Everywhere I look I see links talking about ROI and let our tool show you how we can get you more ROI. Well, what is ROI? I get that ROI stands for Return on Investment and that it defines what monetary value this product will give you or save you for purchasing said product. Well, that is great when the ROI tool is designed by the person trying to sell you the product. I have some swamp land in Florida at discount prices if you are interested.
Seriously though, how can you show true ROI on a security product when the reason to purchase the product is to limit your risk of losing money through losing critical data, being DOS’d or having your competitors get your secret formula for that super secret project you are working on? You are purchasing the product to alleviate risk, some of which is unknown. It is very difficult to show true ROI because it is an unknown quantity. How much will you be fined for losing those 1,000,000 customer accounts? How much is your next product worth if you get it out before the competitors do? It is easier to build a case if you know what you are protecting and why.
When the reason to buy security is specifically ROI you are buying it for the wrong reason. Yes you do want to show that your purchase saved you countless headaches and hours or days of work when you are trying to recover from an incident.
It just seems like people want to “buy” security but don’t care if they are actually securing their networks and endpoints or have secure practices in place.
When you start looking to secure your network don’t settle for some fancy ROI chart. Look at how it will affect your infrastructure and make sure that it actually works. If you don’t, then I still have that swampland for sale at a low, low price.
