When an organization plans its strategy and internal communication processes, it is common for doubts to arise about which is the best way forward, especially if it is intended to create centralized communication mechanisms.
Communication is extremely important for cybersecurity companies and especially for SOC teams, which are the first line of computer defense in real-time, because structured information, besides reducing possible operational errors, simplifies relations between the different teams and departments that act towards the same end (example: SOC, Pentest and Cyber Intel teams/departments), as well as ensuring a better understanding of the environment, defense and protection of their customers' infrastructure.
Thus, the following question arises:
"should companies providing cybersecurity services centralize communication or keep it decentralized?"
To help answer the question, the following are some of its characteristics.
In general, Centralisation enables:
Already in Decentralisation:
These are just some of the advantages and disadvantages when adopting centralized or decentralized communication.
Centralization reduces costs and time with possible errors due to lack of information, such as, for example, the repetition of work or the creation of security incidents (False Positives) generated by the activity of an employee of the Pentest department during his "normal activity", without there being any internal communication about what is going on because when testing the systems of a client, they end up generating various alarms for the technicians who are monitoring the network of that client.
Although decentralization is a practice widely used by several companies, in the area of cybersecurity the centralization of communication and information is a crucial factor for a better operation and global contribution of the various services provided.
By: