Planning Distributed Security Operations Centers in Multi-Cloud Landscapes: A Case Study

We present a case study on the strategic planning of a security operations center in a typical, modern, mid-size organization. Against the backdrop of the company's multi-cloud strategy a distributed approach envisioning the involvement of external providers is taken. From a security-centric abstraction of the organizational IT-landscape, a novel strategic planning method for security operation centers is developed with an adaptable relationship matrix as core tool. The method is put to a practical test in modeling different levels of engagement of external providers in the center's operation. It is shown that concrete output, such as a core statement of work for an external provider, can easily be derived.