Next-generation security operations centres (SOCs), although a much more machine learning-driven way of ensuring your data is protected, raise some interesting questions.

Chief among these is who is responsible should there be a data breach, and whether to insource or outsource your IT requirements in the current environment, which is increasingly regulated.

On hand to debate these issues was a panel of local experts, who joined the latest TechCentral Micro Focus panel to discuss next-gen SOCs.

Ian Keller, customer security director at Ericsson, explains that next-gen SOCs are simply the evolution of units that deal with security issues on an organisational and technical level. As Keller says, “next gen” is more about harnessing artificial intelligence as there’s more machine learning involved. “You’re trying to reduce the reliance on the human factor as much as possible. It’s the automation of it,” he says.

Your SOC is next gen if it offers these features:

Threat visibility;
New and unknown attacks;
Active defence;
Hunt and respond;
Cybersecurity teams using AI and machine learning; and
Robotics

As soon as you start adding machine learning into the equation, you run into the skills issue, however. Machine learning is a relatively new discipline, and skills are in short supply and high demand. Additionally, machines coming into the organisation often mean that humans are replaced as a greater set of skills is required to integrate the more intelligent technology with the business.

“I think all companies, including us, are struggling with this. It’s a human machine symbiosis, to marry the two,” says RCL Foods group IT governance manager Prien Pillai.

RCL is 100% outsourced when it comes to technology. “We are reliant on best-of-breed key IT service providers to manage our security layers.”

However, what this means, Pillai says, is that you have a “third party managing your security, but you don’t have internal resources that understand it or the learnings to challenge them, as to whether we’re heading towards the right direction”. This requires that there is always a balance between internal and external, depending on who manages your security.

That also opens up the question as to who is responsible for data breaches, if and when they happen.

As Janine West, Investec’s data privacy officer, says, this depends on where the data breach occurs and whether it was a system issue that caused the data breach, or people. “People are our weakest link.”

West adds that often it’s not even a training issue, it’s just a force of habit. “In my mind, privacy needs to be covered across the organisation. And we all need to do what’s required to make sure that we look after our own domains, but we all work together.”

Adams & Adams’ data protection officer Russell Opland argues that the question of who is responsible for breaches becomes slightly different when IT security is outsourced.

Opland points out that the Information Regulator, appointed in terms of the Protection of Personal Information Act, is leaning towards holding the designated official charged with ensuring compliance responsible for breaches. This is in contrast with international application over the past 20 years. “I think the regulator’s going to want to be making some examples right out the gate.”

When it comes to state security, however, the situation demands that a tight hold is kept on IT and its security components. CIO at the Special Investigating Unit Tumelo Zwane says the agency is strict on what happens to its data from in terms of its internal users. It also filters almost anything and everything. “Any e-mail that comes through is filtered, and when we send information out, it’s password protected. We try and regulate the data coming in or out as much as possible.”

At the same time, the agency is moving from a mostly manual system to one in which several elements are automated so they can get into the comfortable position of “saying we’ve got all our guards all around”.

Themba Maminze, deputy director of operational security at the department of international relations & cooperation (Dirco), says costs are an issue when it comes to deciding whether to go with automated or manual systems. Currently, Dirco’s systems are 60% manual and 40% automated. Although Dirco doesn’t have an SOC, it is moving to a situation in which all its security systems are interconnected; a centre that will answer all its needs, Maminze adds. “Balancing your manpower with your technology in this age of unemployment is always a juggling act.”

Keller adds that one of the biggest arguments against an SOC is the cost of training and retaining staff, who get bored and take their skills elsewhere.

The Land Bank’s head of IT governance, risk and compliance, Wilma Nel, points out that another issue is that staff are becoming lax during the Covid era. A simple example she cites is securing a home network, which people may not know how to do, and they may not reach out to IT to ask for help.

The Gautrain’s information security officer, Henry Denner, references a recent study that found that most of the senses we use to communicate during a face-to-face meeting are absent during virtual meetings.

“Most of the time, we also don’t even have our cameras on, which means you have to just rely on your sense of hearing to pick up on people’s tones.” This, he says, means that people lose concentration, which leads to mistakes being made.

PSG senior security architect Thamsanqa Dlamini says that when security was being designed for PSG, they ensured that people could work from anywhere in the world. “We need to make sure that the PC itself is secure.”

Nedbank has found that, because of a lack of human interaction and lockdown, people who tend to trust easily are more gullible, and need more guidance, said its lead architect of information security and blockchain, Adele Jones.

The Public Investment Corp’s head of information security and risk management, Sithembile Songo, takes it a step further: “I believe, with all of us working from home now, we need to have visibility into everything that is happening. That’s the only way we can be able to track and see what is happening and whether we are secure or not. If we don’t have that visibility, we are wasting our time.”

This promoted content was paid for by the party concerned

Follow TechCentral on Google News Add TechCentral as your preferred source on Google

Liquid dodges debt crunch – at a hefty price

Microsoft slashes Xbox Game Pass prices in big strategy shift

Naspers stalwart Steve Pacak passes away

Why AI chatbots are a legal liability waiting to happen

South African tech juniors squeezed as AI reshapes hiring

More organic compounds detected on Mars

Adobe bets on AI agents to fend off cheaper rivals

Google poised to lose ad crown to Meta

Grand Theft Data – hackers hit Rockstar Games

UK PM Keir Starmer declares war on doomscrolling

Africa switches on as Europe dims the lights

The biggest untapped EV market on Earth is hiding in plain sight

The R16-billion tech giant hiding in plain sight

The last generation of coders

Sentech is in dire straits

TCS+ | ‘The ISP for ISPs’: Vox’s shift to wholesale aggregator

TCS | Werner Lindemann on how AI is rewriting the infosec rulebook

TCS | Donovan Marsh on AI and the future of filmmaking

TCS+ | Vodacom Business moves to crack the SME tech gap

TCS | MTN’s Divyesh Joshi on the strategy behind Pi

The conflict of interest at the heart of PayShap’s slow adoption

South Africa’s energy future hinges on getting wheeling right

Apple just dropped a bomb on the Windows world

VC’s centre of gravity is shifting – and South Africa is in the frame

Hold the doom: the case for a South African comeback

Next-generation security operations centres: Balancing tech with manpower

Understanding the Modernization Maturity Model

Achieving cost-efficient cloud content management

Why it’s time to focus on hybrid cloud management

Why the future of retail is digital – but still physical

Africa’s AI dream needs bricks and gigawatts

Fibre: the backbone of South Africa’s digital health ecosystem