Return on Security is not all that different than the traditional, universal calculation of return on investment. When organizations try to understand the value of a specific investment, its cost-effectiveness, or are looking to justify the budget allocation, they look at the benefit – the expected return – and compare that to the cost.
Organizations traditionally looked at loss prevention as the sole factor attributed to benefit. Loss prevention was a factor of risk exposure multiplied by the expected percentage of risk mitigation.
For example, let’s consider a company looking at an antivirus solution. They know there is typically four virus incidents a year, each costing roughly $25,000 in associated issues. The solution they are evaluating is expected to reduce 75% of that risk. Using the traditional model, they would compare the expected cost of inaction ($100,000) to the cost of the solution plus the risk that is not mitigated by the solution (x + 25,000) and make a decision accordingly.
Today’s CISOs and security teams are looking at cloud security as a business enabler – propelling the business forward instead of blocking advancement on the basis of security concerns. When they make investment decisions on security solutions, they look at more positive metrics – benefits related to business enablement.
Is the solution increasing adoption of collaboration platforms? Is it increasing employee productivity? Is it increasing employee satisfaction? Is visibility into user activity and monitoring capabilities increasing?
Let’s consider a customer example. We are working with a retailer that, when we initially started working with them, had one million documents in their cloud collaboration platform of choice, 10% of which were exposed publicly. Of course, the public exposures introduced potential risks.
The retailer was specifically looking at collaboration metrics, and wanted to increase platform adoption while reducing cloud security risk exposures. They simultaneously achieved increased visibility and control while encouraging platform adoption. This was achieved as a result of a number of factors: centralization of collaboration, the enablement of end-user remediation, and policy-driven controls. As a result, their environment tripled in size to three million documents while reducing the percentage of publicly exposed documents to 5%.
Ready for more?
In our CISO’s Guide to Cloud Security eBook, you will:
- Learn the characteristics and priorities of today’s forward-thinking security leaders
- Obtain actionable guidelines to initialize and execute an effective cloud security program
- Be empowered to bring it all to life with a formula to measure the impact of security efforts in every organization