Business of IT: Building a business case for security

Security can be both the unseen hero and the weakest link in an organisation, so how do you make the case to spend enough to protect your organisation's most vital assets? Stephen Pritchard investigates...

"The ROI is the value you associate with the confidentiality of your information," says Harrison. "There's a greater focus on how, as a business, you can make use of the data you have. As I make greater use of my data what are the integrity confidentiality and regulatory requirements for those data?" If businesses want to make more use of their data, putting in place measures to protect it should make sound business sense, he suggests.

"Do you have significant enough assets to go beyond the [security] base line?" asks Ed Amoroso, chief security officer at AT&T. "The answer in some corporations will be no. If you are setting up a company selling a casual product on the net ,then you might not need anything beyond the basics. But in financial services, or as a service provider, the assets are so significant that you will need protection beyond the basics."

Pay for an alarm, or pay to change the locks

This, combined with the demands for greater financial rigour around security investments, is prompting organisations to look at designing in security, at the outset of IT projects.

The ROI is the value you associate with the confidentiality of your information,.

All too often, believes Dimension Data's Campbell, IT departments struggle to prove the business case for security let alone that security delivers an ROI because security is an afterthought.

"If you leave security till the end of a project, it becomes an added cost. If you flag it early, so security is associated with the project, with its ROI, it enables that ROI to be realised," he says.

"World class organisations design for security, and are thinking about security before the project is designed on paper," says Ponemon. "Based on our benchmarking, a lot of organisations [still] look at security as something you do at the end." Building in security earlier leads to "better and more cost-effective outcomes", he says. "But most organisations are still doing it the old way."

Changing that approach may take time but it should reduce costs, and improve security. This should please both the CSO, and the finance director.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box
Security

Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box

18 Nov 2021
Big zero-day flaw found in Palo Alto security appliance
internet security

Big zero-day flaw found in Palo Alto security appliance

11 Nov 2021
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021