Measuring the ROI of Security Change Management

Let’s face it – it’s very difficult to measure the return on investment (ROI) of most security products. In fact, many argue that as with insurance policies, most security technologies deliver a negative ROI to the individual purchaser.

This of course does not mean that organizations shouldn’t invest in security. As with insurance, we continue to invest in security to protect ourselves from the consequences of suffering a breach. (And in this day and age, a security breach seems to be a much more common occurrence compared to an earthquake or a fire…)

But as mentioned, this is true for most security products. Security Firewall change management products such as FireFlow are unique in their ability to deliver measurable ROI quickly, often in less than a year.

Having gone through numerous ROI exercises with customers, we are very happy to offer an ROI calculator for security change management. This calculator can help you quantify the savings for your organization, and is based on actual results we have seen in FireFlow deployments. (Some customers even let us bring a stopwatch and measure the time required for each step of the change workflow before and after FireFlow is in place!)

So where do the savings come from? The major building blocks are listed below. For those who are interested in a more detailed look, you can register for a customized ROI report that also includes investment information.

• Automation – By analyzing the firewall rulesets, the network topology, and your corporate security policy, FireFlow can save more than 50% of the time required to process a firewall change. From automatically pinpointing the exact devices that need to be changed, to proactively assessing the risk and designing the change in the most optimal way. With AlgoSec’s ActiveChange technology, administrators can also automatically execute the change on the firewall and save even more time.
• Accuracy – As much as 30% of requested firewall changes are not required, and many others are implemented incorrectly. FireFlow can automatically identify and close “already works” requests, and also ensure changes are performed exactly as requested.
• Auditing – In order to meet regulatory and internal security requirements, IT find themselves spending a lot of time ensuring each change is properly documented to address any questions an auditor may have. FireFlow maintains detailed history of every step of every change request and saves precious time. It even identifies changes that were performed without a formal request.

Automating security change management is not just about ensuring your devices are properly configured to improve security, it also saves you money, and lots of it!