Security Operations Center Design

Examining the key design elements in a successful SOC implementation

All of the items mentioned in the Design Considerations list above are factors in the size of the SOC. Strategic SOC design accounts for current SOC functions while anticipating space needs for future (or envisioned) consolidated or collaborative services that SOC personnel may perform. Many technology factors have greatly reduced the floor, working and console space needed for SOC functions including server virtualization, digital video, data and management aggregation services, and VOIP networked communication systems. Conversely, large display screens and walls that may not have existed previously are an increasingly popular way to enhance communications between operations center personnel.


Current and Future Technology

The increasing pace of technology development and the increasing value of new security technology mean that SOC design must consider both current and future technology. IT standards-based technologies provide future-proofing in three senses: First, the computing and communications infrastructure will continue to be compatible with future technology development; second, the communications infrastructure is independently scalable and upgradeable; and third, interoperability between components and systems continues to grow, which increases the value of the existing technology investment.



Common standards-based infrastructures among systems means that security systems design can focus more on security applications and less on technology details. This is coincidentally a focus also on the security ROI elements—where a security manager's attention should be focused. The nature of SOC upgrades has changed from complete “forklift” redesigns, to designs that can evolve as both technology and security applications needs evolve. The approach of previous decades, to redesign a SOCs every 5 to 10 years, is being replaced by ongoing SOC technology lifecycle planning . Security executives and managers can learn a lot from their IT departments about how this beneficially impacts budget planning and management approvals.   The lifespan of a current-technology SOC will be determined by an organization's strategic and tactical security planning (such as consolidation or regionalization) according to business needs, rather than by technology changes.


SOC Team

James Connor, CEO of security consulting firm N2N Secure and former senior manager of Global Security Systems for Symantec Corp., points out that human capital development for SOC functions is highly important, but is often overlooked. “The SOC team is a critical part of the security operations ecosystem,” Connor says. “The correct perspective starts with the team and goes from there. The technology simply provides the tools that the SOC needs to get the job done. That's why the design effort should include metrics to measure how the job is getting done, and to provide insight into the upgraded operations.

“When redesigning a SOC, the security manager must re-evaluate the SOC's mission statement,” Connor continues. “What is the mandate? What security policies and procedures are appropriate for the business today? That last thing that you want is to have an SOC upgrade amount to nothing more than ‘putting a new paint job' on an existing SOC.”



Some Sources for Data Center Standards

  • 7x24 Exchange ( ) - leading knowledge exchange for those who design, build, use and maintain mission-critical enterprise information infrastructures
  • AFCOM - Association For Computers Operations Management ( – provides education and resources for data center managers
  • ASIS International ( ) – source for security guidelines, educational materials and workshops
  • ASHRAE – American Society of Heating, Refrigerating and Air-Conditioning Engineers ( )

•  Book: Thermal Guidelines for Data Processing Environments – defines Class 1 and Class 2 Environments applicable to monitoring centers

•  EIA-310-D Cabinets, Racks, Panels, and Associated Equipment

  • OSHA – Occupational Safety and Health Administration ( )

•  Operator workstation considerations:

•  2008 National Electrical Code (NFPA 70)

•  Article 645 — Information Technology Equipment

•  NFPA 75 –Standard for the Protection of Electronic Computer/Data Processing Equipment, 2003 Edition

•  NFPA 76 –Standard for the Fire Protection of Telecommunications Facilities, 2005 edition (telecommunications is data, voice, and video)