The Network Security “Tax”: From Cost Center to Business Advantage

Now that tax season is upon us, I thought it’d be appropriate to talk about the “tax” of security solutions. The cost of security is not insignificant when it comes to protecting the overall network environment and it’s often viewed as a cost center. Spend, spend, spend with little to no return – or at least any perceived return.

But a cost center-centric view of network security is short-sighted. One challenge we deal with is IT and security pros not fully understanding the business benefits of their initiatives, as well as failing to communicate what they are doing in security to upper management and how the outcomes contribute value to the organization.

Interestingly, a recent survey conducted by AlgoSec “The State of Automation in Security” validated this observation. It found that there is a major disconnect between C-Level execs and their security staff and showed that senior management do not fully understand daily challenges faced by their staff. So when network security solutions are viewed as a “tax” rather than a valuable investment for the organization, they’re often not implemented properly (or at all) and “lack of budget” is often the excuse/scapegoat.

Ultimately investing in network security solutions will not only strengthen your security posture (and help you avoid breach and loss of reputation costs) it will also directly support your business and save you money – by being able to push business applications into production faster and having more uptime, by taking advantage of the cloud, by streamlining the auditing and compliance process, and even by taking over some of the manual and mundane tasks your overloaded security staff are doing – which ultimately frees them up to… support your business.

Taxes in the general sense are mostly viewed negatively. In our context, however, the network security tax should be seen as a positive. A well-run security program adds enormous business benefits and competitive advantages. So choose to embrace the network security “tax” and work it into the overall business budget – perhaps including sales and marketing dollars like I’ve seen some organizations do. Savvy business leaders and IT/security professionals alike should view their security initiatives as investments that, when managed wisely, contribute way more than they cost.