Business of IT: Building a business case for security

Security can be both the unseen hero and the weakest link in an organisation, so how do you make the case to spend enough to protect your organisation's most vital assets? Stephen Pritchard investigates...

"The ROI is the value you associate with the confidentiality of your information," says Harrison. "There's a greater focus on how, as a business, you can make use of the data you have. As I make greater use of my data what are the integrity confidentiality and regulatory requirements for those data?" If businesses want to make more use of their data, putting in place measures to protect it should make sound business sense, he suggests.

Advertisement - Article continues below

"Do you have significant enough assets to go beyond the [security] base line?" asks Ed Amoroso, chief security officer at AT&T. "The answer in some corporations will be no. If you are setting up a company selling a casual product on the net ,then you might not need anything beyond the basics. But in financial services, or as a service provider, the assets are so significant that you will need protection beyond the basics."

Pay for an alarm, or pay to change the locks

This, combined with the demands for greater financial rigour around security investments, is prompting organisations to look at designing in security, at the outset of IT projects.

The ROI is the value you associate with the confidentiality of your information,.

Advertisement
Advertisement - Article continues below

All too often, believes Dimension Data's Campbell, IT departments struggle to prove the business case for security let alone that security delivers an ROI because security is an afterthought.

Advertisement - Article continues below

"If you leave security till the end of a project, it becomes an added cost. If you flag it early, so security is associated with the project, with its ROI, it enables that ROI to be realised," he says.

"World class organisations design for security, and are thinking about security before the project is designed on paper," says Ponemon. "Based on our benchmarking, a lot of organisations [still] look at security as something you do at the end." Building in security earlier leads to "better and more cost-effective outcomes", he says. "But most organisations are still doing it the old way."

Changing that approach may take time but it should reduce costs, and improve security. This should please both the CSO, and the finance director.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020