IT managers do not believe that Return on Investment (ROI) addresses the real benefits of information security technologies – preventing data loss, theft or corruption before it happens, according to new research.
Instead many think that using the measurement of Return on Prevention (RoP) will offer a greater chance of making the business case for investing in security measures.
The research was carried out by the Ponemon Institute and sponsored by mobile firm Vodafone UK and F-Secure and looked to determine the best technologies, controls and IT practices that represent the greatest prevention value when used to stop corporate information being stolen, lost or corrupted.
Antivirus and antimalware products as well as dedicated smartphone security platforms were listed as the technologies that provide the greatest RoP when looking to secure mobile workers. IT managers also said that so policy enforcement tools, user education and clear security policies are also an important factor, the survey found.
The problem with this, according to the research, is that it takes a continual investment in both technology and training to keep the mobile infrastructure secure, something that is hard to justify at board level.
"Time and again our research finds that security and data protection activities are both under-funded and under-staffed, but this study shows that an investment in preventative technology can make a difference by helping companies avoid costs associated with data loss," says Dr Larry Ponemon, chairman and founder, Ponemon Institute.
"Because expenditures must be justified to pass budget approval hurdles, we believe our RoP model can help make it easier for IT and IT security practitioners to make the business case for acquiring enabling security technologies and related control activities," Ponemon continued.
"Corporate information is vitally important, no matter what device or application is being used to access it," says Brian Burton, head of IT security, Vodafone UK. "While much work has been done over the years to secure corporate networks, the need to be able to work flexibly and remotely whilst being able to access corporate systems on mobile devices such as smartphones and laptops has opened a whole new front in the battle to keep information secure."