I recently published a series of blog posts on ?3 compelling business reasons for...
In these posts, I advocated the need for business cases to clearly demonstrate how the solution meets one or more of the ?3 compelling business reasons? to invest.
?
How does the solution:
- Increase or defend our revenue?
- Reduce our operating costs and risk??
- Improve our capabilities?
The ?3 compelling business reasons? work really well for end-user capability initiatives, such as mobility, cloud and big data, where the impact can be observed directly. For example, ?deploying the mobile ordering application to our customer base has increased our sales by xx%? or ?moving our applications to the cloud has reduced our capital costs by yy%.?
?
However, security is more of a hygiene factor. It sits there, it does its job and nobody notices. That is until something goes wrong. When it does, only then can you see the impact:
?
- Reduced revenue as customer confidence is lost
- Increased cost as you pay to clear up the mess
- Lost capability as everything is locked-down until the full extent of the damage is understood
?
Constructing a business case based on ?what might happen? is hard, particularly if you are trying to estimate the impact of something that may never happen.
?
Perhaps the best way to construct a business case is around business reason #3 - ?improve our capability,? Think about what ?good enterprise security solutions? will enable, as well as what it will prevent. It will enable you to go mobile; it will enable you to move to the cloud, it will enable you to harness big data and much more.
?
The answer to the question ?could security be a standalone business case?? is YES, but it will be much more powerful if you can link it to the capability aspiration of the business. Thus, the benefits resulting from the end-user initiatives can also be indirectly attributed to your security business case. If you take this approach, you need to ensure that there is an explicit link to the security business case as an ?enabling assumption? from the other end-user business cases, i.e., you can?t have one without the other.
?
The blog post by Daniel Dorr titled ?What you can learn from the way revenue leaders handle enterprise security? contains a good example of linking strong security to revenue growth.
?
In simple terms, it goes something like this - ?if you do not have adequate security, the business will not be able to deploy mobility, cloud and big data solutions, etc., and therefore the associated benefits of those initiatives will be lost.?
?
So, what happens if you just want to build security into end-user initiatives? Well you can, but I would be worried about the impact of creating security silos (watch the video) in terms of limiting innovation opportunities and increasing security threats.
?
This post is part of the Knowledge Matters series. Visit HP Applications Services blog to read other Knowledge Matters posts.
?
?
ESPYs 2012 venus williams Freeh Report direct tv wimbledon ray allen Savages
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন