The Ponemon Institute announced today the results of its independent Return on Prevention Study. Sponsored by Vodafone UK and F-Secure, the research looked to determine the best technologies, controls and IT practices that yield the greatest prevention value when used to stop corporate information being stolen, lost or corrupted.
The findings show that Return on Investment (ROI) doesn’t address the real benefits of information security technologies, which are to prevent data loss, theft or corruption before it happens. By using the measurement of Return on Prevention (RoP), IT and security professionals will find it easier to make the business case for investing in security measures.
“Corporate information is vitally important, no matter what device or application is being used to access it,” said Brian Burton, Head of IT Security, Vodafone UK. “While much work has been done over the years to secure corporate networks, the need to be able to work flexibly and remotely whilst being able to access corporate systems on mobile devices such as smartphones and laptops has opened a whole new front in the battle to keep information secure.
“This study has shown that security professionals need to be able to create, distribute and manage security platforms across a range of devices and applications to prevent data loss and enable secure mobile working, without compromising productivity.”
The study also showed that security professionals believe the technologies that provide the greatest RoP for enabling secure mobile working are anti-virus and anti-malware solutions and smartphone security solutions. Additionally, they know that it is difficult to rely purely on user behaviour alone, and so policy enforcement tools are key.
The study also recognised that user education and clear security policies are often just as important as security technologies in preventing breaches. This means a continual investment in both technology and training, both of which are hard to justify at a board level.
“Time and again our research finds that security and data protection activities are both under-funded and under-staffed, but this study shows that an investment in preventative technology can make a difference by helping companies avoid costs associated with data loss,” said Dr Larry Ponemon, chairman and founder, Ponemon Institute. “Because expenditures must be justified to pass budget approval hurdles, we believe our RoP model can help make it easier for IT and IT security practitioners to make the business case for acquiring enabling security technologies and related control activities.”