Business of IT: Building a business case for security

Security can be both the unseen hero and the weakest link in an organisation, so how do you make the case to spend enough to protect your organisation's most vital assets? Stephen Pritchard investigates...

"The ROI is the value you associate with the confidentiality of your information," says Harrison. "There's a greater focus on how, as a business, you can make use of the data you have. As I make greater use of my data what are the integrity confidentiality and regulatory requirements for those data?" If businesses want to make more use of their data, putting in place measures to protect it should make sound business sense, he suggests.

"Do you have significant enough assets to go beyond the [security] base line?" asks Ed Amoroso, chief security officer at AT&T. "The answer in some corporations will be no. If you are setting up a company selling a casual product on the net ,then you might not need anything beyond the basics. But in financial services, or as a service provider, the assets are so significant that you will need protection beyond the basics."

Pay for an alarm, or pay to change the locks

This, combined with the demands for greater financial rigour around security investments, is prompting organisations to look at designing in security, at the outset of IT projects.

The ROI is the value you associate with the confidentiality of your information,.

All too often, believes Dimension Data's Campbell, IT departments struggle to prove the business case for security let alone that security delivers an ROI because security is an afterthought.

"If you leave security till the end of a project, it becomes an added cost. If you flag it early, so security is associated with the project, with its ROI, it enables that ROI to be realised," he says.

"World class organisations design for security, and are thinking about security before the project is designed on paper," says Ponemon. "Based on our benchmarking, a lot of organisations [still] look at security as something you do at the end." Building in security earlier leads to "better and more cost-effective outcomes", he says. "But most organisations are still doing it the old way."

Changing that approach may take time but it should reduce costs, and improve security. This should please both the CSO, and the finance director.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020