Organizations striving to improve their security posture often find this a multi-faceted challenge. In addition to the security product evaluation itself, security budgets are tight and justification is a necessary step. Financial language, however, is not everyone’s forte – and fiscal presentation on theoretical improvements, spoken to (typically) non-cyber aware leadership teams, can lead to stress and frustration.
Balance sheets, net present value, labor costs, and ROI calculations can be a foreign language to security professionals who are used to the daily discussion of hash collisions, CVEs, IoC vs IoA, 256-bit ECDH keys, or challenges with detecting C&C traffic in DNS.
Data security product selection requires the same financial due diligence as any cybersecurity project. In some cases more so, since the concept is not as familiar as perimeter and endpoint technologies. Questions like “what is it” and “how will it help” must be met with patient delivery and clear data points.
There is a path forward for those looking to introduce data security technology into their architecture. Last month, Forrester Research published The Total Economic Impact of Imperva Data Protection, a financial report that provides the aggregated viewpoint of five Imperva customers, presented as a single company. Challenges, solutions, impact, terminology, and assumptions are clearly laid out with a rich appendix with calculations. The presentation is digestible and, since it was written by a well-regarded research organization, credible and defensible.
How can you use the Total Economic Impact report to help?
If you are an IT security manager that is looking to introduce data security toolsets, here are three ways you can use the report to simplify the process.
Firstly, leverage the corporate challenges. These are summaries from actual customers – the challenges they faced and the resultant value data security provides. These include a lack of readily available and constructive analytics and increasing costly licensing and storage costs. It’s likely your organization has similar challenges.
Secondly, use the information to accelerate budget justification presentations. Leverage the data within the tables as a starting point for your own evaluations, and modify the values as required (for example, salaries or the number of servers protected). Reviewing the content will help you in your own calculations, and is pre-formatted in language that financial teams want to see.
Lastly, use the report to build success criteria for evaluations. How? Let’s step back a moment. Most organizations I work with require multiple competitive evaluations prior to making the purchase decision. Their list starts with multiple technologies, including the incumbent. It doesn’t take long to reduce the list down to two. The requirements listed in the report are a useful starting point for your own evaluation because they are built from real feedback from actual organizations.
Capturing corporate challenges, building financial presentations and developing success criteria is time-consuming work. The report is a useful tool with broad value that can be used to make it as efficient as possible. As always, please reach out to us with any questions!
To learn more about Imperva’s approach to data protection, please contact your Imperva Account Representative.
The post The cost of data security – it’s not just about the numbers appeared first on Blog.
*** This is a Security Bloggers Network syndicated blog from Blog authored by Jason Pappalexis. Read the original post at: https://www.imperva.com/blog/the-cost-of-data-security-its-not-just-about-the-numbers/