Enough federal government agencies are outsourcing security operations center (SOC) capabilities to off-site facilities that within the next few years dedicated, on-premise teams providing continuous support will be relegated to the back seat, a government security official said.A combination of budget constraints and understaffed SOCs is pressuring agencies to “consider the reality” of centralizing security operations across the federal government, wrote Dan Jacobs, the General Services Administration’s (GSA) cybersecurity coordinator of the identity, credential and access management team, in a recent blog post. (Note #1: Earlier this summer Jacobs advocated for SOCaaS use in federal agencies in remarks at researcher Gartner’s 2018 security conference. His blog elaborates on the presentation.)Enter SOC as a service (SOCaaS). “If agencies contract out security operations, they are using SOC as a service and can leverage this model to streamline security operations,” he said. (Note #2: Artic Wolf Networks' AWN CyberSOC platform is an example of an SOCaaS model).Buy-in. The agency chief information officer, the chief information security officer and the executive board must be on board with mission and goals. Data. The more mature the processes, the easier is it to gather requirements that will drive better service management, risk/compliance posture and savings. Timelines. Create a realistic timeline to fully implement SOCaaS, including training execution, gap analysis, modelling, testing and evaluation. Benchmarks. Use due diligence and metrics/analysis to create a blueprint to meet agency goals. Connect with agencies who have already done this to learn and share best practices. “Centralized security operational services, such as SOCaaS, are likely to become a reality over the next several years,” wrote Jacobs. “While some agencies already have capabilities and services to improve management of security operation, many have not yet started down this path.”Higher Education: Several Big 10 Universities have launched OmniSOC to protect participating universities from cyberattacks. MSP for SMB Sector: Arctic Wolf Networks promotes SOC as a Service to MSPs across the small and midsize business market, and the company has a fledgling relationship with ConnectWise to push deeper into the sector. Also, Continuum has built worldwide SOC services for SMB-focused MSPs, and master MSSPs like Infogressive could emerge as SOC providers, in some ways, to small business MSPs. Additional insights from Joe Panettieri.