It isn’t easy to convince non-technical business leaders that they should spend more money on assets that don’t deliver obvious or immediate return on investment. Traditional information security systems don’t typically affect productivity or move numbers on the bottom line of company spreadsheets. This is apparent when you look at where IT budgets typically get spent. Organizations will pay for better networks and applications that streamline workflows, but they barely invest in technologies to protect those investments. Gartner estimates that less than 5 percent of IT spending goes to security. With such limited resources, most IT teams settle for firewalls and monitoring – and then hope for the best. Unfortunately, inadequate security measures can prove costly in terms of revenue and reputation. Business leaders need to be more proactive about security, and IT should help make that case.
Consider the ROI of security systems in terms of risk – and beyond.
Security-focused IT can be a business enabler. Few business leaders see it this way initially. Most equate security with the roadblocks IT puts up to deny access to applications and information. But really, the right security system should be able to protect the business without restricting critical functions. Even more importantly, the metrics from security monitoring can be applied to sales, marketing, customer interaction and growth planning, making investments in security ROI-positive.
Mesh people, processes and technology into security spending considerations.
Instead of considering tools in isolation, look at security as a part of the larger initiatives the business is considering. As an organization evaluates bring-your-own-device (BYOD) policies, big data plans, cloud computing processes and more, discuss the business case for security. Incorporate conversations about your security posture into all of these plans so that policies, employee education, information integration, and streamlined secure workflows become part of the discussion.
Examine what security means to your partners and customers.
Security threats and concerns are reshaping the IT landscape more rapidly than any shift we’ve seen since the rise of personal computing. Forward-looking IT teams and business leaders have a chance to get ahead of this trend and reconsider the way they approach information security. This will become increasingly important to customers and partners, who want to leverage the benefits of digital business dealings without exposing themselves to the risks.
Security spending cannot continue to be the last item on IT’s agenda, and it cannot continue to earn such a small slice of the budgetary pie – not in an era when distributed denial of service (DDoS) attacks and data leaks have the power to bring business to a standstill. Security and success are now intertwined. Security solutions, rather than serving as reactionary tools, have the potential to spur change, deliver real business value and differentiate companies from their competitors.