Over the past several months, we’ve explored the concept of epic fails in data security in multiple ways.
In January, we reviewed five avoidable fails we see clients experience frequently, highlighting issues such as compliance-centric security, lack of centralized data security and an inadequate focus on data activity monitoring.
A few months later, we examined three data security pitfalls, such as lacking comprehensive discovery and classification capabilities and failing to integrate your data security solution with other security tools, in the context of the upcoming General Data Protection Regulation (GDPR) deadline. Clearly, achieving nirvana in data security is an elusive goal with many obstacles along the way.
The Data Security Dilemma
As security professionals, the importance of data security is thrust into our consciousness on a daily basis due to the evolving threat landscape, the increasingly complex regulatory environment and the centrality of critical data to business success. As noted in IBM’s 2018 X-Force Threat Intelligence Index, challenges such as insider threats are on the rise, and placing security controls closer to the data itself can help combat both inadvertent and malicious insiders.
Upcoming regulations in the European Union (EU) and beyond are also bringing the importance of data security to light. While many teams are deep in the throes of gearing up for compliance readiness, it’s important to note that even after certain enforcement deadlines pass, organizations will need to demonstrate continuation of compliance for years to come. In other words, the journey doesn’t end when enforcement begins.
Finally, data itself is critical to enabling business success. In fact, The Economist recently touted data as “the world’s most valuable resource” — i.e., the new oil.
Quantifying the ROI of Your Data Security Solutions
Data security is crucial to the digital enterprise, and it is also incredibly challenging. Part of what makes this such a tough nut to crack is the dynamic, distributed and in-demand nature of data itself. Data is extremely difficult to control because it’s constantly changing, multiplying, moving and being transmitted via new avenues. In addition, it needs to be readily available at all times and accessible in many different formats. This is why many organizations recommend adopting a zero trust approach to data security, which places controls as close to the data as possible.
As organizations strive to improve their data security posture, they’ll need to approach the challenge from a people, programs and technology solutions perspective. This brings to light yet another epic fail that organizations might encounter on the technology solutions side: failing to quantify the benefits their data security solution brings to the enterprise.
As with any enterprise software purchase, your team should be able to clearly identify the areas in which your data security solution has impacted the organization and how that translates into monetary value. Questions you should ask include:
- Are we getting a full return on investment (ROI)?
- How long is the payback period?
- Is the solution really helping us reach the goals we set out to achieve?
- Do we have a trusted relationship with our security vendor?
The Total Economic Impact of Guardium
To help clients understand how to answer these questions, IBM recently commissioned Forrester Consulting to conduct a Total Economic Impact (TEI) study that examined the potential ROI enterprises can realize by deploying IBM Security Guardium as part of their overall enterprise data security and compliance strategy.
As part of this process, Forrester interviewed several existing Guardium clients who had faced a multitude of data security and compliance challenges prior to implementing Guardium, including:
- The need to meet regulatory and compliance requirements;
- The need to respond to an increased focus on security, compliance and data privacy strategy within the organization;
- The desire to become more proactive rather than reactive in the security space;
- The requirement to extend data security controls across a wider variety of environments and platforms;
- The need to leverage automation more effectively; and
- The desire to move beyond compliance and become truly secure.
Based on the interviews, Forrester constructed a TEI framework, a composite company and an associated ROI analysis that illustrated the areas that were financially affected. At the conclusion of the study, the firm concluded that Guardium helped clients address the challenges listed above and brought significant benefits to the organizations overall.
By implementing Guardium, the companies referenced in the study saw eye-popping results, such as:
- A 343 percent ROI;
- $3.3 million in overall benefits; and
- A payback period of less than six months.
These results are based on the composite organization Forrester created by compiling the interviews it conducted with multiple clients. As your organization explores data security solutions and how they might impact the enterprise, you should consider these metrics as well.
Curious to learn more about the TEI of Guardium and how to quantify the results your data security solution enables? Read the Forrester Total Economic Impact study of IBM Security Guardium.