May 1, 2018 By Grace Murphy 3 min read

Over the past several months, we’ve explored the concept of epic fails in data security in multiple ways.

In January, we reviewed five avoidable fails we see clients experience frequently, highlighting issues such as compliance-centric security, lack of centralized data security and an inadequate focus on data activity monitoring.

A few months later, we examined three data security pitfalls, such as lacking comprehensive discovery and classification capabilities and failing to integrate your data security solution with other security tools, in the context of the upcoming General Data Protection Regulation (GDPR) deadline. Clearly, achieving nirvana in data security is an elusive goal with many obstacles along the way.

The Data Security Dilemma

As security professionals, the importance of data security is thrust into our consciousness on a daily basis due to the evolving threat landscape, the increasingly complex regulatory environment and the centrality of critical data to business success. As noted in IBM’s 2018 X-Force Threat Intelligence Index, challenges such as insider threats are on the rise, and placing security controls closer to the data itself can help combat both inadvertent and malicious insiders.

Upcoming regulations in the European Union (EU) and beyond are also bringing the importance of data security to light. While many teams are deep in the throes of gearing up for compliance readiness, it’s important to note that even after certain enforcement deadlines pass, organizations will need to demonstrate continuation of compliance for years to come. In other words, the journey doesn’t end when enforcement begins.

Finally, data itself is critical to enabling business success. In fact, The Economist recently touted data as “the world’s most valuable resource” — i.e., the new oil.

Quantifying the ROI of Your Data Security Solutions

Data security is crucial to the digital enterprise, and it is also incredibly challenging. Part of what makes this such a tough nut to crack is the dynamic, distributed and in-demand nature of data itself. Data is extremely difficult to control because it’s constantly changing, multiplying, moving and being transmitted via new avenues. In addition, it needs to be readily available at all times and accessible in many different formats. This is why many organizations recommend adopting a zero trust approach to data security, which places controls as close to the data as possible.

As organizations strive to improve their data security posture, they’ll need to approach the challenge from a people, programs and technology solutions perspective. This brings to light yet another epic fail that organizations might encounter on the technology solutions side: failing to quantify the benefits their data security solution brings to the enterprise.

As with any enterprise software purchase, your team should be able to clearly identify the areas in which your data security solution has impacted the organization and how that translates into monetary value. Questions you should ask include:

  • Are we getting a full return on investment (ROI)?
  • How long is the payback period?
  • Is the solution really helping us reach the goals we set out to achieve?
  • Do we have a trusted relationship with our security vendor?

The Total Economic Impact of Guardium

To help clients understand how to answer these questions, IBM recently commissioned Forrester Consulting to conduct a Total Economic Impact (TEI) study that examined the potential ROI enterprises can realize by deploying IBM Security Guardium as part of their overall enterprise data security and compliance strategy.

As part of this process, Forrester interviewed several existing Guardium clients who had faced a multitude of data security and compliance challenges prior to implementing Guardium, including:

  • The need to meet regulatory and compliance requirements;
  • The need to respond to an increased focus on security, compliance and data privacy strategy within the organization;
  • The desire to become more proactive rather than reactive in the security space;
  • The requirement to extend data security controls across a wider variety of environments and platforms;
  • The need to leverage automation more effectively; and
  • The desire to move beyond compliance and become truly secure.


Based on the interviews, Forrester constructed a TEI framework, a composite company and an associated ROI analysis that illustrated the areas that were financially affected. At the conclusion of the study, the firm concluded that Guardium helped clients address the challenges listed above and brought significant benefits to the organizations overall.

By implementing Guardium, the companies referenced in the study saw eye-popping results, such as:

  • A 343 percent ROI;
  • $3.3 million in overall benefits; and
  • A payback period of less than six months.

These results are based on the composite organization Forrester created by compiling the interviews it conducted with multiple clients. As your organization explores data security solutions and how they might impact the enterprise, you should consider these metrics as well.

Curious to learn more about the TEI of Guardium and how to quantify the results your data security solution enables? Read the Forrester Total Economic Impact study of IBM Security Guardium.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today