We’ve been getting an increasing number of inquiries about handling global security operation centers (GSOCs) for corporate clients and have recently started up several new GSOC programs.
Clients have different needs, of course, and are not all asking for the same solutions. Some are opening GSOCs for the first time and want to start in the best possible way. Others have been running GSOCs for years but express a distinct lack of enthusiasm for the way their GSOCs perform. All are looking for something different than the corporate GSOCs we all knew 10-20 years ago.
Some of you might be wondering why an EP company would be talking about GSOCs and setting up new programs. The simple answer is this: Because we’ve had to. We’re already providing some of the key services that the next generation of GSOCs are integrating (EP, intel, residential, event), so some clients have asked us to deliver GSOC services as well. In fact, clients have asked us to figure out GSOCS based on those starting points. Just as many corporate clients now demand a different and more rigorous approach to EP than they used to, based on better understanding their customization and integration needs; they are similarly looking for an updated approach to GSOCs.
Through conversations with partners responsible for security at these and other Fortune 500 companies, we’re beginning to see the contours of some new patterns. In this blog, we’d like to take a look at three of these developing trends.
Trend 1: From divergence to convergence – with the GSOC as the new hub
The different jurisdictions of corporate security are converging, and the GSOC is one of the key places they meet to improve cross-organizational cooperation and shared situational awareness. Let’s look at some of the entities and programs that are coming together – also in contemporary GSOCs:
- Physical security: Physical security has traditionally been the end-all and be-all of corporate GSOCs. These first-generation GSOCs are the places where staff monitor video feeds, sensors, and alarms – and oversee access control systems of perimeters, restricted buildings and other spaces. Physical security has typically been what GSOCs were all about, but as corporate security programs become more mature and complex, some companies have begun to add some of the other pieces we consider below.
- Executive protection: Executive protection teams rely on GSOCs for remote support when operating around the corner or on the other side of the planet. Here, the primary role of the GSOC is emergency response, providing first-line reaction to calls for help from the field and setting in motion what needs to happen. But such GSOCs also provide travel intelligence in the form of pre-trip reports, daily updates, situational updates, and critical incident reporting as needed. Our own AS Solution Operations Center (ASOC), which has supported thousands of EP and secure travel projects around the globe, is a good example of this. Our ASOC also helps with “concierge reach-back”, so agents on the road can get help solving all kinds of lifestyle enhancement and productivity challenges they might have a hard time handling on their own from afar.
- Intelligence analysis: Within the GSOC context, we’d like to draw a distinction between strategic and operational intelligence analysis. While strategic intelligence analysis focuses on long-term issues (and its practitioners might sit in or near the GSOC), those providing operational intelligence analysis really should be in the GSOC. These operational analysts are the people tasked with the gathering, processing and sharing of information that needs to get acted on now, not within the next six months. Their focus is purely operational: Based on solid understanding of corporate stakeholder needs, the entire security apparatus, and agreed procedures, they provide relevant information here and now to the people who need it immediately to do their jobs.
- CIRT/ERT: We’re seeing more and more critical incident response teams (CIRTs) and emergency response teams (ERTs) as part of many large programs, and they, of course, need to be integrated as an additional GSOC stakeholder that needs information as security situations evolve.
- Event risk mitigation: Similarly, event risk managers and their teams are other GSOC stakeholders that must be integrated. What makes this area different is the fact that in addition to multiple corporate or specialist partner stakeholders, GSOCs may need to think about a range of contracted companies, too.
Consequences for the next wave of corporate GSOCs:
Those responsible for setting up corporate GSOCs will want to consider a number of issues resulting from the convergence trend:
- Optimizing shared resources and ROI: Thinking through the needs of the many jurisdictions and making the effort to exploit economies of scale makes good fiscal sense. For example, there is no reason to have multiple subscriptions to intelligence tools that can be shared. This extends to how companies organize and manage all GSOC activities.
- Ensuring system and process integration: Stakeholder ecosystems are dynamic and require constant process and product evaluation. Some companies manage only physical security from their GSOCs; others oversee security officer operations from these, too; still others set up separate operations centers for security officers, EP, intelligence analysis, etc. No matter how these are set up organizationally and physically, whenever multiple stakeholders with multiple agendas need to work together, integrating systems and processes becomes critical. In our experience there are definite advantages to getting everyone and everything into one room: information flows faster, and better decisions get made faster in emergencies.
- Leadership: GSOCs need strong leaders with vision and experience to deliver on their potential for cross-organizational value-add. Where this role shows up on the corporate org chart – under global facilities, security or elsewhere – is not nearly as important as effective leadership with a clear mandate.
Trend 2: From unskilled labor to GSOCs with increasingly professionalized human resources
Gone are the days when security officers keeping an eye on an array of video monitors was enough. Software and automation technologies are getting good enough to replace humans for many routine, if-this-then-that reactions. What GSOC staff are doing now delivers a higher value-add.
We’re running into more and more companies who are looking for increasingly competent staff, the GSOC’s single most important success criteria. Here are some of the attributes in demand:
- Resourceful and result-oriented
- Critical thinkers who are proactive and responsible – and capable of far more than robotically connecting the dots between stimulus and response.
- Demonstrated dynamic process thinking and problem-solving skills
- The ability to consume and process large volumes of information quickly and effectively
- The emotional intelligence and maturity to deal with many different stakeholder types
- Excellent all-round communicators who work well both on their own and in teams
- The ability to write well and produce high-quality assessments and reports quickly and accurately
Consequences for the next wave of corporate GSOCs:
- As competencies increase, so do salaries. Corporations need to reconsider their GSOC’s value propositions and what they are willing to pay for them.
- The importance of the HR function to attract, develop, and retain staff with niche competencies is growing. Corporations need to consider whether they are willing to expand their competencies to deal effectively with such specific HR challenges, or to leave this to others. Which leads us to our final trend.
Trend 3: From in-house to outsourced GSOCs
We know: We’re setting ourselves up for accusations of tooting our own horn here. So since we’ve dealt extensively on the relative merits of make-buy alternatives for niche security services in other blogs (see, for example, 1, 2, or 3), we’ll keep it short in this one.
Like executive protection, event risk mitigation, cafeteria and cleaning services, and many other things corporations might need but not necessarily want to do, implementing and running GSOCs is a specialized service that does not figure on any Fortune 500’s list of core competencies.
We’re convinced that’s why companies are turning to us and others to handle these services. We’re also convinced that there is a lot we can do – both within our own company and in the industry – to further professionalize GSOC services so they are ready to deal with evolving corporate security needs.
We look forward to your comments on social media!