track and see what is happening and whether we are secure or not. If we don’t have that visibility, we are wasting our time.”
- This promoted content was paid for by the party concerned
