Jon Harris, Senior Product Manager at HiveWatch discusses why the most important information must be at an operator’s fingertips to aid first responders.

As the global threat landscape evolves and security resources remain limited, security leaders have had to re-think historical approaches to security risk assessments to meet the demands of unpredictable threat environments and ever-changing business needs. Central to this is the global security operations center (GSOC).

When we talk about GSOCs, critical communications become part of the broader discussion around efficient response, effective communication and the value these centers hold to the broader organization.

Security operators within GSOCs become the orchestrators of incident response and the critical communications needed to address incidents adequately. These teams need effective tools and capabilities for two-way communication up the chain of command to security leadership and into the field operations and guarding resources allocated to the organization. If the tools in use and the data being communicated are not accurate or quickly shared, then the information being disseminated can quickly become convoluted.

To achieve better communications, several pieces need to be in place that better serve operators and the broader organization.

Better use of device data

Forward-looking security leaders are now leveraging data to conduct quantitative, data-driven risk assessments, reducing the need for global travel among their teams and resulting in real-time risk data that has a meaningful impact on security operations, business investment and resource allocation.

As security functions take this leap and teams begin to leverage multiple streams of security data to measure risk, one pain point is proving more challenging to overcome than the rest: device data.

Device data tells security practitioners what kind of technical security controls are in place and how well those controls mitigate against any variety of security threats. While a standard site assessment might determine whether or not a site is equipped with a type of security system, it is only with device data that we can determine how well those systems are functioning. Without actionable device data, it is nearly impossible to accurately measure risks posed to company assets.

Security practitioners have to overcome a couple of barriers before they can realize the full potential of incoming device data. This includes configuring devices to collect as much relevant information as possible and being able to structure this data in a way that’s usable. More and more, organizations want this to be done through technology that collects data, analyzes it and conveys information to security teams using all of the data that already exists in the infrastructure.

Streamlined information for operators

The security operator is on the front line of using incoming data from devices within a GSOC. In many enterprise security programs, it is not uncommon to have multiple security systems and device types monitoring assets in the same organization. Security teams often inherit disparate security systems across their portfolio, which results in noticeably different reporting capabilities and data types available from those devices. This variance in device type and subsequent data output makes it challenging to collect, standardize and analyze device data in meaningful ways.

This can be especially detrimental to the security operators tasked with responding to incidents and communicating critical information to guards, first responders and key stakeholders.

Combining the data from a company’s disparate security platforms and sensors to give operators a single view to evaluate and operationalize alerts should be the goal for any GSOC and a central part of an organization’s security program.

In the past, this was done using a physical security information management (PSIM) platform that leveraged on-premise solutions, but the technology has long been plagued by integration brittleness, cumbersome onboarding and dated interfaces – not to mention that cost for many of these solutions are prohibitive for organizations looking to do more with less.

As technology advances and cloud-native SaaS-based solutions become available, a lot of the questions around scalability, time-to-deploy and security orchestration are being answered with innovative, AI-driven technology that better addresses the kind of information that’s available in a single view to security operators. Doing so results in a more comprehensive picture of what’s unfolding during a security incident, allowing for better response.  

Another critical program input for a GSOC are standard operating procedures (SOPs). These are the guiding documents for the security operator that are developed to ensure a consistent and repeatable approach. These are often paper documents kept in binders or if they are in a digital form, they are held within a shared drive. This requires the operator to seek answers or guidance outside of their systems, and break away from their task.

Advanced software platforms for the GSOC are making it possible to build in these SOPs that aim to streamline response and ease the burden on operators in the event of an incident. For example, if a tailgating alarm is triggered, the operator is presented with the next steps for response based on the SOPs developed by the organization’s security leadership without having to physically search for the procedures in a handbook or in a shared drive. What this does is cut down on the amount of time from a triggered alarm to resolution, saving valuable resources in the process – and in the event of an emergency, can mean all the difference.

Engaging with guards and first responders

When it comes to critical communications, nothing is more important than two-way communication with field operations and guards, as well as first responders, in the event of an emergency. If information is lacking because it’s unclear or hard to find, response can become delayed, and the broader organization can be impacted.

The problem that often needs to be solved is how to communicate effectively during a crisis, in a short period of time. As mentioned above, technology is making it possible to do that more quickly, more effectively and in a more continuous manner than ever before.

In the guarding world, applications now exist that replace the need for old-school radios. Instead, field operators can receive full context of an emerging situation or event they are responding to and can collaborate easily with security operators.

Security operators in the GSOC using a centralized platform may also be able to leverage in-platform emergency communications that allows for calling local emergency responders based on location.

For example, a GSOC located in Los Angeles may be monitoring sites throughout North America. Using security fusion technology that leverages in-platform emergency communications means that security operators can call directly from the GSOC to the local calling area to streamline response. On the other end, the 911 operator has all the information needed to respond properly to the call. This can make all the difference when time is of the essence in situations that require immediate response.

Building the GSOC of the future

At the core of critical communications is the need for the right data, at the right time and in the right place that enables security operators to facilitate response. Prioritizing technology that ensures the most important information is at an operator’s fingertips is essential for modern security programs and leaders.

Jon Harris PSP, CPP, MBA, has been in the security industry for nearly 20 years, most recently as Senior Product Manager at HiveWatch. He began his career as a Security Officer at a university campus, later leading the Global Security and Trade Compliance organization. Transitioning into the service provider side of the business in 2018, Jon worked as A&E Consultant Program Manager for LenelS2 before becoming the Director of Enterprise Solutions for Guidepost Solutions. He moved to Group337 as Vice President of Strategy Consulting before joining HiveWatch. He has a Bachelor’s in Criminal Justice from the University of St. Thomas, and a Master’s in Business Administration from Northeastern University in Boston.