Security Program Controls/Technologies, SOC

Security Operations Spending: Can You Calculate ROI?

Author: Jon Oltsik
Author: Jon Oltsik

ESG recently surveyed 412 cybersecurity and IT professionals asking a number of questions about their organization’s security analytics and operations. Overall, security operations are quite difficult, many organizations complain about too many manual processes, too many disconnected point tools, and a real shortage of the right skills. These issues can lead to lengthy incident detection and response cycles or worse yet, damaging data breaches. Just ask Equifax.

The data indicates that organizations know they have problems and are willing to address them. For example, 33% say that their spending on security operations will increase significantly while another 49% indicate that their security operations spending will increase somewhat.

While security operations spending will increase, however, it’s worth noting that 30% of cybersec pros say that their biggest security operations challenge is the total cost of ownership. What does this mean? CISOs are willingly spending millions of dollars on security operations but getting marginal security efficacy and poor operational efficiency.

As the ESG data points out, business executives are more than willing to throw money at security operations problems, but they will demand that CISOs present them with all types of metrics demonstrating that increased investment is actually leading to improved results like improving the time needed for incident detection and response.

Bolstering these metrics won’t be easy but, based upon ESG research, CISOs can make progress by:

  • Creating a SOAPA integration plan. Leading CISOs are actively consolidating security technologies, eliminating vendors, and building a security operations and analytics platform architecture to unify detection and response tools across a common architecture.
  • Pushing for process automation and orchestration. Even well-resourced security teams can’t keep up with the scale and complexity of today’s threat landscape. Progressive organizations are using automation and orchestration for use cases like investigations, threat hunting, and automated remediation to accelerate processes.
  • Unifying security and IT operations teams. Too often these teams have different goals and compensation, and use diverse sets of tools in pursuit of their organizational mission. CIOs and CISOs are getting together to tear down walls between these groups while SOAPA enables disparate groups to share data, prioritize tasks, and automate remediation actions.
  • Adopting advanced analytics. Amidst all of the industry hype, there is true innovation happening in areas like artificial intelligence and machine learning. CISOs should carefully research these technologies, determine which analytics tools fit their organization’s skills and strength, and embrace pilot projects.

As CISOs move forward with these initiatives, they should continuously determine how to measure and report incremental and ongoing advancement they achieve with risk management, security efficacy, and operational efficiency. Successful CISOs will be the ones who can demonstrate and communicate real and honest progress anytime they are asked to do so.

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. Read more ESG blogs here.