Tag: GSOC

6 Key Insights from Breaking Down Security Silos in Connected Ecosystems

Posted on September 9, 2025 by - Industry Expertise

There’s been a lot of talk across the security industry about the ways in which companies are leveraging all of the data being collected from various systems. The challenge that stems from this is how this data can be collected, analyzed, and used to make better decisions. In our latest webinar, leaders from HiveWatch, Ontic, and Chipotle outlined how security teams can address this challenge: building a truly connected security ecosystem.

HiveWatch Co-Founder & CEO Ryan Schonfeld led an insightful discussion with Chipotle Head of Global Security & Risk Resilience Josh Phillips, and Ontic VP of Product Marketing Ankur Aurora about breaking down operational silos and leveraging technology to transform to create a truly connected security ecosystem.

The full webinar is available on-demand, but here are some of the key takeaways from the discussion:

1. Connected Security Ecosystems Matter More Than Ever

The webinar kicked off with a crucial distinction. While the industry loves talking about shifting from reactive to proactive security, Ryan emphasized something more important: moving from proactive to strategic. “That’s how security earns a seat at the executive table; not by running around shouting about risks, but by becoming a genuine business partner,” he said

Josh agreed, sharing how his team evolved beyond being just the “in-house 911 team” to become strategic problem solvers. They’re not just protecting people and assets anymore; they’re safeguarding the supply chain, preventing turnover crises, and yes, ensuring there’s always guac on the line (a metric Ryan, as a self-proclaimed Chipotle superfan, particularly appreciated).

2. Too Much Data Can Be a Problem

During the discussion, Ankur dropped a sobering statistic: security teams are spending 30% to 50% of their time just wrangling data. Half of your security team’s valuable time is consumed chasing context and validation across different systems instead of actually protecting the organization.

The panelists agreed that the problem isn’t a lack of data – because most organizations are drowning in it. The real issue is that data lives in silos:

  • Executive protection maintains their own threat actor spreadsheet
  • Investigations has a separate database
  • Threat intelligence operates with yet another system

Ankur highlighted how these silos manifest in three main ways:

  1. Within security functions – different teams tracking the same data separately
  2. Across regions – East Coast systems not talking to West Coast systems
  3. Between departments – security data disconnected from HR, legal, and other business units

3. Breaking Down Silos Requires Cross-Collaboration

Josh shared compelling examples of what’s possible when you break down these silos. In one example, Chipotle discovered their HR case management system wasn’t connected to their security incident data. Once they integrated these systems, they could identify “hotspot markets” where workplace violence incidents were trending upward.

The result? They could intervene before these became full-blown turnover crises. As Josh explained, “We were able to more quickly identify these hotspot markets and get in and intervene before they became a larger issue and ultimately prevented it from becoming a systemic turnover crisis.”

Another powerful example involved Chipotle’s supply chain visibility. By connecting security monitoring tools with supply chain operations, the company can provide advance notice about protests, natural disasters, or other disruptions that might affect deliveries or service operations.

4. Transformation Can Start Small: The Crawl, Walk, Run Approach

Both Ankur and Josh emphasized a measured approach to building connected ecosystems using a familiar phrase: “You can’t boil the ocean.” Instead, the security leaders suggest starting with high-impact, low-effort integrations. Pick one business problem, solve it well, prove the value, then expand.

Josh’s advice on securing buy-in was particularly valuable: “If I go to the business leader and say, ‘I want to help you improve turnover in this market, I want to help you improve the employee experience…’ then now I’ve got their attention because I led with a business problem.”

The key is framing technology discussions around business outcomes, not security metrics.

5. “Perfect” Looks Different for Each Company

When asked about the ideal security ecosystem, Josh painted a clear picture:

  • Quick, accurate, efficient incident response that minimizes business downtime
  • The ability to anticipate risks before they materialize
  • Providing meaningful analysis to decision-makers (not just flagging risks)
  • Operating as a strategic partner across the enterprise

This vision isn’t about having the fanciest tech stack. It’s about creating genuine business value through connected operations.

6. The Ways That AI Can Make an Impact

No 2025 security conversation would be complete without addressing AI. Ryan advocated for a measured approach: “Being very measured about how you roll that out… I would challenge people to think less about the false positive rate and more about the false negative rate.”

The consensus was clear: AI should enhance your team’s capabilities, not replace human judgment. Let AI handle the data correlation and pattern recognition so analysts can focus on strategic security decisions.

