Tips for Justifying Security Investments
That’s where many companies I talk to run into an unexpected roadblock. For decades, IT (and IT security) has been treated as a purely technical discipline, and top technical professionals were promoted into IT leadership positions. They can walk you through any sophisticated technology question, but not all of them speak the “business” language. This makes it tough for both sides of the conversation to come to productive decisions.
Another challenge for many IT leaders is a lack of factual data to rely on. In technology, you work with facts, and you have precise and defensible measurements. For example, you can report on the number of incidents over a given period of time, or the time needed to patch a vulnerable server. But how do you show the expected return on a security investment without stepping into the realm of assumptions and probabilities? This pushes a lot of IT pros, myself included, out of their comfort zone.
Cost savings is one of the most obvious measures of ROI, especially when the CIO or head of IT is also responsible for security. If a project enables you to reduce storage space, consolidate licenses, or reduce time and effort through automation, you can calculate the returns with reasonable certainty.
The caveat here is to understand this should never be the only reason for the investment. The main goal of IT security is to manage risk, and you’re doing yourself a disservice with any project that does not start there. However, cost savings works great as an additional reason to invest in something that reduces a risk the company cares about.
More Info: comptia cloud essentials salary
Another challenge for many IT leaders is a lack of factual data to rely on. In technology, you work with facts, and you have precise and defensible measurements. For example, you can report on the number of incidents over a given period of time, or the time needed to patch a vulnerable server. But how do you show the expected return on a security investment without stepping into the realm of assumptions and probabilities? This pushes a lot of IT pros, myself included, out of their comfort zone.
Cost savings is one of the most obvious measures of ROI, especially when the CIO or head of IT is also responsible for security. If a project enables you to reduce storage space, consolidate licenses, or reduce time and effort through automation, you can calculate the returns with reasonable certainty.
The caveat here is to understand this should never be the only reason for the investment. The main goal of IT security is to manage risk, and you’re doing yourself a disservice with any project that does not start there. However, cost savings works great as an additional reason to invest in something that reduces a risk the company cares about.
More Info: comptia cloud essentials salary
Comments
Post a Comment