In Depth

How to Build a Better Business Case for Security Investments

The best business case is one built and presented by the business.

By Derek Slater

So together, Burgess's and Schaeffler's groups built the business case. And before they presented it to the Strategic Investment Committee, they put the idea through its paces by garnering feedback from a working team that included the IS department and business- side representatives from across Comerica's broad geographical reach (the company operates in the United States, plus Canada and Mexico).

Satisfied that the proposal would stand up to scrutiny, Burgess presented the purchase not as an infrastructural investment but as a revenue generator. If signing up new customers becomes easier, it stands to reason that you'll sign up more customers. In fact, Comerica set out to actively market its increased security, issuing press releases and serving as a customer reference for Cyber-Ark.

Two more key points in the business case: First, because the solution was easy to manage on an administrative level, the business operations side took over that task, rather than the IS group. That makes for a lower overall cost of support, Burgess says, since IT manpower is typically more specialized, and therefore more expensive, than the average operational employee. Second, according to Vowels, other business units, in addition to Burgess's treasury group, can also benefit from the software, because it's fairly simple for more Comerica units to drop information into the same client vault. That means more ROI is possible (though not guaranteed) without significantly increasing the original investment.

It goes to show that the best business case is one built, and presented, by the business.

Other stories by Derek Slater

• Email
• Print
• Comments
• Digg This
• SlashDot

• How to Change People's Minds
• How to Keep Tabs on Technology
• How to Market the Security Group
• How to Serve Multiple Masters
• How to Talk to the Board of Directors