Welcome! Subscribe Here

Your email:

Posts by popularity

Blog Watch

Posts by Author

Courion Corporation

Current Articles | RSS Feed RSS Feed

ROI Is One of Three Good Justifications for Security

Posted by Chris Sullivan - VP Customer Solutions on Thu, Feb 19, 2009
  
 

Information week posted a blog yesterday that "ROI Is Not A Good Justification For Security".  With all due respect to blogger Mike Fratto, yes it is.

In fairness to Mike, I think he's reacting to increasing pressure across every industry to cost justify security programs and he's reminding us of two very important facts. First, there are risk management and compliance benefits that, just because they are harder to quantify for the CFO, should not be ignored. Second, it might be harder than you think to realized some operational efficiencies.

Here's the rest of the story...

Companies deploy access assurance solutions for 3 simple reasons:

  1. Effective security controls reduce risk and meet compliance demands
  2. Automation yields efficient security operations
  3. Speed enables the business to move faster

You must justify programs internally by being realistic about which of the benefits will secure funding:

  • Effective security is attractive if it addresses high risk areas identified in risk assessments done with the business. In today's environment, this might be insider threat from disgruntled, soon to be former or former employees.
  • Efficiency gains are real and measurable. It may be hard to recover the cost from employees working as part time security administrators but a company's core applications like SAP, AD, RACF and email require dedicated personal that are easy to identify. Increasingly, companies are auditing for efficiency as well. Here's some actual data from our customers:
      • 7000 person teaching hospital automated 24,960 password resets and 52,708 account create, add, change and disables in 2008.
      • 35,000 person retail bank is automating account administration where turnover is approximately 800 people per month. In addition, they report having saved $2,175,300 in calls to the help desk by automating password resets alone.
  • Enabling the business means getting employees productive more quickly or executing mergers or divestitures more quickly

In most companies today, the optimal approach is to build a business case that clearly and conservatively defines how an access assurance program:

  1. Enables the business (soft benefits)
  2. Meets security needs (basic requirements)
  3. Saves money (operational efficiency)

If you need some help with this, let me know ;)

 

Tags: , , , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics