So we came up with Value Protection,” Larson says. “You spend time and capital on security so that you don’t allow the erosion of existing growth or prevent new growth from taking root. The number-one challenge for us is not the ability to deploy the next, greatest technology. That’s there. What we need to do now is quantify the value to the business of deploying those technologies.”That seems like a pretty good elevator pitch to sceptical executives.
Value Made Visible How American Water’s Bruce Larson uses a simple metric to build bridges with business partners and justify security spending at the same time, By Scott Berinato CSOonline.com, April 2006
Personally, I always thought security was about protection; what else would it be? (Well, several things else, but I’ll come to that.)
If you think of it in analogy to insurance, it’s clear: insurance doesn’t bring in new sales either, nor increase efficiency.
Of course, either insurance or security can increase efficiency in the case when something bad actually happens, by making the effects less bad (paying for replacement in the case of insurance, or prevention in the case of security).
But that’s not how people usually think of efficiency.
And either insurance or security can help bring in sales. Would you rather ride in an insured taxi or one without? Would you rather use a bonded electrician or one without? Would you rather let an insured online financial house handle your money, or one without?
But that’s not how people usually think of sales.
So Larson came up with a simple formula:
Value Protection = Normal Operations Cost ($) – Event Impact ($) / Normal Operations Cost ($)Simple enough for the average executive to remember.
VP = (N – E)/N
“Then,” Larson says, “I bring it up [with the CEO, CFO and other executives] as something from me and the business process owner.” Co-ownership, he says, is a nonnegotiable prerequisite for using the Value Protection metric.He doesn’t say that otherwise the CxOs won’t buy it because they think it’s just IT trying to get more money. But if the customer says it’s needed, well then….
PS: This article was pointed out to me by Wendy Nather.