Security Data Analytics and Reporting: Business Expectations and value - Part 1
SDAR: Overview, shed light on how it’s crucial that IT security teams prove their effectiveness and how SDAR helps them do this.. In this article, you will learn about the expectations that businesses and their stakeholders have of technology, and how security teams help make sure these expectations are met. There will be a companion series to specifically focus on business benefits, building the Business Case, planning, comparison between different approaches and more.
Overview
Business has certain expectations of IT and security and they expect both teams to prove their value to the business. When these expectations are met, the technology adds value to the business. Organizations use score cards to determine whether a program/commitment is producing tangible benefits and delivering on its promises to the associated shareholders and stakeholders.
Expectations vs Value
The business sets their expectations for the use of technology through its overall business strategy or organizational goals. These are expanded further by the technology department and its security functions, who develop their own strategy or departmental goals. Delivering on these goals would satisfy the business expectations (benefits realization), but when the IT department or security function exceeds the expectations, they add further value to the business.
For example, if a consumer expects a certain app to provide them with directions to a specific coffee shop, they will see value in that app upon completion of that specific task. However, the same app can add even more value by highlighting similar coffee shops which are even closer to where the consumer is.
Figure 01: Business expectations, realization and value-add.
Similarly, business expectations are realized when the business sees that the organizational cybersecurity risks have been reduced to an acceptable state. They see added value when the security function quantitatively provides the assurance that the business’ technology is secure.
Business expectations from the use of technology
Every business exists to add value to its target consumer or to other businesses, through products or services. This process, in turn, generates money for the business and, when well-managed, produces profits for shareholders and benefits the stakeholders. In the information age, the expectations of the business from the technology are simple:
Provide the means to digitally run the business
provide sufficient usability
Deliver expected functionality (or business services) within the acceptable availability, reliability and performance.
Figure 02: Business expectations from IT
All of these expectations must be delivered securely to the business. If the technology and security is not acceptable to the business in delivering business services to its clients at a reasonable cost and usability, it affects the business and the technology/security will be replaced.
Conclusion
There are several distinct people and entities that are connected to an organization, each of which have their own unique expectations of the business. These same stakeholders also expect a convenient and secure experience when they interact with the business’ technology.
In the next article, you will learn about the expectations that businesses have of their security.