The HiveWatch-Ontic Partnership: Making Connected Security Real

The webinar concluded with exciting news about the deepened partnership between HiveWatch and Ontic. Ryan described HiveWatch as “an operating system for security operations centers,” while Ontic focuses on “bridging silos using data, intelligently connecting operations.”

Together, these complementary solutions help organizations finally achieve that elusive connected ecosystem. The partnership announcement coincided with Ontic’s Series C funding news, signaling strong market momentum for connected security solutions.

Your Next Steps

Building a connected security ecosystem isn’t a destination – it’s a journey. The panelists recommended this roadmap:

  1. Identify your biggest operational pain point. Where are silos causing the most friction?
  2. Map your data flows. What systems hold critical information that should be connected?
  3. Start small. Pick one integration that can demonstrate quick value.
  4. Lead with business outcomes. Frame every technology discussion around the business problem you’re solving.
  5. Measure and expand. Once you prove value, use that success to drive further integration.

Bringing it all together

This webinar reinforced a crucial truth: the future of security isn’t about more cameras or fancier badges. It’s about intelligent, connected operations that drive real business value.

As Josh Phillips demonstrated through Chipotle’s success stories, when security teams break down silos and connect their data, they transform from cost centers into strategic business partners. That transformation starts with understanding that, as Ankur put it, “security today is in the data business.”

Ready to transform your security operations? The webinar recording is available on demand. To learn more about building a connected security ecosystem with HiveWatch and Ontic, schedule a demo of our platform.

How to Develop a GSOC: From Business Case to Implementation

Posted on September 3, 2025 by - Industry Expertise, Tips & Tricks

Effectively monitoring, managing, and responding to security threats across multiple locations falls squarely on the shoulders of an organization’s global security operations center (GSOC).

At its most effective, a GSOC integrates intelligence from different sources to improve response during security incidents or emergencies and prevent them from even happening in the first place. They are essential for reducing risk to an organization, safeguarding assets and individuals, and staying informed about the security challenges across multiple locations.

But all of these things have to be done while maintaining operational efficiency and cost control, which means creating a SOC that leverages its technology to streamline the processes used to manage incidents.

Whether you’re a security leader evaluating your current capabilities or an executive considering strategic security investments, there are certain things to keep in mind when you’re building a GSOC. Here, we discuss what goes into this process, making a business case for it to leadership, and how to approach operational deployment.

The Business Case for GSOC Development

The decision to develop a GSOC isn’t made lightly. Organizations typically pursue this path when they recognize that their current security model – often a patchwork of regional solutions and disparate monitoring systems – no longer serves their evolving needs.

Modern GSOCs handle far more than just monitoring cameras and access points. They serve as comprehensive intelligence hubs that process data from human resources systems, access control platforms, video surveillance networks, security officer reports, supply chain oversight systems, and external sources, including law enforcement feeds, weather data, social media monitoring, and open source intelligence information.

Effective GSOCs typically provide the following:

  • 24/7/365 oversight: Unlike traditional security models that rely on local personnel or limited-hour monitoring, a properly developed GSOC provides continuous oversight across all organizational assets. This constant vigilance means that potential threats are identified and addressed immediately, regardless of time zones or local staffing constraints. The GSOC integrates with existing security infrastructure to ensure that no blind spots exist in coverage, creating a seamless security umbrella that protects people, assets, and operations around the clock.
  • Centralized incident response: A GSOC eliminates the confusion and delays that often plague decentralized response models by establishing clear command and control structures. Trained operators and analysts manage incoming alerts from identification through elevation to response, ensuring that the right resources are deployed quickly and effectively. This centralized approach also enables better communication with internal security personnel, external law enforcement, and other stakeholders during critical events.
  • Standardized security protocols: One of the most significant advantages of GSOC development is the ability to implement consistent security protocols across all locations. Rather than managing different procedures, technologies, and response models for each site, organizations can establish unified standards that ensure predictable, reliable security outcomes regardless of geographic location. This standardization extends to everything from access control procedures to emergency response protocols, creating organizational resilience that scales with growth.

