IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Why Do You Need a Security Operations Center as a Service?

To deal with staffing issues along with ever-changing cybersecurity threats, public-sector agencies at all levels should consider using a security operations center-as-a-service solution to protect networks and control costs.

State and local government CISOs, CIOs and their teams work in agencies that have diverse cybersecurity risks created by multiple locations, purposes, capabilities, needs, personnel and technologies within their environments. In most cases a security operations center as a service (SOCaaS) can help.

A SOCaaS performs 24/7 comprehensive monitoring for advanced cyber threats across on-premise networks, cloud environments, SaaS applications and endpoints, event logs, and more. This approach helps to address the challenges of being understaffed, having personnel who have not gotten the training or experience needed to effectively manage risks, and more effectively blocking threats.


A SOCaaS must have experienced staff with the skills to identify all endpoints connecting to the government network ecosystems. This is more of an issue now than ever before because of remote and hybrid work, and employees using their personal devices in the office, at home and while traveling. Comprehensive awareness of all digital assets is necessary to have effective and holistic security implemented throughout all government agency systems. Furthermore, it is important to have staff with the skills to conduct threat hunting in logs, traffic analysis and more to flag threats and anomalies that are not automatically detected.

If an alert is generated, a good SOCaaS will have personnel to examine the indicators of compromise and will send security event notifications to affected organizations that are not determined to be false positives. Any associated reports and other products can be used by the government IT, cybersecurity and privacy staff to enable more informed decision-making to deal with the issues.

The type of SOCaaS used should be monitoring for the threat tactics and techniques targeting known vulnerabilities, using widely accepted cybersecurity frameworks, such as the NIST Cybersecurity Framework, in association with recommended security and privacy controls, such as those in NIST SP 800-53 Rev 5. It should also be staying up to date with the latest vulnerabilities and associated exploits by using a dependable vulnerabilities catalog, such as the NIST National Vulnerability Database and the CISA Known Exploited Vulnerabilities Catalog.

An experienced and trustworthy SOCaaS can provide many advantages. It can save budget when it comes to staffing needs and also allow organizations to use a single service as opposed to a number of different solutions, each of which only address certain aspects of a threat or vulnerability and take time to implement and maintain.

While a SOCaaS can save time and be cost-effective, investing in one also comes with challenges for government IT leaders. These include:

  • The diversity of the physical, digital and administrative responsibilities and associated capabilities of the government personnel they are supporting throughout their scopes of responsibility.
  • The significantly diverse IT capabilities that are available throughout the government agencies, ranging from deeply rural areas to suburbs and urban environments, which create vast differences in the types — and ages of —the systems that can be used within each of those environments.
  • The different types of funding provided for each geographic environment throughout government agencies, with some localities having little to no funding.

But add to these the challenges of fully staffing IT teams, as well as data and cybersecurity teams, needed to support the diverse government personnel and associated IT hardware, software and firmware, and there becomes an even greater need for a SOCaaS approach. A SOCaaS can allow CISOs and CIOs to have better awareness of the current risk levels across their scope of responsibilities without adding full-time staff.


A stellar SOCaaS will allow the IT, security and privacy personnel in all types of government agencies to communicate with off-site experts to learn more about specific threats and vulnerabilities, in addition to helping with security and privacy program management issues. It will also allow personnel to learn more about the types of threats and vulnerabilities that have been identified by the SOCaaS team so that they can then offload some of the SOCaaS activities to the associated government agency teams. This allows for lower SOCaaS costs and creates a better environment to improve staff retention, attract qualified security and privacy workers, and ultimately have continuously improved security and privacy programs.

With a qualified and effective SoCaaS, government IT, security and privacy departments will have more knowledge about their entire systems and associated components, will more effectively and efficiently be able to stay up to date with new threats and vulnerabilities, and will save time by not doing all these activities themselves. This time can then be used for other critical activities such as supporting clients, performing risk management activities, and overall being more effective in their roles.

Rebecca Herold is a leading information security, privacy and compliance expert. She's a member of the Institute of Electrical and Electronics Engineers; CEO and founder of The Privacy Professor consultancy; and co-founder of Privacy and Security Brainiacs. With over 25 years of systems engineering, information security, privacy and compliance experience, Herold focuses on helping organizations identify data risks and requirements to ensure data accuracy, safeguards and privacy protections. She has also been supporting NIST information security and privacy research and standards creation since 2009. Herold has authored 19 books on a variety of topics pertaining to information security, privacy, compliance and other related topics.