Scribd Logo
Upload

Welcome to Scribd!

  • Security Investment: Simon Perry

    Uploaded by

    quocirca
    54 views15 pages
    Software ROI approaches when "security" isn't security Formulating the right approach. 2009 Quocirca Ltd security investment simon perry principal associate analyst. More significant for risk averse corporate cultures Requires historical risk analysis.

    Original Description:

    Original Title

    Security investment

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Software ROI approaches when "security" isn't security Formulating the right approach. 2009 Quocirca Ltd security investment simon perry principal associate analyst. More significant for risk averse corporate cultures Requires historical risk analysis.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    54 views15 pages

    Security Investment: Simon Perry

    Uploaded by

    quocirca
    Software ROI approaches when "security" isn't security Formulating the right approach. 2009 Quocirca Ltd security investment simon perry principal associate analyst. More significant for risk averse corporate cultures Requires historical risk analysis.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    security

    investment
    simon perry
    principal associate analyst

    © 2009 Quocirca Ltd


    Do IT better or don’t do IT at all

    Effective Consume
    Don’t do it
    Asset less, output
    (yourself)
    Management more

    Tactical Strategic

    © 2009 Quocirca Ltd


    What we are going to cover

    Software
    ROI
    approaches

    When
    “security”
    isn’t
    security

    Formulating
    the right
    approach

    © 2009 Quocirca Ltd


    Influencing factors

    Historical Financial
    Regulation Peers attacks health

    Business Cost
    initiatives cutting
    Vendors
    Corporate
    culture

    External Internal
    © 2009 Quocirca Ltd
    Traditional SW ROI

    Risk …Technical risk


    avoidance ...Market risk
    …Regulatory risk

    Improved …Higher availability


    …Improved performance
    service
    …Additional features or scalability

    Opportunity …New service


    …New market or market differentiation
    enabling
    …New approach
    …Elimination of manual effort
    Cost
    …Faster deployment / service activation speed
    savings …Reduced „per unit‟ management cost

    © 2009 Quocirca Ltd


    “…yes, but
    security is a
    special case…”
    © 2009 Quocirca Ltd
    Security Categories

    Products that primarily improve security state SS


    • Network and Host based controls
    • Authentication / Authorisation systems
    • Encryption systems
    • Secure data transportation
    • Data leak prevention
    • User Provisioning
    • Software and log management tools
    • Vulnerability assessment
    • Patch management
    • Security information management

    Products that primarily improve operational efficiencies OE


    © 2009 Quocirca Ltd
    ROI application to Security

    • More significant for risk averse


    Risk
    corporate cultures
    avoidance
    SS

    Improved • Requires historical risk analysis


    and industry comparative data
    service

    Opportunity • May apply to technology


    • Best if “business enabling”
    enabling

    OE • Significantly easier to measure


    Cost
    • History may create cynicism
    savings

    © 2009 Quocirca Ltd


    Current focus

    • More significant for risk


    Risk
    averse corporate cultures
    avoidance
    SS

    Improved • Requires historical risk analysis


    and industry comparative data
    service

    Opportunity • May apply to technology


    • Best if “business enabling”
    enabling

    OE • Significantly easier to
    Cost
    measure
    savings • History may create cynicism

    © 2009 Quocirca Ltd


    Current focus

    • Organisational risk appetite has decreased


    Risk
    • Financial resilience is lower
    avoidance • Organisational changes creating exposure

    • Security as an overall contributor


    • Security processes highlighted by operating
    conditions
    • Automation
    Cost • Outsourcing and offshoring
    savings • Antifraud

    © 2009 Quocirca Ltd


    Market Evolution

    Complexity
    SaaS
    Flexibility

    Virtualisation
    Cloud
    Web

    Client/Serve
    r

    Centralized hardware Centralized software


    based infrastructure based infrastructure
    1960 1970 1980 1990 2000 2007
    © 2009 Quocirca Ltd
    Effective Asset Management

    Facility

    Hosted
    data
    Hardware
    centre
    Extend
    asset
    lifetime
    Software
    Data
    centre
    Decrease
    power
    Virtualised Content
    design usage Hosted

    © 2009 Quocirca Ltd


    Shifting focus

    • Significant only for risk


    Risk
    averse corporate cultures
    avoidance
    SS
    You don’t save your way out of
    Improved
    a recession. Some companies
    service
    will not only survive, they will
    thrive. They will do so by
    Opportunity investing while capital is cheap
    enabling and competition is distracted

    OE • Significantly easier to
    Cost
    measure
    savings • History may create cynicism

    © 2009 Quocirca Ltd


    Recommendations

    • Correctly identify the primary benefit of the proposed


    action
    • Align with business goal and external drivers
    • Avoid the temptation to ……
    • Be accurate and thorough
    • Track, report, improve
    • Go as low in the stack as possible
    • Agility ultimately pays off more than saving costs
    • Cost savings and efficiency enable further agility
    • Track external factors

    © 2009 Quocirca Ltd


    Follow up

    simon.perry@quocirca.com
    twitter:140letters1idea
    http://www.linkedin.com/in/simonperry

    www.quocirca.com
    twitter: quocirca

    © 2009 Quocirca Ltd

    You might also like