GSOCs and Cost Optimization Benefits

While the initial investment in GSOC development can be substantial, the long-term financial benefits may typically far outweigh the upfront costs. Organizations see cost optimization across multiple dimensions of their security operations:

  • Reduced staffing redundancy across sites: A centralized GSOC model allows organizations to consolidate monitoring and response functions, reducing overall headcount while actually improving security coverage. Instead of maintaining separate security teams at each facility, organizations can deploy a smaller number of highly trained specialists who can oversee multiple locations simultaneously.
  • Lower total cost of security operations: Beyond staffing efficiencies, GSOCs drive down the total cost of security operations through economies of scale in technology procurement, maintenance, and management. Rather than purchasing and maintaining separate security systems for each location, organizations can leverage centralized platforms that serve multiple sites. This consolidation also reduces training costs, as personnel only need to master one set of systems and procedures rather than adapting to location-specific variations.

Building the Foundation: How to Develop a GSOC Infrastructure

Successful GSOC development requires careful attention to both technical and physical infrastructure elements. The foundation you build will determine not only your initial capabilities but also your ability to scale and adapt as organizational needs evolve.

The infrastructure development process begins with a thorough assessment of current security technologies and operational requirements. This assessment should encompass all existing systems, including video surveillance platforms, access control solutions, alarm systems, communication tools, and any specialized monitoring equipment. Understanding what you have and how it currently functions provides the baseline for determining what additional infrastructure elements you’ll need to develop.

Technology Stack Requirements

The technology backbone of your GSOC will determine its effectiveness and longevity. Modern GSOCs require sophisticated integration capabilities that can bring together disparate data sources into a unified platform. Your technology stack should be built around solutions that can ingest and correlate information from multiple sources while providing operators with intuitive interfaces for monitoring and response.

Some of the key technology components in a GSOC include:

Monitoring and visualization tools: Operator workstations require multiple display capabilities with customizable dashboards that can show everything from live video feeds to threat intelligence reports. The visualization layer should present complex information in easily digestible formats that enable quick decision-making.

Communication systems: A robust communication infrastructure ensures that GSOC operators can coordinate effectively with field personnel, law enforcement, and organizational leadership during incidents. This includes both routine operational communications and emergency notification systems.

Data management solutions: With the volume of information flowing through a modern GSOC, robust data management becomes critical. Storage, archival, and retrieval systems must be designed to handle both current operational needs and future regulatory or investigative requirements.

Security management platforms: In some cases, a modern GSOC leverages a security operations management platform that provides the bulk of the above, including monitoring tools, communications systems, and data ingestion capabilities that can help drive decision-making. Investing in a platform that also brings together multiple video surveillance and access control solutions can make a GSOC that much more effective, eliminating multiple management platforms that thwart incident response and are cumbersome for operators.

Physical Design Considerations

The physical environment of your GSOC plays a crucial role in operational effectiveness. Poor design can undermine even the most sophisticated technology infrastructure, while thoughtful planning creates an environment that enhances operator performance and organizational resilience. Some things to consider include:

  • Layout: The GSOC is designed and laid out to facilitate both individual operator efficiency and team coordination. Sight lines, acoustics, and workflow patterns all impact performance. Operators need clear views of shared displays while maintaining access to individual workstations. The layout should also account for different operational modes – normal operations may require one configuration, while crisis response might benefit from a more collaborative arrangement.
  • Lighting, flooring, and temperature controls: Lighting systems should be adjustable to maintain operator alertness across different shifts. Temperature and air quality controls become critical when operators spend extended periods in the facility. Even seemingly minor details, such as flooring materials, can impact operator comfort and fatigue levels during long shifts.
  • Redundancy: A GSOC represents a single point of failure for organizational security operations, making redundancy planning absolutely critical. Power systems should include uninterruptible power supplies (UPS) and backup generators capable of sustaining full operations for extended periods. Network connectivity requires multiple internet service providers and diverse routing paths to prevent communications outages.
  • Workstations: Individual operator workstations form the building blocks of GSOC effectiveness. Each position should be ergonomically designed to support extended operation periods while providing access to all necessary tools and information sources. Monitor configurations typically require multiple displays to accommodate different information streams – live video feeds, alarm panels, communication tools, and analytical dashboards all compete for screen real estate. The arrangement should allow operators to monitor multiple sources simultaneously while maintaining situational awareness of the broader operational picture.

A Phased Approach for GSOC Development

Developing a GSOC is a complex undertaking that benefits from a structured, phased approach. This methodology allows organizations to manage risk, control costs, and ensure that each phase builds effectively on previous accomplishments.

