The importance of centralized communication - SOC
03/08/2021

When an organization plans its strategy and internal communication processes, it is common for doubts to arise about which is the best way forward, especially if it is intended to create centralized communication mechanisms.

Communication is extremely important for cybersecurity companies and especially for SOC teams, which are the first line of computer defense in real-time, because structured information, besides reducing possible operational errors, simplifies relations between the different teams and departments that act towards the same end (example: SOC, Pentest and Cyber Intel teams/departments), as well as ensuring a better understanding of the environment, defense and protection of their customers' infrastructure.

Thus, the following question arises:
"should companies providing cybersecurity services centralize communication or keep it decentralized?"

To help answer the question, the following are some of its characteristics.

In general, Centralisation enables:

  • Increased communication between employees;
  • Facilitated interdepartmental communication, thus contributing to a common overall objective;
  • Management of documents, data, emails, and transmission of communications;
  • Sharing information in the means that they consider most appropriate and effective;
  • Better supervision of shared internal information.


Already in Decentralisation:

  • Decision-making and information divided between departments;
  • Superior responsibility in management, by the department;
  • Greater autonomy for employees, which in this way appeals to the contribution of each one, with ideas, products, or processes, but only in their activity;
  • Limited access to information (documents, data, etc.) in relation to other departments;
  • Less interdepartmental information sharing;
  • Risk of information mismatch;
  • Increased probability of duplicate information (data, emails, among others).


These are just some of the advantages and disadvantages when adopting centralized or decentralized communication.

Centralization reduces costs and time with possible errors due to lack of information, such as, for example, the repetition of work or the creation of security incidents (False Positives) generated by the activity of an employee of the Pentest department during his "normal activity", without there being any internal communication about what is going on because when testing the systems of a client, they end up generating various alarms for the technicians who are monitoring the network of that client.

Although decentralization is a practice widely used by several companies, in the area of cybersecurity the centralization of communication and information is a crucial factor for a better operation and global contribution of the various services provided.


By: Hugo Moreira, Incident Response Analyst at Hardsecure

Default
Default
How can we help?
Contact Us