Bang-for-buck is less about cost and more about strategic fit and operational value when it comes to email security
Overnight digital transformations in the wake of COVID-19 are pushing organizations to the brink of what their infrastructure can handle. In the case of large enterprises, with thousands of employees and offices around the world, actions as simple as sending an email can quickly become overwhelming – requiring new hardware, software and the IT staff to run it all. Consequentially, many organizations have had to rapidly upgrade and evaluate new technologies, in a cost-driven manner, to help bridge the gaps.
Yet, a new study by Echoworx reveals a disconnect between the immediate rewards of low initial price tags to actual long-term value amid growing security breaches and brand distrust. While cost remains a primary driver behind the decision-making process for information security shoppers, there is an alarming lack of other factors contributing to ultimate assessments of value.
Meeting immediate business requirements is tempting for organizations operating under time constraints – it’s human nature. But focusing evaluation criteria for data protection on cost and business compliance, often results in adopting solutions that meet a narrow checklist of requirements or immediate needs. Theoretically this approach ensures the organization can maintain compliance, with minimal impact to their bottom lines, while preserving their ability to compete in their new digital world.
But it is not that simple.
Adopting a checklist strategy for protecting data sent through email does not anticipate unexpected turns or developments down the road. Regulations, or other security demands, are known to change without warning – suddenly adding more boxes needing to be checked off. While a low-price tag might create initial attraction to a security solution, organizations need to ensure it is flexible enough to accommodate new demands and the impact it can have on innovation and their strategic vision.
Introduced in the spring of 2018, the General Data Protection Regulation (GDPR) of the EU, for example, revolutionized the way organizations were able to capture, store and exchange the personal digital data of the citizens of affected European nations. Yet, less than a year later, in January 2019, Denmark introduced more literal interpretations of the new GDPR, making encryption mandatory for all sensitive data overnight – including data sent in emails. For organizations not set up to accommodate this new Danish development, conducting business in Denmark became incredibly difficult.
More than 50 per cent of CIOs from banks and insurers operate their IT environments in a cost-inefficient way, according to Gartner’s cost value matrix. Another report by Forrester found that cost is, by far, the highest consideration of decision-makers shopping for an email security solution. But respondent also touched on other considerations seemingly unrelated to cost, with unquantifiable benefits, like customer impact, listed as important determining factors. This suggests that the actual business value of email protection is not set solely by the lowest possible initial investment – and is instead a value-for-money equation.
And this value equation can be played out in various scenarios.
According to Siddharth Deshpande, former-Research Director at Gartner, organizations continue to see the additional value brought by security solutions – in addition to the security they provide. “Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business,” says Deshpande, as reported by Forbes.
If the solution is chosen on account of cost, without consideration being paid to a mix of business needs, the result may meet the tactical requirements set by IT but could be detrimental to the business on account of a poor or overly rigid customer experience, for example.
We need to remember that any digital tool on the market is designed to replace a clunky offline process – email data protection tools are no exception. Decision-makers need to keep business use cases top-of-mind when shopping for email security tools that help with digital transformations. Cost means nothing if a tool does not do what it’s supposed to do or proves detrimental to business flow.
A bank, for example, might need to send millions of secure financial statements to their customers at the end of each month. While this might normally be done using post, requiring reams of paper and expensive postage, an email data protection solution can enable them to send digital copies to customers faster and at substantially lower costs. Checkbox marked. But the true cost-efficiency is only realized if the same solution can handle the intensive demands and mass distribution of virtually unlimited encrypted documents – not hinder it.
And our new digital world appears to be here to stay, with 74 per cent of CFOs toying with the idea of increasing remote work capabilities after the current global pandemic passes. While others, like Twitter, already publicly stating, “If our employees are in a role and situation that enables them to work from home and they want to continue to do so forever, we will make that happen.” But ensuring that these workers can do all their work from home, requires security. Analysts are predicting further investment into IT solutions to accommodate this increased demand for remote work.
Initial costs of an email data protection solution can be misleading if their business value over time is not considered. If the technology is effective at adapting to various business use cases and securing vulnerabilities, without detrimental impacts to customer experience, initial monetary investment can quickly become irrelevant.
Even a higher initial investment into encryption technology can be offset by less investments into maintenance, hardware, or software upgrades. This can lead to substantially shorter payback periods and allows for valuable IT resources to be allocated to other projects.
Further supplementary cost savings can also work over a period to make the solution more valuable. A more valuable security tool, for example, might grant access for users to self-help resources or access to third-party specialists to help navigate any user confusion. Mitigating the costs of email related help desk queries alone can save organizations hundreds of thousands of dollars.
An investment in email data protection, based on stakeholder needs and strategic fit, will lead organizations into value-for-money.