Vendor Highlight

Mobile Broadband Boost

As the demand for a smooth and seamless integration of Wi-Fi access becomes increasingly important part for the mobile broadband service, Ericsson has announced its 3GPP compliant Wi-Fi network access, control and management solutions.

Read more ...

Expert Talk

Securing Utilities Infrastructure

As a highly critical sector, the oil and gas infrastructure should be one of the most secure, both physically and digitally. This is not the case.

Read more ...


‘Cost-cutting' has become a buzzword among corporates in the Middle East today. Security programs are not immune to these cost-cutting decisions and in many instances are among the first to be considered when making budget cuts. 



The scare tactics of emphasizing the fear, uncertainty and doubt of security risks are no longer seen as rational grounds for procuring security funding and this task is made even more difficult by the general mindset. Security is seen akin to insurance- no one wants to pay for it but everyone is glad to have it when something does occur.What this then leads to is an industry wide mentality wherein the ‘reactive’ approach to IT security is seen as the accepted norm.


Since IT security or rather the lack of it does not provide a tangible, immediate threat to most organizations, it takes something of a worst case scenario to transform it from a secondary consideration to a burning issue. By then of course, the damage has already been done with effects including damage to reputation, loss of productivity and countless hours wasted on recovery and restoration of systems.


And, while it takes such large scale attacks to raise enough eyebrows to the issue, the real challenge that CIOs and IT decision makers face is not dealing with such catastrophic events, but rather providing a safe and stable environment which allows employees to go about their day-to-day schedules without interruption. Many CIOs are experiencing a rapidly changing environment today where business is demanding more from security - consumerization of IT is usurping control and new architectures are required to address issues of shrinking perimeter, virtualization and web 2.0 technologies. 

In light of this, now more than ever, organizations need to beef up their security measures and the first step in doing so will inevitably involve building a watertight case for IT security spending. Such an argument should justify the expenditure by focusing on the benefits rather than simply portraying a worst case scenario. Security proposals must be based on the financial and real world impact to the company so that the bottom-line implications of implementing the proposal can be fairly assessed against other priorities.

Reduced Risk for Cost-Savings

‘Cost-savings’ is the term that resonates best in boardrooms today. Cost-savings from reduced risk can be categorized into savings that arise from reducing the cost of responding to and resolving incidents; and savings in the form of averted losses of business productivity. Any security breach entails an underlying cost as the IT department resolves the issue, restores the environment and conducts a postmortem of the attack. Along with this, there is the productivity loss that is associated with the breach. As the IT department goes about post-attack procedures, employees and customers are forced to deal with downtime.

This obstruction to business can mean significant monetary losses for an organization. Consider for example the average Distributed-Denial-of-Service (DDoS) attack. Research has shown that the victim organization can stand to lose anywhere between  US $10,000 to US $50,000 an hour depending on the nature of the business. And these figures do not even account for the subsequent loss of business due to the tarnished brand image. New security technologies can help reduce the possibility of attack and furthermore, if an attack does occur, reduce the effort required to get systems back online. By reducing the risk of attack, such an investment will help limit the potential for business productivity losses.

Highlighting the Soft Benefits

Never underestimate the importance of highlighting soft benefits when making a hard business case for a particular IT project. After all, a solid return on investment often extends beyond tangible perks such as a reduction in communication costs and direct cost avoidance. A competitive edge, increased customer satisfaction, improved selling effectiveness, bolstered employee morale – they are all soft benefits capable of delivering top-notch value.

Security Technology as a Business Driver

Currently, security is primarily seen as an overhead rather than a contributing factor to the revenue of the company. Going beyond the basics, the role of security can be seen in a different light. Companies can leverage their security solutions to conduct business in a different and often, more productive manner. A virtual private network (VPN) enables home working. Installing a PCI-DSS compliant security infrastructure allows the business to accept credit card payments. Enterprise mobility security management solutions enable employees to access corporate data from personal devices in a safe and secure manner increasing both employee satisfaction and utilization.

Security as a Selling Point

The savvy CIO can go a step further and create a case for how deployment of new age security solutions can actually add value by and give the organization an edge in its marketing campaign. This is especially true for organizations wherein information security is paramount as is the case with financial institutions. Here, the organizations dedication to the highest level of information security can be worked into the corporate marketing campaign thereby instilling customer confidence. The main purpose of any new IT procurement is always to drive business and profitability. Like all expenditures, security investments require fact-based justification to gain traction in the boardroom. By highlighting the numerous advantages of increased security spending, CIOs transform the perception of security from that of an operations overhead to a key business enabler.

By Stephan Berner. Managing director at help AG



You have no rights to post comments