Phase 1: Strategy and Planning

The foundation of successful GSOC development lies in thorough planning and stakeholder alignment. This phase establishes the strategic direction, operational requirements, and resource commitments that will guide all subsequent development activities.

Stakeholder Alignment and Requirements Gathering

Effective GSOC development requires buy-in and input from stakeholders across the organization. Security leadership provides operational expertise and threat intelligence, but successful GSOCs also need support from facilities management, information technology, human resources, and executive leadership. Each stakeholder group brings different perspectives on requirements, constraints, and success criteria.

Requirements gathering should encompass both current operational needs and future growth projections. Consider not only the locations and assets that need protection today, but also planned expansion, changing threat landscapes, and evolving regulatory requirements. The requirements process should also identify integration points with existing systems and any constraints that might impact design decisions.

Technology Assessment and Vendor Selection

The technology assessment process evaluates current security infrastructure against GSOC requirements, identifying gaps that need to be addressed and opportunities for leveraging existing investments. This assessment should consider not only technical capabilities but also factors like vendor support, integration complexity, and long-term viability.

Vendor selection involves evaluating potential technology partners against both technical requirements and strategic considerations. Look for vendors with proven experience in GSOC deployments, strong integration capabilities, and a history of long-term stability. The selection process should also consider the total cost of ownership, including ongoing support and maintenance requirements.

Budget Allocation and Resource Planning

GSOC development requires significant upfront investment in technology, facilities, and personnel. Budget planning should account for both capital expenditures and ongoing operational costs, including items that might not be immediately obvious, like training programs, maintenance contracts, and facility modifications.

Resource planning extends beyond financial considerations to include personnel requirements, project timeline constraints, and organizational change management needs. Consider the impact of GSOC development on existing security operations and plan for any transition periods where both old and new systems might need to operate simultaneously.

Phase 2: Infrastructure Development

With planning complete, Phase 2 focuses on the physical implementation of GSOC infrastructure. This phase typically represents the most intensive period of development activity and requires careful project management to ensure that technology deployment, facility construction, and personnel preparation all proceed according to schedule.

Technology Deployment and Integration

Technology deployment should follow a carefully planned sequence that minimizes disruption to existing security operations while building toward full GSOC capability. Start with core infrastructure elements like network connectivity and basic monitoring platforms, then layer on additional capabilities as the foundation solidifies.

Integration planning becomes critical during this phase, as the GSOC must connect with numerous existing systems while preserving their individual functionality. Plan for extensive testing periods to ensure that integrations work as expected and don’t introduce unexpected vulnerabilities or operational issues.

Physical Space Construction and Setup

Physical facility development often proceeds in parallel with technology deployment, necessitating close coordination to ensure that infrastructure needs align with available space. Consider factors like power distribution, cooling requirements, and cable management during the construction phase to avoid costly modifications later.

The setup process should include extensive testing of all systems in their operational environment. This testing goes beyond simple functionality checks to include operational scenarios, emergency procedures, and integration between different system components.

Staff Recruitment and Training Programs

Personnel development represents one of the most challenging aspects of GSOC deployment. Recruiting qualified candidates requires specialized skills that may be in short supply, while training programs need to cover not only technical operations but also organizational procedures and emergency response protocols.

Training programs should be designed around the specific systems and procedures that your GSOC will use, rather than generic security operations content. Consider both initial training for new personnel and ongoing development programs to maintain skills and adapt to changing requirements.

Phase 3: Operations Launch

The transition from development to operations represents a critical milestone that requires careful management to ensure continuity of security coverage while bringing new capabilities online.

Pilot Operations and Testing

Pilot operations provide an opportunity to validate GSOC capabilities under real-world conditions while maintaining existing security operations as a backup. Start with a limited scope – perhaps covering a single location or specific types of incidents – and gradually expand coverage as confidence in the new capabilities grows.

Testing during pilot operations should encompass both routine operational scenarios and emergency response procedures. Document lessons learned and identify areas where procedures or systems need refinement before full deployment.

Process Refinement and Optimization

The early operational period typically reveals opportunities for process improvement that weren’t apparent during development. Use this period to refine procedures, optimize workflows, and address any integration issues that emerge under operational conditions.

Process refinement should be systematic rather than ad-hoc, with clear change management procedures that ensure modifications are properly tested and documented. Consider establishing regular review cycles to capture feedback from operators and stakeholders.

