Trust and Resilience at the Speed of Business – How Travis Perkins built a lean SOC with Splunk in the Cloud
This week we attended the Gartner Security & Risk Management Summit in London. IT-Security Managers from across Europe came together to network, exchange information about the latest cyber security strategies and understand Gartner’s perspective on the market.
As every industry continues to focus on digital transformation and move services online, security has become an even greater organizational priority. Organizations that customers trust and are confident in using will be clear winners in the long term. For many organizations IT related risk has become a major part of their corporate risk assessment that the board of directors has to review regularly .
As a result, many organizations have identified the need to build up Security Operations Centers (SOC) or Computer Emergency Response Team’s (CERTs) to act as the nerve center for any digital incidents. The focus for such teams is not just on protecting internal company IT systems but to also protect digital services and products involved in the core business. One key to the success of a SOC or CERT is establishing a big data and analytics platform where the team can get insight into what’s going on, correlating and processing threat intelligence in real time. It’s also used as a “Time Machine“ to go back into historical data and assess whether any threat information they have received could have affected the organisation previously. This helps teams to understand the where and how of security incidents and further improve their resilience against cyber attacks.
At the Gartner Security & Risk Management Summit, Nick Bleech, the CISO at Travis Perkins Group and the former CISO at Rolls-Royce, shared insights into how it has moved from an on-premise legacy SOC to a lean cloud based SOC, detailing how they work to protect the organisation through the adoption of Splunk’s data driven approach. Travis Perkins operates in a complex IT environment with a mixture of on-premise systems steadily being replaced by cloud services. The organisation needs to have secure and flexible technology that can adapt to support the business, with Splunk helping to identify incidents, lead data investigations as well as supporting compliance. During its deployment Travis Perkins has learnt many lessons, including how they define the roles and processes within their IT Operations Services Team.