Business of IT: Building a business case for security

Security can be both the unseen hero and the weakest link in an organisation, so how do you make the case to spend enough to protect your organisation's most vital assets? Stephen Pritchard investigates...

"The ROI is the value you associate with the confidentiality of your information," says Harrison. "There's a greater focus on how, as a business, you can make use of the data you have. As I make greater use of my data what are the integrity confidentiality and regulatory requirements for those data?" If businesses want to make more use of their data, putting in place measures to protect it should make sound business sense, he suggests.

"Do you have significant enough assets to go beyond the [security] base line?" asks Ed Amoroso, chief security officer at AT&T. "The answer in some corporations will be no. If you are setting up a company selling a casual product on the net ,then you might not need anything beyond the basics. But in financial services, or as a service provider, the assets are so significant that you will need protection beyond the basics."

Pay for an alarm, or pay to change the locks

This, combined with the demands for greater financial rigour around security investments, is prompting organisations to look at designing in security, at the outset of IT projects.

The ROI is the value you associate with the confidentiality of your information,.

All too often, believes Dimension Data's Campbell, IT departments struggle to prove the business case for security let alone that security delivers an ROI because security is an afterthought.

"If you leave security till the end of a project, it becomes an added cost. If you flag it early, so security is associated with the project, with its ROI, it enables that ROI to be realised," he says.

"World class organisations design for security, and are thinking about security before the project is designed on paper," says Ponemon. "Based on our benchmarking, a lot of organisations [still] look at security as something you do at the end." Building in security earlier leads to "better and more cost-effective outcomes", he says. "But most organisations are still doing it the old way."

Changing that approach may take time but it should reduce costs, and improve security. This should please both the CSO, and the finance director.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
SonicWall warns of imminent ransomware campaign on VPN hardware
virtual private network (VPN)

SonicWall warns of imminent ransomware campaign on VPN hardware

16 Jul 2021
Researchers send “unhackable” quantum data over 370-mile optical fiber
data protection

Researchers send “unhackable” quantum data over 370-mile optical fiber

11 Jun 2021
New study shows global privacy investments increasing
data protection

New study shows global privacy investments increasing

2 Jun 2021

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021