The California Department of Technology’s Office of Information Security (OIS) continually assesses California’s public-sector cybersecurity maturity and then aligns statewide security controls accordingly to fill the void. While some state entities had established appropriate security measures, others may not be able to maintain their security operations defenses fast enough. Building and maintaining a traditional, full-time security operations center can cost well more than $2 million annually. Even outsourcing could run into the hundreds of thousands of dollars each year, placing comprehensive cybersecurity well beyond the reach of resources-constrained organizations. Expenses for infrastructure, licensing and log retention are costly. Factoring in the cost of integrating threat detection and maintaining compliance with state and federal regulations often meant smaller government organizations had to make do with outdated and patchwork security that left gaps in essential services and put public data at risk.
California wasn’t the only state confronting these issues. Other states were also working to improve cybersecurity for their public partners. Some launched endpoint detection programs for local governments, offering monitoring tools through partnerships with industry. Others invested in outsourcing security operations or created dedicated cyber task forces to respond to threats. While these programs were making progress, they were limited in scope, serving only select entities or requiring significant technical overhead from those they aimed to help.
California’s response took a holistic approach by creating a nationally leading model that is scalable, equitable and efficient. Instead of expecting each public partner to create its own cybersecurity program, the state centralized the security effort. The result was the SOCaaS — a cloud-native, fully managed cybersecurity service delivering 24/7/365 monitoring, threat detection and incident response to all participating public-sector subscribers. The service integrates with the California Cybersecurity Integration Center (Cal-CSIC) for coordinated threat intelligence sharing, incident response and recovery. Detection capabilities have grown dramatically from 110 adversarial tactics and techniques to more than 1,000, covering all 14 major attack tactics and 90 percent of attack techniques commonly observed throughout the threat landscape. New subscribers receive comprehensive onboarding tailored to their technical environments and staffing levels within weeks to get them up and running.
“The Office of Information Security is the primary oversight body for state entities and provides direct support to help executive branch organizations strengthen their cybersecurity and become more resilient,” said state Chief Information Security Officer Vitaliy Panych. “By offering shared services, we help entities detect, prevent and respond to threats more quickly and effectively within a common framework. Our strategic intent with providing operational services is to govern each organization individually and uplift their ability to withstand threat activity under a unified approach.”
SOCaaS is flexible: Partners can choose how much hands-on they want to retain by managing their own data flows or they can hand off the work entirely to the seasoned OIS team. Through regular health checks, key performance tracking and personalized support, subscribers stay protected and informed.
Today, SOCaaS protects 112 public-sector organizations — state departments, counties, cities, school districts and special districts — and that number is growing without a need to increase OIS staffing. The cost to each participant is effectively zero, with a combined estimated savings to the state exceeding $54 million.
Thanks in great part to this amazing service, California didn’t just raise the cybersecurity bar — it redefined it.
To learn more about SOCaaS, contact CDT’s Office of Information Security.
Editor’s note: This article was originally published by the California Department of Technology’s Office of Information Security.
