What a refreshing conversation it was—a senior Global 100 bank’s IT executive was gushing on how he was in the money. No, really! And even better, amidst today’s financial fiascos, he had selected to tell me about how he was financially ahead by deploying some state-of-art security solutions.
Unheard of, you might say. But could it be that we are looking at the early reports on the benefits of Security done right?
Correlating Assurance, Efficiencies and Financial Gains
Big Banker was saying that deploying well crafted security, particularly one that was built into the IT products, had offered him greater assurance, exposing his data to lessened risks. Embedded encryption on his tapes had saved him $20M in potential compliance remediation were the tapes to be lost. Big peace of mind, with money and energy now expended in tackling other core data exposures.
Big Banker had just yanked out some security gateways across his global operations because we at EMC had now built in access control into our products [free!]. With his more secure products and their higher assurance, not only was he reducing the redundant layers of security, but was now able to consolidate his audits to meet compliance and governance requirements. Wow!
As he centralized services [password management, single sign-on, key management, log management], he was churning up huge savings, yet increasing assurance levels and making more budgets available for risk management for new business initiatives.
Ka-ching!
Making Security A Strategic Conversation
Yet, one of the key realizations for me from my banker friend was that he was talking of security as an integral part of his corporation’s data protection strategy. He inter-changed the references to security and data protection so freely, that I actually stopped him to confirm if he actually meant it to be so. And sure enough, he was.
To me, this is a significant step forward in any organization’s security maturity curve for two reasons:
First, it shows that an organization has moved on from security point products being deployed to plug ad hoc gaps.
Second, I see this as the next step towards thinking of security as an integral part of an information management strategy— the necessary organizational structure for security to be done right.
Big Banker continued with how he has an emerging opportunity for Security to be considered in the context of emerging cloud computing models, and a part of the Information Architecture Council deliberations— All are small examples of the right-positioning of Security. All will lead to reaping the most benefits from leveraging Security investments.
Remember SOX?
Reminds me of the early days of Sarbanes Oxley where small corporations had to invest $600,000 to deploy SOX, and larger corporations were magnitudes higher. Experts suspected benefits, and surely enough, reports abound today on how SOX has been saving organizations operating and investment costs through standardized IT processes and consolidated infrastructures and applications. But it took 3-5 years for formal ROI reports on SOX benefits to come to light.
I think my banker friend was re-affirming what we had always suspected—there’s money to be saved in security done right, if only we kept our eyes open to count it…
As I travel the world and talk to various security folks in diverse organizations, I have begun to hear increasing references to the benefits of Security done right. In today’s economic climate, there is equally the need for Security deployments to be correlated with bona fide Return on Security Investments.
Can you actually count your money saved in Security? If you can, and particularly if you can do so convincingly, then your executives too will actively support you in your quest for Sustainable Security….
Comments