enterprisesecuritymag

Combating Organizational Financial Risks

By Cris Luce, CMO/CTO, Accuro AgriServices

Cris Luce, CMO/CTO, Accuro AgriServices

The modern world is defined, in large part, by electronic communication and the massive storage and exchange of digital information. While the Internet and other systems allow companies to operate on a global basis and enable geographically dispersed groups to come together, communicate more easily, and expand the potential for commerce, these systems in their present implementations are lacking in user privacy and security. As a result, individuals and enterprises alike are consistently vulnerable to privacy invasions and information theft. In mission-critical applications, such as government and military operations, transportation, large network operators, healthcare and more, the consequences of privacy and security breaches can be colossal and catastrophic.

Time and again, at alarming frequency, we hear of security breaches and the theft of information from national retailers, credit card companies and government agencies. The vulnerability is real, the potential consequences are frightening, and the citizens of our country—and the world—are crying out for a solution.

Application, Governance and Infrastructure departments provide enterprises with access to global markets and intra-office communications logic and policies. These departments are responsible for devising, building and deploying next-generation infrastructure and applications that are stable, secure and scalable for a global footprint, while always maintaining a technological competitive edge. To accomplish all this, these departments must consider, research, and analyze the entire universe of technology vendors and the competitive markets. This ever-growing universe can include state-of-the-art hardware; tools for virtualization, database, data security and governance associated with privacy and regulatory technologies; and compliance mandates throughout the network and its processes. Additionally, these departments are responsible for developing and maintaining a company’s matrix for Cost-of-Deployment to ensure competitive market superiority regarding customer usage, deployment costs and return-on-investment ratios.

Value at Risk (VaR) is a statistical technique used to measure and quantify the level of financial risk within a firm or investment portfolio over a specific time frame. VaR should also be used to roll out and manage technical environments that support a business’s ultimate goals.

"The vulnerability is real, the potential consequences are frightening, and the citizens of our country—and the world—are crying out for a solution"

When creating a new environment (such as an app, infrastructure, etc.) from scratch or taking control of existing architecture, it’s important to identify the VaR, Loss of Reputation, Loss of Productivity and Loss of Revenue values that could be impacted by these technologies.

Organizations today, both large and small, struggle with the ability to apply the correct amount of resources to identify these crucial insight metrics. At the same time, Boards of Directors sometime struggle with understanding why the Chief Information Security Officer, Chief Data Officer, Chief Technologist and/or Chief Information Officer should be applying resources to obtaining said metrics at all.

The answer is simple.

Our world today is layered with immediate, persistent, sometimes dormant threats. It’s difficult to collect all the relevant data, let alone wrap your head around it. If the aforementioned officers don’t take the time to understand these metrics, their organizations will always be reacting—never directing the architectures outcomes. Existing in constant reactive mode will continually demand last second and most likely band aid approaches to secure and protect a company’s brand and digital assets. That can get expensive on many levels.

The reality is, today’s enterprises must implement technology that ensures their environment is secure, scalable, and provides ongoing stability. All three of those issues are absolutely critical to protecting the positive reputation of your brand. It doesn’t take a scientist to figure out that, if your brand has a major Loss of Reputation due to a breach, outage or other technology incident, customers, employees and shareholders all lose—and repairing the damage can be far costlier than proactively avoiding the disaster in the first place.

Not only must businesses invest in the right applications, but also invest in protecting them and the infrastructure on which they’re hosted. When multiple mission-critical applications are involved, multiply that scrutiny and effort as needed.

Even when brands overcome a reputation loss, a data breach or outage can result in significant productivity losses—which trigger lower profits for companies and decreased loyalty by shareholders. Not sure how to calculate the financial impact of compromised productivity on your company? The math is simple: add up the annual salaries for all your employees and divide by 2,000 hours (assuming that you provide your employees two weeks of vacation per year). The resulting number is the dollar figure of one hour of lost labor alone. Nine times out of 10, this amount will fund whatever tech project you’re looking to justify. Add lost revenue into the equation, and you can consider your project funded by any solid CEO and Board.

By not identifying the overall Value at Risk, entire operations—and everything they stand for—can be lost.

The solution? Stop letting network architects select servers. Stop letting server architects select networking equipment. Stop letting application architects select servers. And, for the love of God, please stop letting a financial analyst determine the budget for enterprise architecture on which a brand’s mission and objective ultimately hinge. Do not judge the value of risk scrutiny by how much it costs to implement. Consider instead what it will cost your brand to analyze risks poorly—or not at all.

I’m sure many of you have heard that an underfunded start-up is one of the worst situations to be in. If not, take my word for it—I’ve been part of two that had all the talent, creativity and passion, yet lacked the resources to meet objectives and get to market. The same can be said of an organization that tries to penny-pinch the security, stability and scalability of enterprise applications and architecture. When they do, the investors who dedicate their money— and the employees who dedicate their time, loyalty and expertise—pay the price.

Your brand has a mission. Identify that mission and then consider how important it is to have technology that’s “always on,” “always available,” and “always secure” for your customers and all those who are making your promise to the marketplace a reality.