Business of IT: Building a business case for security
Security can be both the unseen hero and the weakest link in an organisation, so how do you make the case to spend enough to protect your organisation's most vital assets? Stephen Pritchard investigates...
"The ROI is the value you associate with the confidentiality of your information," says Harrison. "There's a greater focus on how, as a business, you can make use of the data you have. As I make greater use of my data what are the integrity confidentiality and regulatory requirements for those data?" If businesses want to make more use of their data, putting in place measures to protect it should make sound business sense, he suggests.
"Do you have significant enough assets to go beyond the [security] base line?" asks Ed Amoroso, chief security officer at AT&T. "The answer in some corporations will be no. If you are setting up a company selling a casual product on the net ,then you might not need anything beyond the basics. But in financial services, or as a service provider, the assets are so significant that you will need protection beyond the basics."
Pay for an alarm, or pay to change the locks
This, combined with the demands for greater financial rigour around security investments, is prompting organisations to look at designing in security, at the outset of IT projects.
The ROI is the value you associate with the confidentiality of your information,.
All too often, believes Dimension Data's Campbell, IT departments struggle to prove the business case for security let alone that security delivers an ROI because security is an afterthought.
"If you leave security till the end of a project, it becomes an added cost. If you flag it early, so security is associated with the project, with its ROI, it enables that ROI to be realised," he says.
"World class organisations design for security, and are thinking about security before the project is designed on paper," says Ponemon. "Based on our benchmarking, a lot of organisations [still] look at security as something you do at the end." Building in security earlier leads to "better and more cost-effective outcomes", he says. "But most organisations are still doing it the old way."
Changing that approach may take time but it should reduce costs, and improve security. This should please both the CSO, and the finance director.
In This Article
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now