Full Operational Capability Achievement

The achievement of full operational capability represents the successful completion of GSOC development, but it should be viewed as the beginning of ongoing operational excellence rather than the end of the development process. Establish procedures for continuous improvement, regular system updates, and adaptation to changing organizational needs.

Next Steps

Developing a GSOC represents a significant commitment of resources and organizational energy, but the benefits – improved security effectiveness, operational efficiency, and cost optimization – make it a worthwhile investment for organizations with complex security requirements.

The key to success lies in approaching GSOC development as a strategic initiative rather than simply a technology project. This means investing in thorough planning, stakeholder alignment, and change management alongside infrastructure development. Organizations that take this comprehensive approach typically achieve better outcomes with fewer complications and lower total costs.

Whether you’re just beginning to consider GSOC development or are well into the planning process, remember that you don’t have to navigate this journey alone. Expert guidance can help you avoid common pitfalls, accelerate development timelines, and ensure that your GSOC delivers maximum value for your organization.

Ready to take the next step in your GSOC development journey? Find out about how technology can help your organization realize the value of a connected, strategic GSOC to achieve its physical security goals while optimizing operational efficiency and costs.

Breaking Down Silos: The Hidden Weakness in Security Operations

Posted on July 1, 2025 by - Industry Expertise

Walk into any modern security operations center and you’ll see the same scene playing out: operators frantically switching between five, six, sometimes seven different screens, each one demanding attention with its own set of alarms, interfaces, and protocols. It’s chaos masquerading as security. So, how did we get here?

Understanding RTCCs vs. GSOCs: Key Differences and Benefits

Posted on April 8, 2025 by - Industry Expertise

Security professionals are constantly faced with evolving threats that require sophisticated monitoring and response capabilities. Two popular solutions in the physical security industry are Real-Time Crime Centers (RTCCs) and Global Security Operations Centers (GSOCs). While they might seem similar at first glance, they serve different purposes, and both have unique advantages. 

Product Feature: Embedded Standard Operating Procedures

Posted on January 12, 2025 by - Product Updates

“We need to order an expander for this thing,” the Command Center Operator told me as I reviewed the updated Standard Operating Procedures (SOPs). In front of me was a massive desktop display with dozens of plastic sheets holding endless pages of SOPs for our security team. The rainbow of colors, each representing a different incident type – from natural disaster to replacing a lost badge – was as extravagant as it was intimidating. 

HiveWatch: Phase 1

Posted on January 12, 2025 by - Company News

When we started building HiveWatch in 2020, we had a vision of what the modern Physical Security Program would look like. HiveWatch has been quietly working over the last two years to understand the pains of security professionals and how to address them head on. As Head of Product, to actually see the vision of HiveWatch come to life has been incredible, not just for myself, but for the industry as a whole. Our goal at HiveWatch has been to change the way that security professionals operate on a daily basis. Quieting the noise, aggregating vital data quickly, and changing programs from reactive to proactive, these were the foundational pillars to building the future of Physical Security.  Today, I’m proud to say that Phase 1 of our vision is now a reality. Here’s what we’ve found with our current customers using HiveWatch:

Security Doesn’t Scale!

Posted on January 12, 2025 by - Industry Expertise

Security doesn’t scale!   

Now before you get offended and stop reading, consider where we are as an industry today and how much we’ve evolved over the past 5, 10, 15, 50 years. Sure, there has been great innovation across certain products:

  • Camera resolution is higher than ever, at a price point that security leaders probably couldn’t have fathomed fifteen years ago. Today, cameras are essentially IP computers that perform advanced edge processing and analytics. 
  • Analytics have progressed from being a buzzword thrown around to actually delivering on many of its promises.
  • Organizations are continuing to replace their analog camera fleets with new IP technology, albeit at an alarmingly slow rate.
  • Facial recognition, object detection & classification, biometrics, drones, counter-drone, access control, tailgate detection, weapon detection, gunshot detection, aggression detection…and the list goes on. 

Yet, with all the amazing product and technological innovation our industry has seen, we haven’t resolved a core problem. Security doesn’t scale.

What are SOPs? How to Standardize Response for Your GSOC

Posted on June 6, 2024 by - Industry Expertise, Tips & Tricks

Security teams handle a lot of incoming data and information related to potentially life-threatening events and emergencies. Whether you’re working with seasoned professionals or new trainees, having a step-by-step plan for how to handle specific situations consistently is essential for meeting the goal of keeping people and assets safe.